@RISK: The Consensus Security Vulnerability Alert

Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)

Widely Deployed Software

• (1) HIGH: QuickTime Player Streaming Debug Error Logging Buffer Overflow
• (2) HIGH: Mozilla Firefox Plugin Parameter Reference Remote Code Execution Vulnerability
• (3) HIGH: Google Chrome Multiple Vulnerabilities

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)

Other Microsoft Products

• 10.31.1 - Microsoft Outlook Web Access for Exchange Server 2003 Cross-Site Request Forgery Issue
• 10.31.2 - Audio Workstation ".pls" File Remote Buffer Overflow Issue
• 10.31.3 - Microsoft Internet Explorer Frame Border Property Buffer Overflow

Third Party Windows Apps

• 10.31.4 - AIMP ".pls" File Remote Stack Buffer Overflow Issue
• 10.31.5 - Image22 ActiveX "DrawIcon()" Method Buffer Overflow Issue
• 10.31.6 - Corel Presentations X5 ".shw" File Processing Remote Buffer Overflow
• 10.31.7 - HP Insight Control Power Management Unspecified Local Security Bypass
• 10.31.8 - HP Insight Software Installer for Windows Unauthorized Data Access

Mac Os

• 10.31.9 - Apple Mac OS X WebDAV Kernel Extension Local Denial of Service Issue

Linux

• 10.31.10 - Linux Kernel Btrfs Overwrite Append Only Files Local Security Bypass Issue
• 10.31.11 - Linux Kernel CIFS DNS Lookup Cache Poisoning
• 10.31.12 - libvirt Multiple Local Security Bypass Vulnerabilities

Solaris

• 10.31.13 - Oracle Solaris Studio Local

Unix

• 10.31.14 - Dovecot Access Control List (ACL) Plugin Security Bypass Weakness

Cross Platform

• 10.31.15 - HP OpenView Network Node Manager Unspecified Code Execution Issue
• 10.31.16 - mlmmj (Mailing List Managing Made Joyful) Directory Traversal
• 10.31.17 - Mozilla Firefox and SeaMonkey Plugin Parameters Buffer Overflow
• 10.31.18 - RSA Federated Identity Manager URI Redirection Issue
• 10.31.19 - MapServer Buffer Overflow and Unspecified Security Vulnerabilities
• 10.31.20 - Mozilla Foundation Security Advisory (MFSA 2010 34 - MFSA 2010 48)
• 10.31.21 - Qt "QTextEngine::LayoutData::reallocate()" Memory Corruption Issue
• 10.31.22 - Pidgin "X-Status" Message Denial of Service Issue
• 10.31.23 - Apple Safari Personal Address Book AutoFill Information Disclosure Weakness
• 10.31.24 - EllisLab CodeIgniter "Upload.php" Arbitrary File Upload Issue
• 10.31.25 - Git "gitdir" Remote Buffer Overflow
• 10.31.26 - BRLTTY Runtime Library Search Path Local Privilege Escalation Issue
• 10.31.27 - Corel WordPerfect Office X5 ".wpd" File Processing Remote Buffer Overflow Issue
• 10.31.28 - NuralStorm Webmail Multiple Security Issues
• 10.31.29 - HP Insight Orchestration Unspecified Security Bypass Issue
• 10.31.30 - t-prot "--max-lines" Option Denial of Service
• 10.31.31 - XWork "ParameterInterceptor" Class OGNL Security Bypass
• 11.2.0.1. - Oracle Network Layer Remote Issue
• 10.31.33 - iputils "ping.c" Remote Denial of Service Issue
• 10.31.34 - libmikmod Multiple Buffer Overflow Vulnerabilities
• 10.31.35 - IBM Java UTF8 Byte Sequences Security Bypass Issue
• 10.31.36 - Opera "opera:config" Security Bypass Issue
• 10.31.37 - Mozilla Firefox Plugin Parameter Reference Remote Code Execution
• 10.31.38 - Symantec Antivirus Corporate Ed. Alert Management Service Remote Privilege Escalation
• 10.31.39 - Apple QuickTime "QuickTimeStreaming.qtx" Remote Stack Buffer Overflow
• 10.31.40 - Apache HTTP Server Multiple Remote Denial of Service Issues
• 10.31.41 - sSMTP "standardize()" Buffer Overflow Issue
• 10.31.42 - Media Player Classic ".m3u" File Remote Heap Buffer Overflow
• 10.31.43 - Google Chrome Multiple Security Vulnerabilities
• 10.31.44 - Autonomy KeyView Filter Module Multiple Memory Corruption Vulnerabilities
• 10.31.45 - Wing FTP Server Denial of Service Vulnerability and Information Disclosure
• 10.31.46 - PHP Multiple Vulnerabilities
• 10.31.47 - JBoss Seam Parameterized EL Expressions Remote Code Execution

