Last day to save $500 for SANS San Diego 2013

@RISK: The Consensus Security Vulnerability Alert

Volume: IX, Issue: 32
August 5, 2010

SANS Newsletters Home

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Platform Number of Updates and Vulnerabilities
    • - ------------------------ -------------------------------------
    • Windows
    • 1
    • Third Party Windows Apps
    • 11
    • Linux
    • 2
    • Unix
    • 1
    • Novell
    • 1
    • Cross Platform
    • 31 (#1,#2,#3)
    • Web Application - Cross Site Scripting
    • 17
    • Web Application - SQL Injection
    • 26
    • Web Application
    • 34
    • Network Device
    • 2

**************************** Sponsored By SANS ****************************

Almost unheard of ten years ago, electronic discovery is today chewing up IT resources - equipment, services and staff time. Recognizing that many electronic records such as e-mail, spreadsheets and text messages might some day be demanded in a lawsuit or freedom-of-information request, what policy should your enterprise adopt for retaining and destroying electronic records? Find out at the: SANS WhatWorks: Legal Issues and PCI Compliance in Information Security Summit 2010 http://www.sans.org/info/63168

***************************************************************************

TRAINING UPDATE - - -- SANS Virginia Beach 2010, August 29-September 3, 2010 9 courses. Bonus evening presentations include Future Trends in Network Security http://www.sans.org/virginia-beach-2010/ - - -- SANS Network Security 2010, Las Vegas, September 19-27, 2010 40 courses. Bonus evening presentations include The Return of Command Line Kung Fu and Cyberwar or Business as Usual? The State of US Federal CyberSecurity Initiatives http://www.sans.org/network-security-2010/ - - -- SOS: SANS October Singapore, October 4-11, 2010 7 courses http://www.sans.org/singapore-sos-2010/ - - -- Looking for training in your own community? http://sans.org/community/ Save on On-Demand training (30 full courses) - See samples at http://www.sans.org/ondemand/discounts.php#current Plus Washington DC, Portland, London, Dubai and Bangalore all in the next 90 days. For a list of all upcoming events, on-line and live: http://www.sans.org/index.php

*************************************************************************

Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Windows
Third Party Windows Apps
Linux
Unix
Novell
Cross Platform
Web Application - Cross Site Scripting
Web Application - SQL Injection
Web Application
Network Device
PART I Critical Vulnerabilities

Critical Vulnerabilities Part I for this issue has been compiled by Josh Bronson at TippingPoint, a division of HP, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software
  • (1) HIGH: Adobe Acrobat and Reader Font Parsing Remote Code Execution Vulnerability
  • Affected:
    • Adobe Reader 9.3.3 and prior
    • Adobe Acrobat 9.3.3 and prior
    • Adobe Reader 8.2.3 and prior
    • Acrobat 8.2.3 and prior

  • Description: Adobe Acrobat and Reader are susceptible to an integer overflow error. By enticing the user to download and view a malicious PDF, an attacker can exploit this vulnerability in order to execute arbitrary code. The specific error is due to an error in Reader's code to parse TrueType fonts.

  • Status: vendor not confirmed, updates not available

  • References:
  • (2) HIGH: Apple iOS Security Bypass and PDF File Processing Vulnerability
  • Affected:
    • iOS versions 4.0.1 and prior

  • Description: Apple iPhone's iOS is susceptible to vulnerabilities that allow the execution of arbitrary code with escalated privileges. The first vulnerability is due to an error in the way iOS loads certain fonts within PDF files. The second vulnerability, which exists in the kernel, allows for privilege escalation. By enticing the target to download and view the file, an attacker can exploit these vulnerabilities in order to inject code be run with privileges sufficient to jail break the iPhone; in fact, these particular vulnerabilities have been already used for that purpose. Apple is aware of the issue and reportedly prepared to release a patch for the vulnerability, which could easily be used maliciously.