Web Application - Cross Site Scripting

• 10.31.48 - Axon Virtual PBX "logon" Multiple Cross-Site Scripting Issues
• 10.31.49 - Piwigo "comments.php" Multiple Cross-Site Scripting Issues
• 10.31.50 - CSSTidy "css_optimiser.php" Cross-Site Scripting
• 10.31.51 - HP Virtual Connect Enterprise Manager Unspecified Cross-Site Scripting
• 10.31.52 - Diem Multiple Cross-Site Scripting Issues
• 10.31.53 - PacketFence "Login.php" Cross-Site Scripting
• 10.31.54 - SAP NetWeaver System Landscape Directory Multiple Cross-Site Scripting Vulnerabilities
• 10.31.55 - Active Business Directory "searchadvance.asp" Cross-Site Scripting
• 10.31.56 - Event Horizon "modfile.php" Multiple Cross-Site Scripting Issues

Web Application - SQL Injection

• 10.31.57 - FrontAccounting Multiple SQL Injection Vulnerabilities
• 10.31.58 - xbtit "index.php" SQL Injection
• 10.31.59 - MyKazaam Address & Contact Organizer "contacts.php" SQL Injection
• 10.31.60 - Drumbeat CMS "index02.php" SQL Injection
• 10.31.61 - PhotoPost PHP "index.php" SQL Injection Issue
• 10.31.62 - Freeway "ecPath" Parameter SQL Injection Issue

Web Application

• 10.31.63 - phpMyBackupPro "get_file.php" Directory Traversal Issue
• 10.31.64 - RapidLeech Arbitrary File Upload
• 10.31.65 - vBulletin FAQ Unspecified Security Issue
• 10.31.66 - Kide Shoutbox Remote File Include and HTML Injection Vulnerabilities
• 10.31.67 - SAPID Shop "get_tree.inc.php" Remote File Include Issue
• 10.31.68 - CMS Made Simple Download Manager Module Arbitrary File Upload
• 10.31.69 - AJ Article Multiple HTML Injection Issues
• 10.31.70 - LILDBI "uploader.php" Remote File Upload Issue
• 10.31.71 - Open-Realty "title" Parameter HTML Injection
• 10.31.72 - SyndeoCMS Multiple HTML Injection Vulnerabilities

PART I Critical Vulnerabilities

Part I for this issue has been compiled by Josh Bronson at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 31, 2010

Comprehensive List of Newly Discovered Vulnerabilitis from Qualys (www.qualys.com) This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 9778 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

• 10.31.1 - CVE: Not Available
• Platform: Other Microsoft Products
• Title: Microsoft Outlook Web Access for Exchange Server 2003 Cross-Site Request Forgery Issue
• Description: Microsoft Outlook Web Access for Exchange Server 2003 is an application designed to integrate with Microsoft Exchange Server to provide secure web-based access to email. The application is exposed to a cross-site request forgery issue.
• Ref: http://www.securityfocus.com/bid/41843/references

• 10.31.2 - CVE: Not Available
• Platform: Other Microsoft Products
• Title: Audio Workstation ".pls" File Remote Buffer Overflow Issue
• Description: Audio Workstation is a media player for the Windows operating system. Audio Workstation is exposed to a remote buffer overflow issue because it fails to perform adequate checks on user-supplied input. Audio Workstation version 6.4.2.4.0 is affected.
• Ref: http://www.securityfocus.com/bid/41906

• 10.31.3 - CVE: Not Available
• Platform: Other Microsoft Products
• Title: Microsoft Internet Explorer Frame Border Property Buffer Overflow
• Description: Microsoft Internet Explorer is a web browser for the Windows operating system. Internet Explorer is exposed to a buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. Internet Explorer versions 6 and 7 are affected.
• Ref: http://www.securityfocus.com/bid/41990

• 10.31.4 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: AIMP ".pls" File Remote Stack Buffer Overflow Issue
• Description: AIMP is a multimedia player available for Microsoft Windows. The application is exposed to a remote stack-based buffer overflow issue because it fails to perform adequate checks on user-supplied input. Specifically, this issue occurs when opening a specially crafted ".pls" playlist file that contains excessive data. AIMP version 2.51 Build 330 is affected.
• Ref: http://www.securityfocus.com/bid/41857/references

• 10.31.5 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: Image22 ActiveX "DrawIcon()" Method Buffer Overflow Issue
• Description: Image22 ActiveX is an application to create images for Microsoft Windows. The application is exposed to a buffer overflow issue because it fails to properly bounds check user-supplied data before copying it into an insufficiently sized memory buffer. The issue affects the "DrawIcon()" method of the ActiveX control identified by CLSID: 1DC09FDF-2EF8-4CE9-ADEA-4D6A98A2F779. Image22 ActiveX version 1.1.1 is affected.
• Ref: http://www.securityfocus.com/bid/41547

• 10.31.6 - CVE: Not Available15.0.0.357 is affected.
• Platform: Third Party Windows Apps
• Title: Corel Presentations X5 ".shw" File Processing Remote Buffer Overflow
• Description: Corel Presentations X5 is a component of the WordPerfect Office suite of applications. The application is exposed to a remote buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. Corel Presentations X5 version
• Ref: http://www.securityfocus.com/bid/41556