  • Status: vendor confirmed, updates not available

  • References:
  • (3) HIGH: Apple Webkit SVG Multiple Vulnerabilities
  • Affected:
    • Apple Safari prior to 5.0.1
    • Apple Safari prior to 4.1.1

  • Description: Apple WebKit is a browser engine used in popular web browsers, including Apple Safari and Google Chrome. Apple has recently patched two code-execution vulnerabilies in WebKit. The first vulnerability is related to WebKit's handling of the CSS first-letter style. Under certain circumstances, the application of this style can lead to memory corruption and code execution. The second vulnerability is related to WebKit's handling of a particular SVG tag, which, under certain circumstances, can lead to memory corruption and code execution. Other memory corruption vulnerabilities exist due to WebKit's handling element focus, inline elements, dynamic modifications to text nodes, floating elements in SVG documents, 'use' and 'font-face' elements in SVG documents, JavaScript string objects, just-in-time compiled JavaScript stubs, JavaScript arrays, and regular expressions.

  • Status: vendor confirmed, updates available

  • References:
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 32, 2010

Comprehensive List of Newly Discovered Vulnerabilitis from Qualys (www.qualys.com <http://www.qualys.com> <http://www.qualys.com> This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 9795 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

  • 10.32.1 - CVE: Not Available
  • Platform: Windows
  • Title: Microsoft DirectX DirectPlay Multiple Denial Of Service Issue
  • Description: Microsoft DirectX is a multimedia API for Microsoft Windows. DirectPlay is a component of DirectX that provides a network protocol designed for multi-player computer games. The DirectPlay component of DirectX is exposed to multiple denial of service issues. Specifically, the issue occurs when handling certain crafted packets.
  • Ref: http://www.securityfocus.com/bid/41794
  • 10.32.2 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Haihaisoft PDF Reader ActiveX Control "URL()" Method Buffer Overflow
  • Description: Haihaisoft PDF Reader is an application for Microsoft Windows. The application is exposed to a buffer overflow issue because it fails to properly bounds check user-supplied data before copying it into an insufficiently sized memory buffer. Haihaisoft PDF Reader version 1.1.2.0 is affected.
  • Ref: http://support.microsoft.com/kb/240797
  • 10.32.3 - CVE: CVE-2009-3837
  • Platform: Third Party Windows Apps
  • Title: Eureka Email "ERR" Remote Stack Buffer Overflow Issue
  • Description: Eureka Email is an email client for Microsoft Windows. The client is exposed to a remote stack-based buffer overflow issue because it fails to perform adequate boundary checks on server supplied data. Specifically, when the application handles a specially crafted error message, a stack overflow can occur. Eureka Email version 2.2q is affected.
  • Ref: http://www.securityfocus.com/bid/41812
  • 10.32.4 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Xenorate Media Player ".xpl" File Stack Buffer Overflow
  • Description: Xenorate is a multimedia player for Microsoft Windows. The application is exposed to a stack-based buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. Specifically, this issue occurs when opening specially crafted ".xpl" files. Xenorate Media Player version 2.50.0.0 is affected.
  • Ref: http://www.securityfocus.com/bid/41815
  • 10.32.5 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: QQ Player Multiple Buffer Overflow Issue
  • Description: QQ Player is a media player available for Microsoft Windows. The application is exposed to multiple buffer overflow issues because it fails to perform adequate checks on user supplied input. QQ Player version 2.3.696.400 is affected.
  • Ref: http://www.securityfocus.com/bid/41836
  • 10.32.6 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Mthree Development MP3 to WAV Decoder ".mp3" File Remote Buffer Overflow Issue
  • Description: MP3 to WAV Decoder is a media decoder for the Windows operating system. The application is exposed to a remote stack-based buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input.
  • Ref: http://www.securityfocus.com/bid/41912
  • 10.32.7 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Xion Audio Player ".m3u" File Buffer Overflow