• 10.31.7 - CVE: CVE-2010-1966
• Platform: Third Party Windows Apps
• Title: HP Insight Control Power Management Unspecified Local Security Bypass
• Description: HP Insight Control is a computer management interface. HP Insight Control Power Management for Windows is exposed to an unspecified local security bypass issue that allows attackers to bypass security restrictions and perform unauthorized actions. HP Insight Control Power Management for Windows versions prior to 6.1 are affected.
• Ref: http://www.securityfocus.com/bid/41578

• 10.31.8 - CVE: CVE-2010-1967, CVE-2010-1968
• Platform: Third Party Windows Apps
• Title: HP Insight Software Installer for Windows Unauthorized Data Access
• Description: HP Insight Software Installer for Windows is an application for setting up Insight management tools. The application is exposed to a security issue that can allow local attackers to access data without authorization. Insight Software Installer for Windows versions prior to 6.1 are affected.
• Ref: http://www.securityfocus.com/bid/41586

• 10.31.9 - CVE: CVE-2010-1794
• Platform: Mac Os
• Title: Apple Mac OS X WebDAV Kernel Extension Local Denial of Service Issue
• Description: WebDAV is a set of extensions to the Hypertext Transfer Protocol that allows for remote editing and managing of files. Apple Mac OS X WebDAV kernel extension is exposed to a local denial of service issue because the "webdav_mount()" function fails to properly handle requests to mount a WebDAV share passed through the "pa_socket_namelen" field.
• Ref: http://www.securityfocus.com/archive/1/512642

• 10.31.10 - CVE: Not Available
• Platform: Linux
• Title: Linux Kernel Btrfs Overwrite Append Only Files Local Security Bypass Issue
• Description: The Linux Kernel is exposed to a security bypass issue that affects the Btrfs filesystem implementation. Specifically, this issue affects the "btrfs_ioctl_clone()" function in the "fs/btrfs/ioctl.c" source file. The BTRFS_IOC_CLONE and BTRFS_IOC_CLONE_RANGE IOCTLs fail to properly verify if a donor file is designated as "append-only" before writing to it.
• Ref: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=
  2ebc3464781ad24474abcbd2274e6254689853b5

• 10.31.11 - CVE: CVE-2010-2524
• Platform: Linux
• Title: Linux Kernel CIFS DNS Lookup Cache Poisoning
• Description: Linux Kernel is exposed to a cache poisoning issue that occurs in the CIFS DNS resolver implementation because it fails to properly restrict access to the keyring that stores lookup results. Linux Kernel versions prior to 2.6.35-rc6 are affected.
• Ref: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=
  4c0c03ca54f72fdd5912516ad0a23ec5cf01bda7

• 10.31.12 - CVE: CVE-2010-2237, CVE-2010-2238, CVE-2010-2239,CVE-2010-2242
• Platform: Linux
• Title: libvirt Multiple Local Security Bypass Vulnerabilities
• Description: The "libvirt" library is used to interact with the virtualization capabilities of recent versions of Linux. The application is exposed to multiple local security bypass issues.
• Ref: http://www.securityfocus.com/bid/41981

• 10.31.13 - CVE: CVE-2010-2374
• Platform: Solaris
• Title: Oracle Solaris Studio Local
• Description: Oracle Solaris Studio is exposed to a local issue. Oracle Solaris Studio supported version 12 update 1 is affected.
• Ref: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul20
  10.html

• 10.31.14 - CVE: Not Available
• Platform: Unix
• Title: Dovecot Access Control List (ACL) Plugin Security Bypass Weakness
• Description: Dovecot is a mail server available for UNIX and Linux platforms. Dovecot is exposed to a security bypass weakness because INBOX Access Control Lists could be used as the default for new mailboxes. Dovecot versions prior to 1.2.13 are affected.
• Ref: http://www.securityfocus.com/bid/41964

• 10.31.15 - CVE: CVE-2010-2703, CVE-2010-2704
• Platform: Cross Platform
• Title: HP OpenView Network Node Manager Unspecified Code Execution Issue
• Description: HP OpenView Network Node Manager (NNM) is a fault management application for IP networks. NNM is exposed to an unspecified remote code execution issue. HP OpenView Network Node Manager versions 7.51 and 7.53 are affected.
• Ref: http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02286088

• 10.31.16 - CVE: CVE-2009-4896
• Platform: Cross Platform
• Title: mlmmj (Mailing List Managing Made Joyful) Directory Traversal
• Description: mlmmj (Mailing List Managing Made Joyful) is a mailing list application. The application is exposed to a directory traversal issue because the mailing list manager fails to sufficiently validate a user's request originating from the administrator web interface.
• Ref: http://www.securityfocus.com/bid/41841

• 10.31.17 - CVE: CVE-2010-1214
• Platform: Cross Platform
• Title: Mozilla Firefox and SeaMonkey Plugin Parameters Buffer Overflow
• Description: Firefox is a web browser. SeaMonkey is a suite of applications that includes a browser and an email client. Firefox and SeaMonkey are exposed to a buffer overflow issue because they fail to properly bounds check user-supplied input before using it in an insufficiently sized buffer.
• Ref: http://www.zerodayinitiative.com/advisories/ZDI-10-132/

• 10.31.18 - CVE: Not Available
• Platform: Cross Platform
• Title: RSA Federated Identity Manager URI Redirection Issue
• Description: RSA Federated Identity Manager is an identity management application. The application is exposed to a URI redirection issue because the application fails to properly sanitize user-supplied input. RSA Federated Identity Manager versions 4.0 and 4.1 are affected.
• Ref: http://www.securityfocus.com/bid/41850/references

• 10.31.19 - CVE: Not Available
• Platform: Cross Platform
• Title: MapServer Buffer Overflow and Unspecified Security Vulnerabilities
• Description: MapServer is a development environment for building spatially enabled internet applications. MapServer is exposed to multiple remote issues. A buffer overflow issue affects the "msTempFile()" function when the "ForcedTmpBase" parameter is used. An unspecified security issue affects the applications CGI command line debug arguments. MapServer versions prior to 5.6.4 are affected.
• Ref: http://trac.osgeo.org/mapserver/ticket/3485

• 10.31.20 - CVE: CVE-2010-0654, CVE-2010-1205, CVE-2010-1207,CVE-2010-1210, CVE-2010-1211, CVE-2010-1212, CVE-2010-1213,CVE-2010-1215, CVE-2010-2751, CVE-2010-2752, CVE-2010-2753,CVE-2010-2754
• Platform: Cross Platform
• Title: Mozilla Foundation Security Advisory (MFSA 2010 34 - MFSA 2010 48)
• Description: Firefox is a browser; SeaMonkey is a suite of applications that includes a browser and an email client; Thunderbird is an email client. All three applications are available for multiple platforms. Mozilla Firefox, Thunderbird, and SeaMonkey are exposed to multiple security issue. Firefox versions prior to 3.5.11 and 3.6.7; SeaMonkey versions prior to 2.0.6; and Thunderbird versions prior to 3.0.6 and 3.1.1 are affected.
• Ref: http://www.mozilla.org/security/announce/

• 10.31.21 - CVE: Not Available
• Platform: Cross Platform
• Title: Qt "QTextEngine::LayoutData::reallocate()" Memory Corruption Issue
• Description: Qt is a cross platform application development framework for GUI programs. Qt is exposed to a remote memory corruption issue that occurs in the "QTextEngine::LayoutData::reallocate()" function of the "src/gui/text/qtextengine.cpp" file.
• Ref: http://www.securityfocus.com/bid/41873/references

• 10.31.22 - CVE: CVE-2010-2528
• Platform: Cross Platform
• Title: Pidgin "X-Status" Message Denial of Service Issue
• Description: Pidgin is a multi platform instant messaging client that supports multiple messaging protocols. Pidgin is exposed to a denial of service issue because it fails to properly process user-supplied input. Pidgin versions prior to 2.7.2 are affected.
• Ref: http://www.pidgin.im/news/security/index.php?id=47

• 10.31.23 - CVE: Not Available
• Platform: Cross Platform
• Title: Apple Safari Personal Address Book AutoFill Information Disclosure Weakness
• Description: Apple Safari is a web browser available for Mac OS X and Microsoft Windows. Safari is exposed to an information disclosure issue that occurs because the AutoFill feature, enabled by default, uses data from the personal address book card. Safari version 5.0 is affected.
• Ref: http://jeremiahgrossman.blogspot.com/2010/07/i-know-who-your-name-where-you-work
  -and.html

• 10.31.24 - CVE: Not Available
• Platform: Cross Platform
• Title: EllisLab CodeIgniter "Upload.php" Arbitrary File Upload Issue
• Description: EllisLab CodeIgniter is a development application. The application is exposed to an arbitrary file upload issue because it fails to properly sanitize user-supplied input. EllisLab CodeIgniter version 1.7.1 is affected.
• Ref: http://www.securityfocus.com/bid/41886

• 10.31.25 - CVE: Not Available
• Platform: Cross Platform
• Title: Git "gitdir" Remote Buffer Overflow
• Description: Git is an open source application for version control. The application is exposed to a remote buffer overflow issue because it fails to perform adequate checks on user-supplied input. Specifically, the issue can be triggered with an overly long "gitdir" value inside a specially crafted ".git" working copy. Git version 1.5.6 is affected.
• Ref: http://git.kernel.org/?p=git/git.git;a=commitdiff;h=3c9d0414ed2db0167e6c828b547b
  e8fc9f88fccc

• 10.31.26 - CVE: CVE-2008-3279
• Platform: Cross Platform
• Title: BRLTTY Runtime Library Search Path Local Privilege Escalation Issue
• Description: BRLTTY is a background daemon application for users using a Braille keyboard. BRLTTY is exposed to a local privilege escalation issue. This issue occurs because an insecure relative runtime library search path is set in the Executable and Linking Format header.
• Ref: http://www.securityfocus.com/bid/39097/references