  • Description: Xion Audio Player is a multimedia player available for Microsoft Windows. The application is exposed to a buffer overflow issue because it fails to perform adequate checks on user-supplied input. Xion Audio Player version 1.0 build 121 is affected.
  • Ref: http://www.securityfocus.com/bid/41931
  • 10.32.8 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: SMRKsoft Remote Files Insecure Default Directory Permissions Privilege Escalation
  • Description: SMRKsoft Remote Files is a web server for Microsoft Windows. The application is exposed to a local privilege escalation issue because it sets default permissions on the installation directory in an insecure manner. Remote Files Server Edition 2.4.2 and My Remote Files 2.4.2 are vulnerable; other versions may also be affected.
  • Ref: http://www.securityfocus.com/bid/41971
  • 10.32.9 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: GetMySystem BarCodeWiz BarcodeWiz.dll ActiveX Control Remote Buffer Overflow
  • Description: GetMySystem BarCodeWiz is an ActiveX control for creating barcodes. BarCodeWiz ActiveX control is exposed to a buffer overflow issue because it fails to sufficiently bounds check user-supplied input before copying it to an insufficiently sized memory buffer. BarCodeWiz version 3.29 is affected.
  • Ref: http://www.securityfocus.com/bid/42097
  • 10.32.10 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: TurboFTP Directory Traversal Issue
  • Description: TurboFTP is an FTP client program for Microsoft Windows. The application is exposed to a directory traversal issue because it fails to sufficiently sanitize directory traversal strings from user-supplied input. Specifically, this issue can be exploited by enticing an unsuspecting user into downloading a directory that contains specially crafted files from a malicious FTP server. TurboFTP version 6.30.810 is affected.
  • Ref: http://www.securityfocus.com/bid/42118
  • 10.32.11 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: 32bit FTP Client Directory Traversal
  • Description: 32bit FTP Client is an FTP client program for Microsoft Windows. The application is exposed to a directory traversal issue because it fails to sufficiently sanitize directory traversal strings from user-supplied input. 32bit FTP Client version 10.08.01 is affected.
  • Ref: http://www.htbridge.ch/advisory/directory_traversal_vulnerability_in_32bit_ftp_c
    lient.html
  • 10.32.12 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Citrix XenApp Online Plug-in ActiveX Control Remote Code Execution
  • Description: Citrix XenApp is an access-control application for Citrix desktops. Citrix XenApp Online Plug-in is exposed to a remote code execution issue that affects the ICA Client ActiveX Object component. Citrix XenApp Online Plug-in versions prior to 12.0.3 are affected.
  • Ref: http://support.citrix.com/article/CTX125976
  • 10.32.13 - CVE: CVE-2010-0833
  • Platform: Linux
  • Title: Likewise Open "pam_lsass" Library Local Security Bypass
  • Description: Likewise Open is an authentication solution for Unix and Linux operating systems. Likewise Open is exposed to a local security bypass issue because the "pam_lsass" library, when running with root privileges, allows any user to log on as a lsassd local provider account if the account's password is marked as expired.
  • Ref: http://www.securityfocus.com/archive/1/512643
  • 10.32.14 - CVE: CVE-2010-1507
  • Platform: Linux
  • Title: SUSE YaST WebYaST Appliance Pre-Installed Image Default Secret Key Security Bypass
  • Description: WebYaST is a web-based remote console for controlling and setting up an appliance. WebYaST is exposed to remote security bypass issue because it generates a secret key that is used in creating session cookies after package installation. Appliances preloaded with the application all use the same secret key. WebYaST version on appliances preloaded with SLE 11 are affected.
  • Ref: http://www.securityfocus.com/bid/42128
  • 10.32.15 - CVE: CVE-2010-2791
  • Platform: Unix
  • Title: Apache "mod_proxy_http" 2.2.9 for Unix Timeout Handling Information Disclosure
  • Description: Apache is an HTTP web server available for multiple operating platforms. The "mod_proxy_http" module provides functionality used for proxying HTTP requests. The Apache server is exposed to an information disclosure issue. Specifically, the "mod_proxy_http" module does not properly handle timeout conditions. Apache version 2.2.9 on Unix is affected.