• 10.31.27 - CVE: Not Available
• Platform: Cross Platform
• Title: Corel WordPerfect Office X5 ".wpd" File Processing Remote Buffer Overflow Issue
• Description: Corel WordPerfect Office X5 is a suite of office applications. The application is exposed to a remote buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. Corel WordPerfect Office X5 version 15.0.0.357 is affected.
• Ref: http://www.securityfocus.com/bid/41553

• 10.31.28 - CVE: Not Available
• Platform: Cross Platform
• Title: NuralStorm Webmail Multiple Security Issues
• Description: NuralStorm Webmail is a PHP-based e-mail client. The application is exposed to multiple security issues. Webmail version 0.985b is affected.
• Ref: http://www.securityfocus.com/bid/41559

• 10.31.29 - CVE: CVE-2010-1965
• Platform: Cross Platform
• Title: HP Insight Orchestration Unspecified Security Bypass Issue
• Description: HP Insight Orchestration is an extension to HP Insight Dynamics. The application is exposed to an unspecified security bypass issue that allows attackers to bypass security restrictions. HP Insight Orchestration versions prior to 6.1 are affected.
• Ref: http://www.securityfocus.com/bid/41574

• 10.31.30 - CVE: CVE-2009-4404
• Platform: Cross Platform
• Title: t-prot "--max-lines" Option Denial of Service
• Description: t-prot (TOFU Protection) is an email filter. t-prot is exposed to a denial of service issue due to an unspecified error related to the "--max-lines" option. t-prot versions prior to 2.8 are affected.
• Ref: http://freshmeat.net/projects/t-prot/releases/309781

• 10.31.31 - CVE: CVE-2010-1870
• Platform: Cross Platform
• Title: XWork "ParameterInterceptor" Class OGNL Security Bypass
• Description: XWork is a command pattern framework used in Apache Struts 2 and other applications. XWork is exposed to a security bypass issue because it fails to adequately handle user-supplied input. Specifically, the application permits attackers to bypass protection mechanisms built into the "ParameterInterceptor" class with OGNL expressions.
• Ref: http://confluence.atlassian.com/display/FISHEYE/FishEye+Security+Advisory+2010-0
  6-16

• 11.2.0.1. - CVE: CVE-2010-090010.2.0.4, and
• Platform: Cross Platform
• Title: Oracle Network Layer Remote Issue
• Description: Oracle Network Layer is exposed to an unspecified remote issue. The issue can be exploited over the "Oracle Net" protocol. The following supported versions are affected: 9.2.0.8, 10.1.0.5,
• Ref: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul20
  10.html

• 10.31.33 - CVE: CVE-2010-2529
• Platform: Cross Platform
• Title: iputils "ping.c" Remote Denial of Service Issue
• Description: iputils is a set of small useful utilities for Linux networking. The application is affected by a remote denial of service issue in the "ping.c" file when responding to a malicious "echo" reply packet.
• Ref: http://www.securityfocus.com/bid/41911

• 10.31.34 - CVE: Not Available
• Platform: Cross Platform
• Title: libmikmod Multiple Buffer Overflow Vulnerabilities
• Description: The "libmikmod"module is a sound library used for playing audio files. The library is exposed to multiple security issues that attackers may exploit to cause heap-based buffer overflows.
• Ref: https://bugzilla.redhat.com/show_bug.cgi?id=614643#c11

• 10.31.35 - CVE: Not Available
• Platform: Cross Platform
• Title: IBM Java UTF8 Byte Sequences Security Bypass Issue
• Description: IBM Java is exposed to a security bypass issue because it fails to properly sanitize user-supplied input. Specifically, IBM Java skips illegal UTF8 byte sequences and does not replace them with "uFFFD". IBM Java SDK versions prior to 1.4.2 SR13-FP6, Java SE 5.0.0-SR12, and Java SE 6.0.0-SR9 are affected.
• Ref: http://www.securityfocus.com/bid/41918

• 10.31.36 - CVE: Not Available
• Platform: Cross Platform
• Title: Opera "opera:config" Security Bypass Issue
• Description: Opera is a web browser available for various operating systems. Opera is exposed to a security bypass issue because it fails to adequately restrict access through "iframe" scripts. Opera versions prior to 9.20 are affected.
• Ref: http://www.securityfocus.com/bid/41927

• 10.31.37 - CVE: CVE-2010-2755
• Platform: Cross Platform
• Title: Mozilla Firefox Plugin Parameter Reference Remote Code Execution
• Description: Firefox is a web browser available for multiple platforms. Mozilla Firefox is exposed to a remote code execution issue. Specifically, memory holding properties of the plugin parameter array could be prematurely freed, allowing memory corruption. Firefox versions prior to 3.6.8 are affected.
• Ref: http://www.mozilla.org/security/announce/2010/mfsa2010-48.html

• 10.31.38 - CVE: Not Available
• Platform: Cross Platform
• Title: Symantec Antivirus Corporate Ed. Alert Management Service Remote Privilege Escalation
• Description: Symantec Antivirus Corporate Edition is a security application. The Alert Management Service (AMS2) is used to manage and report alerts. The application is exposed to a remote privilege escalation issue that affects the Intel Alert Handler service "hndlrsvc.exe", a component of AMS2. Symantec Antivirus Corporate Edition versions 10.1.8.8000 and earlier are affected.
• Ref: http://www.foofus.net/~spider/code/AMS2_072610.txt

• 10.31.39 - CVE: Not Available
• Platform: Cross Platform
• Title: Apple QuickTime "QuickTimeStreaming.qtx" Remote Stack Buffer Overflow
• Description: Apple QuickTime is a media player that supports multiple file formats. QuickTime is exposed to a stack-based buffer overflow issue in the "QuickTimeStreaming.qtx" library when constructing a string to write to a debug log file. QuickTime version 7.6.6 (1671) for Windows is affected.
• Ref: http://www.securityfocus.com/bid/41962

• 10.31.40 - CVE: CVE-2010-1452
• Platform: Cross Platform
• Title: Apache HTTP Server Multiple Remote Denial of Service Issues
• Description: Apache HTTP Server is exposed to multiple denial of service issues. Specifically, these issues occur because the "mod_dav" and "mod_cache" modules fail to properly handle requests without a path segment. Apache versions prior to 2.2.16 are affected.
• Ref: http://www.securityfocus.com/bid/41963

• 10.31.41 - CVE: Not Available
• Platform: Cross Platform
• Title: sSMTP "standardize()" Buffer Overflow Issue
• Description: sSMTP is a simple MTA (Mail Transport Agent) application. sSMTP is exposed to a remote buffer overflow issue because the application fails to perform adequate boundary checks on user-supplied data. sSMTP version 2.6.2 is affected.
• Ref: http://www.securityfocus.com/bid/41965

• 10.31.42 - CVE: Not Available
• Platform: Cross Platform
• Title: Media Player Classic ".m3u" File Remote Heap Buffer Overflow
• Description: Media Player Classic is a media player that supports multiple file formats. The application is exposed to a heap-based buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. Media Player Classic version 1.3.1333.0 is affected.
• Ref: http://www.securityfocus.com/bid/41972

• 10.31.43 - CVE: Not Available
• Platform: Cross Platform
• Title: Google Chrome Multiple Security Vulnerabilities
• Description: Google Chrome is a web browser for multiple platforms. The application is exposed to multiple issues. 1) An information disclosure issue in the layout code. 2) An unspecified security issue with large canvases. 3) A memory corruption issue in rendering code. 4) A memory corruption issue in SVG handling. 5) An unspecified security issue that occurs due to host name truncation and incorrect eliding. Chrome versions prior to 5.0.375.125 are affected.
• Ref: http://googlechromereleases.blogspot.com/2010/07/stable-channel-update_26.html

• 10.31.44 - CVE: CVE-2010-0126, CVE-2010-0133, CVE-2010-0134,CVE-2010-0135, CVE-2010-0131, CVE-2010-1524, CVE-2010-1525
• Platform: Cross Platform
• Title: Autonomy KeyView Filter Module Multiple Memory Corruption Vulnerabilities
• Description: Autonomy KeyView Filter is a component used in multiple applications. It adds high-speed filtering, high-fidelity viewing, and exporting of documents to web-ready HTML or valid XML. The application is exposed to multiple memory corruption issues because it fails to adequately validate user-supplied data.
• Ref: http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fi
  d=security_advisory&pvid=security_advisory&year=2010&suid=20100727_0
  1

• 10.31.45 - CVE: Not Available
• Platform: Cross Platform
• Title: Wing FTP Server Denial of Service Vulnerability and Information Disclosure
• Description: Wing FTP Server is an FTP server application. The application is exposed to multiple remote issues. 1) A denial of service issue that exists in the SSH implementation can be exploited to cause the service to shutdown. 2) An information disclosure issue that may allow attackers to access files outside their own root directory. Wing FTP Server versions prior to 3.6.1 are affected.
• Ref: http://www.wftpserver.com/serverhistory.htm

• 10.31.46 - CVE: CVE-2010-2531, CVE-2010-2484
• Platform: Cross Platform
• Title: PHP Multiple Vulnerabilities
• Description: PHP is a general-purpose scripting language that is especially suited for web development and can be embedded into HTML. PHP is exposed to multiple security issues. PHP versions Prior to 5.3.3 and 5.2.14 are affected.
• Ref: http://www.php.net/ChangeLog-5.php#5.3.3

• 10.31.47 - CVE: CVE-2010-1871
• Platform: Cross Platform
• Title: JBoss Seam Parameterized EL Expressions Remote Code Execution
• Description: JBoss Seam is a framework for developing web 2.0 applications. The application is exposed to a remote code execution issue because it fails to properly validate certain parameterized Expression Language (EL) expressions.
• Ref: https://bugzilla.redhat.com/show_bug.cgi?id=615956