  • Ref: http://permalink.gmane.org/gmane.comp.security.oss.general/3243
  • 10.32.16 - CVE: Not Available
  • Platform: Novell
  • Title: Wi-Fi Protected Access 2 (WPA2) Access Point Spoofing
  • Description: Wi-Fi Protected Access 2 (WPA2) Encryption Standard is a security technology for wireless networking. WPA2 is exposed to an issue that allows an attacker to spoof the MAC address of the Access Point and impersonate the gateway for sending out traffic. The problem occurs because a client can generate arbitrary broadcast packets which other clients will respond to.
  • Ref: http://www.airtightnetworks.com/WPA2-Hole196
  • 10.32.17 - CVE: Not Available
  • Platform: Cross Platform
  • Title: AjaXplorer "cross-repository-copy" Feature Security Bypass issue
  • Description: AjaXplorer is a remote file management application. AjaXplorer is exposed to a security bypass issue. This issue is due to an access validation error within the "cross-repository-copy" feature. AjaXplorer versions prior to 2.5.4 are affected.
  • Ref: http://www.securityfocus.com/bid/42003
  • 10.32.18 - CVE: Not Available
  • Platform: Cross Platform
  • Title: (Really) Simple IM Denial Of Service issue
  • Description: (Really) Simple IM is an instant messaging application. The application is exposed to a denial of service issue. Specifically, this issue occurs when an overly large string is sent to the application. (Really) Simple IM version 1.3 Beta is affected.
  • Ref: http://www.securityfocus.com/bid/41763
  • 10.32.19 - CVE: Not Available
  • Platform: Cross Platform
  • Title: IBM FileNet Content Manager "InheritParentPermissions" Flag Security Bypass
  • Description: IBM FileNet Content Manager is a web-based content manager for the FileNet P8 platform. The application is exposed to a security bypass issue that may occur when folder security inheritance is disabled. IBM FileNet P8 Content Manager versions 4.0.0, 4.0.1, 4.5.0, and 4.5.1 are affected.
  • Ref: http://www-01.ibm.com/support/docview.wss?uid=swg21441225
  • 10.32.20 - CVE: Not Available
  • Platform: Cross Platform
  • Title: gif2png Remote Buffer Overflow Issue
  • Description: gif2png is an application for converting image files from GIF to PNG format. The application is exposed to a remote buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input. Specifically, this issue occurs because the application fails to properly handle overly long file names. gif2png version 2.5.2 is affected.
  • Ref: http://www.securityfocus.com/bid/41801
  • 10.32.21 - CVE: Not Available
  • Platform: Cross Platform
  • Title: VideoCache "vccleaner" Utility Local Arbitrary File Overwrite
  • Description: VideoCache is a Squid URL rewriter plugin written in Python. VideoCache is exposed to a security issue that may allow attackers to overwrite arbitrary data. This issue occurs because the "vccleaner" utility runs with root privileges, allowing users to overwrite arbitrary files on the affected server. VideoCache version 1.9.2 is affected.
  • Ref: http://www.securityfocus.com/bid/41813
  • 10.32.22 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Intel Math Kernel Library Insecure File Permissions issue
  • Description: Intel Math Kernel Library is a library that provides math routines. The library is exposed to a security issue because it sets insecure file permissions. Intel Math Kernel Library versions prior to 10.2 are affected.
  • Ref: http://www.securityfocus.com/bid/41832
  • 10.32.23 - CVE: CVE-2010-1577
  • Platform: Cross Platform
  • Title: Cisco CDS Internet Streamer Web Server Directory Traversal
  • Description: Cisco CDS Internet Streamer web server component is a part of the Cisco Content Delivery System for streaming media. Cisco CDS Internet Streamer is exposed to a directory traversal issue. Cisco Content Delivery System versions prior to 2.5.7 is affected.
  • Ref: http://www.cisco.com/warp/public/707/cisco-sa-20100721-spcdn.shtml
  • 10.32.24 - CVE: Not Available
  • Platform: Cross Platform
  • Title: EasyMail Objects "SubmitToExpress()" Method Remote Stack Buffer Overflow