• 10.31.48 - CVE: CVE-2009-4038
• Platform: Web Application - Cross Site Scripting
• Title: Axon Virtual PBX "logon" Multiple Cross-Site Scripting Issues
• Description: Axon is a virtual IP PBX for Windows. The application is exposed to multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied input to the "onok" and the "oncancel" parameters of the "logon" program. Axon versions 2.10 and 2.11 are affected.
• Ref: http://www.securityfocus.com/bid/41894

• 10.31.49 - CVE: CVE-2009-4039
• Platform: Web Application - Cross Site Scripting
• Title: Piwigo "comments.php" Multiple Cross-Site Scripting Issues
• Description: Piwigo is a PHP-based online photo gallery. The application is exposed to multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied input to the "keyword" and the "author" parameters of the "comments.php" script when the "since" parameter is not set. Piwigo version 2.0.5 is affected.
• Ref: http://www.westpoint.ltd.uk/advisories/wp-09-0011.txt

• 10.31.50 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: CSSTidy "css_optimiser.php" Cross-Site Scripting
• Description: CSSTidy is an opensource CSS parser and optimizer. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "url" parameter of the "css_optimiser.php" script. CSSTidy version 1.3 and ImpressCMS version 1.2.1 is affected.
• Ref: http://www.securityfocus.com/bid/41552

• 10.31.51 - CVE: CVE-2010-1969
• Platform: Web Application - Cross Site Scripting
• Title: HP Virtual Connect Enterprise Manager Unspecified Cross-Site Scripting
• Description: HP Virtual Connect Enterprise Manager is a web-based IT service management application. The application is exposed to an unspecified cross-site scripting issue because it fails to sanitize user-supplied input. HP Virtual Connect Enterprise Manager versions prior to 6.1 are affected.
• Ref: http://www.securityfocus.com/bid/41579

• 10.31.52 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: Diem Multiple Cross-Site Scripting Issues
• Description: Diem is a PHP-based content manager. The application is exposed to multiple cross-site scripting issues because it fails to properly sanitize user-supplied input. Diem version 5.1.2 is affected.
• Ref: http://www.securityfocus.com/bid/41587

• 10.31.53 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: PacketFence "Login.php" Cross-Site Scripting
• Description: PacketFence is a Network Access control (NAC) application. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "username" field of the "Login.php" script. PacketFence versions prior to 1.8.7 are affected.
• Ref: http://www.securityfocus.com/bid/41590

• 10.31.54 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: SAP NetWeaver System Landscape Directory Multiple Cross-Site Scripting Vulnerabilities
• Description: SAP NetWeaver is an integration platform for enterprise applications. The System Landscape Directory of SAP NetWeaver is exposed to multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied input. NetWeaver versions 6.4 through 7.02 are affected.
• Ref: http://www.securityfocus.com/archive/1/512585

• 10.31.55 - CVE: CVE-2009-4464
• Platform: Web Application - Cross Site Scripting
• Title: Active Business Directory "searchadvance.asp" Cross-Site Scripting
• Description: Active Business Directory is a web-based business directory software. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "search" parameter of the "searchadvance.asp" script. Active Business Directory version 2 is affected.
• Ref: http://activewebsoftwares.com/P37_ActiveBusinessDirectory.aspx

• 10.31.56 - CVE: CVE-2010-2854
• Platform: Web Application - Cross Site Scripting
• Title: Event Horizon "modfile.php" Multiple Cross-Site Scripting Issues
• Description: Event Horizon is a PHP-based application which facilitates the secure transfer of files. The application is exposed to multiple cross-site scripting issues because it fails to properly sanitize user-supplied input. Event Horizon version 1.1.10 is affected.
• Ref: http://freshmeat.net/projects/eventh/releases/319413

• 10.31.57 - CVE: CVE-2009-4037, CVE-2009-4045
• Platform: Web Application - SQL Injection
• Title: FrontAccounting Multiple SQL Injection Vulnerabilities
• Description: FrontAccounting is web-based accounting software. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied input. FrontAccounting versions prior to 2.1.7 and 2.2 RC are affected.
• Ref: http://frontaccounting.com/wb3/pages/posts/release-2.2-rc104.php

• 10.31.58 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: xbtit "index.php" SQL Injection
• Description: xbtit is a tracking system for BitTorrent. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "order" parameter of the "index.php" script before using it in an SQL query.
• Ref: http://www.securityfocus.com/bid/39074

• 10.31.59 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: MyKazaam Address & Contact Organizer "contacts.php" SQL Injection
• Description: MyKazaam Address & Contact Organizer is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "var1" parameter of the "address_book/contacts.php" script before using it in an SQL query.
• Ref: http://www.securityfocus.com/bid/41545

• 10.31.60 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Drumbeat CMS "index02.php" SQL Injection
• Description: The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "index02.php" script before using it in an SQL query. Drumbeat CMS version 1.0 is affected.
• Ref: http://www.securityfocus.com/bid/41582