  • Description: EasyMail Objects is an application that provides email sending/receiving for ActiveX applications. The application is exposed to a remote buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data before copying it to an insufficiently sized buffer. EasyMail Objects "emsmtp.dll" version 6.0.2.0 is affected. Spam Inspector version 4.0.354 is affected.
  • Ref: http://www.securityfocus.com/bid/41887
  • 10.32.25 - CVE: CVE-2009-4849, CVE-2009-4848, CVE-2009-4842
  • Platform: Cross Platform
  • Title: ToutVirtual VirtualIQ Pro Multiple Security Vulnerabilities
  • Description: ToutVirtual VirtualIQ Pro is a tool for managing virtual platforms. The application is exposed to multiple security issues. VirtualIQ Pro version 3.5 build 8691 and 3.2 build 7882 are affected.
  • Ref: http://www.securenetwork.it/ricerca/advisory/download/SN-2009-02.txt
  • 10.32.26 - CVE: CVE-2010-2474
  • Platform: Cross Platform
  • Title: JBoss ESB Domain Validation Remote Privilege Escalation Issue
  • Description: JBoss ESB is a tool to integrate Enterprise level applications and data. The application is exposed to a remote privilege escalation issue because it fails to properly validate the security context in authentication requests.
  • Ref: http://www.securityfocus.com/bid/41915
  • 10.32.27 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Mandos Client Password Information Disclosure
  • Description: Mandos is a system used to remotely reboot servers with encrypted root file systems. Mandos is exposed to an information disclosure issue that occurs because the "update-initramfs hook" script insecurely adds the "/etc/mandos/clients.conf" file and several other configuration files to "initrd". Mandos version 1.0.12-1 is affected.
  • Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=551907
  • 10.32.28 - CVE: CVE-2009-4095
  • Platform: Cross Platform
  • Title: myPhile Empty Password Authentication Bypass
  • Description: myPhile is an application that provides front end functionality for MySQL tables. The application is exposed to an authentication bypass issue that allows attackers to gain access by supplying a valid username and an empty password. myPhile version 1.2.1 is affected.
  • Ref: http://www.securityfocus.com/bid/41926
  • 10.32.29 - CVE: CVE-2010-2547
  • Platform: Cross Platform
  • Title: GnuPG "GPGSM Tool" Certificate Importing Remote Code Execution
  • Description: GnuPG is a key management system. "GPGSM tool" of GnuPG is for processing S/MIME messages and for managing X.509 certificates. The application is exposed to a remote code execution issue due to the use after free error within the "GPGSM tool". GnuPG 2.x versions prior to and including 2.0.16 are affected.
  • Ref: http://www.securityfocus.com/bid/41945
  • 10.32.30 - CVE: Not Available
  • Platform: Cross Platform
  • Title: libmspack Multiple Remote Denial of Service Issues
  • Description: libmspack is a library for the compression and decompression of the various Microsoft file formats. libmspack is exposed to the multiple remote denial of service issues. libmspack version 0.2 is affected .
  • Ref: http://www.securityfocus.com/bid/41967
  • 10.32.31 - CVE: CVE-2010-2785
  • Platform: Cross Platform
  • Title: KVIrc "r" Carriage Return in DCC Handshake Remote Command Execution
  • Description: KVIrc is an IRC client available for various operating systems. KVIrc is exposed to a remote command execution issue because it fails to sufficiently sanitize user-supplied input when handling Direct Client to Client handshakes. Specifically, the "r" carriage return character can be injected into Client To Client Protocol requests to hijack an IRC connection and execute arbitrary IRC commands. KVIrc version 4.0.0 is affected.
  • Ref: http://www.securityfocus.com/bid/42026/references
  • - CVE: CVE-2010-1788, CVE-2010-1789, CVE-2010-1790,CVE-2010-1791, CVE-2010-1792, CVE-2010-1780, CVE-2010-1785,CVE-2010-1784, CVE-2010-1787, CVE-2010-1783,
  • Platform: Cross Platform
  • Title: WebKit multiple issues
  • Description: WebKit is a browser framework used in multiple applications, including Apple Safari and Google Chrome browsers. WebKit is exposed to multiple issues. A remote memory corruption issue occurs when handling "use" elements in SVG documents. A remote heap-based buffer overflow issue occurs because the application fails to perform adequate boundary checks on user-supplied data. A remote code execution issue exists due to a reentrancy issue when handling "just-in-time" compiled JavaScript stubs. A remote memory corruption issue occurs when handling regular expressions. Apple Safari versions 5.0.1 and 4.1.1 are affected.