• 10.31.61 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: PhotoPost PHP "index.php" SQL Injection Issue
• Description: PhotoPost PHP is a web-based photo gallery. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "cat" parameter of the "photopost/index.php" script before using it in an SQL query. PhotoPost PHP version 4.0 through 4.6 are affected.
• Ref: http://www.securityfocus.com/bid/41916

• 10.31.62 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Freeway "ecPath" Parameter SQL Injection Issue
• Description: Freeway is an open-source ecommerce application implemented in PHP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "ecPath" parameter of the "index.php" script before using it in an SQL query. Freeway version 1.4.3.210 is affected.
• Ref: http://www.securityfocus.com/bid/41960

• 10.31.63 - CVE: CVE-2009-4050
• Platform: Web Application
• Title: phpMyBackupPro "get_file.php" Directory Traversal Issue
• Description: phpMyBackupPro is a web-based MySQL backup application implemented in PHP. The application is exposed to a directory traversal issue because it fails to sufficiently sanitize user-supplied input to the "view" parameter of the "get_file.php" script before using it to read files. phpMyBackupPro version 2.1 is affected.
• Ref: http://www.securityfocus.com/bid/41863/references

• 10.31.64 - CVE: Not Available
• Platform: Web Application
• Title: RapidLeech Arbitrary File Upload
• Description: RapidLeech is a PHP-based server transfer script. The application is exposed to an issue that lets attackers upload arbitrary files because it fails to adequately validate file extensions and content types before uploading them onto the web server.
• Ref: http://www.securityfocus.com/bid/41838

• 10.31.65 - CVE: Not Available
• Platform: Web Application
• Title: vBulletin FAQ Unspecified Security Issue
• Description: vBulletin is a web-based forum application. vBulletin is exposed to an unspecified remote security issue that is related to the FAQ. vBulletin version 3.8.6 is affected.
• Ref: http://www.securityfocus.com/archive/1/512575

• 10.31.66 - CVE: Not Available
• Platform: Web Application
• Title: Kide Shoutbox Remote File Include and HTML Injection Vulnerabilities
• Description: Kide Shoutbox is a PHP-based content manager. The application is exposed to multiple input validation issues. 1) A remote file include issue that affects the "sPath" parameter of the "/include/prodler.class.php" script. 2) An HTML injection issue that affects the "shoutbox" field. Kide Shoutbox version 0.4.6 is affected.
• Ref: http://www.securityfocus.com/bid/41879

• 10.31.67 - CVE: Not Available
• Platform: Web Application
• Title: SAPID Shop "get_tree.inc.php" Remote File Include Issue
• Description: SAPID Shop is a PHP-based content manager. The application is exposed to a remote file include issue because it fails to properly sanitize user-supplied input to the "root_path" parameter of the "/usr/extensions/get_tree.inc.php" script. SAPID Shop version 1.3 and prior versions are affected.
• Ref: http://www.securityfocus.com/bid/41900

• 10.31.68 - CVE: Not Available
• Platform: Web Application
• Title: CMS Made Simple Download Manager Module Arbitrary File Upload
• Description: Download Manager is a module for the CMS Made Simple content manager. The Download Manager module is exposed to an issue that lets attackers upload arbitrary files because it fails to adequately sanitize user-supplied input before uploading it onto the web server. Download Manager version 1.4.1 is affected.
• Ref: http://www.securityfocus.com/bid/41564

• 10.31.69 - CVE: Not Available
• Platform: Web Application
• Title: AJ Article Multiple HTML Injection Issues
• Description: AJ Article is a knowledge base system. The application is exposed to multiple HTML injection issues because it fails to properly sanitize user-supplied input to an unspecified parameter in the profile section and the "title" parameter in the article submission section. AJ Article version 3.0 is affected.
• Ref: http://www.securityfocus.com/bid/41576

• 10.31.70 - CVE: Not Available
• Platform: Web Application
• Title: LILDBI "uploader.php" Remote File Upload Issue
• Description: LILDBI is a PHP-based content manager that follows the LILACS database. The application is exposed to a remote file upload issue. The issue occurs because the application fails to adequately sanitize user-supplied input before uploading files to the "e/admin/uploader.php" script. LILDBI version 1.2 is affected.
• Ref: http://www.securityfocus.com/bid/41909

• 10.31.71 - CVE: Not Available
• Platform: Web Application
• Title: Open-Realty "title" Parameter HTML Injection
• Description: Open-Realty is a web-based real estate listing management application. The application is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input to the "title" parameter before using it in dynamically generated content.
• Ref: http://www.securityfocus.com/bid/41947

• 10.31.72 - CVE: Not Available
• Platform: Web Application
• Title: SyndeoCMS Multiple HTML Injection Vulnerabilities
• Description: SyndeoCMS is a PHP-based content manager. The application is exposed to multiple HTML injection issues because it fails to properly sanitize user-supplied input. SyndeoCMS version 2.9.0 is affected.
• Ref: http://www.securityfocus.com/archive/1/512660

(c) 2010. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge by the SANS Institute to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.