  • Ref: http://www.securityfocus.com/bid/42042/info
  • 10.32.33 - CVE: CVE-2009-4519
  • Platform: Cross Platform
  • Title: Ortro Multiple Unspecified Vulnerabilities
  • Description: Ortro is a framework for enterprise scheduling and monitoring. The application is exposed to multiple unspecified issues. Ortro versions prior to 1.3.4 are affected.
  • Ref: http://dev.ortro.net/news/8
  • 10.32.34 - CVE: CVE-2009-4535
  • Platform: Cross Platform
  • Title: Mongoose Slash Character Remote File Disclosure Issue
  • Description: Mongoose is an HTTP server. The application is exposed to a file disclosure issue because it fails to properly sanitize user-supplied input. Mongoose version 2.8 is affected.
  • Ref: http://www.securityfocus.com/bid/42051
  • 10.32.35 - CVE: Not Available
  • Platform: Cross Platform
  • Title: WM Downloader ".m3u" File Buffer Overflow
  • Description: WM Downloader is a file download management application. The application is exposed to a remote stack-based buffer overflow issue because it fails to perform adequate checks on user-supplied input. WM Downloader version 3.1.2.2 is affected.
  • Ref: http://www.securityfocus.com/bid/42055
  • 10.32.36 - CVE: Not Available
  • Platform: Cross Platform
  • Title: UnrealIRCd User Authentication Buffer Overflow Issue
  • Description: UnrealIRCd is an Internet Relay Chat server. UnrealIRCd is exposed to a buffer overflow issue because the application fails to perform adequate boundary checks on user-supplied data. The issue occurs in the code responsible for handling user authentication.
  • Ref: http://www.securityfocus.com/bid/42077
  • 10.32.37 - CVE: Not Available
  • Platform: Cross Platform
  • Title: IBM Tivoli Directory Server "DIGEST-MD5" Denial of Service
  • Description: IBM Tivoli Directory Server is an LDAP-based identity management application. The application is exposed to a denial of service issue because it fails to properly handle DIGEST-MD5 authentication requests. IBM Tivoli Directory Server version 6.0.0.8 is affected.
  • Ref: http://www-01.ibm.com/support/docview.wss?uid=swg1IO12399
  • 10.32.38 - CVE: Not Available
  • Platform: Cross Platform
  • Title: JP1/Cm2/Network Node Manager Remote Code Execution and Denial of Service
  • Description: JP1/Cm2/Network Node Manager is exposed to multiple remote code execution and denial of service issues.
  • Ref: http://www.securityfocus.com/bid/42101
  • 10.32.39 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Hitachi HiRDB Unspecified Denial of Service
  • Description: Hitachi HiRDB is a relational database. HiRDB is exposed to an unspecified denial of service issue because it fails to properly handle unexpected data. Successful exploits may allow attackers to cause the service to stop, effectively denying further service to legitimate users.
  • Ref: http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS10-014/inde
    x.html
  • 10.32.40 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Akamai Download Manager Arbitrary File Download Issue
  • Description: The Akamai Download Manager ActiveX control is a web-based file downloader. Akamai Download Manager is exposed to an issue that occurs because it fails to properly handle file downloads. Akamai Download Manager version 2.2.4.8 is affected.
  • Ref: http://www.securityfocus.com/bid/42104
  • 10.32.42 - CVE: Not Available
  • Platform: Cross Platform
  • Title: VxWorks Multiple Security Issues
  • Description: VxWorks is a real-time operating system. VxWorks is exposed to security bypass issues. The issues affect multiple products from multiple vendors that ship with the VxWorks operating system.
  • Ref: http://www.securityfocus.com/bid/42114
  • 10.32.43 - CVE: Not Available
  • Platform: Cross Platform
  • Title: cabextract MS-ZIP and Quantum Decompressed ".cab" File Denial of Service
  • Description: cabextract is a utility for extracting Microsoft cabinet file archives. cabextract is exposed to a denial of service issue because it fails to properly handle zero-byte ".cab" files. Specifically, the application's MS-ZIP and Quantum decompressors do not properly process specially crafted archives, triggering an infinite loop. cabextract versions prior to 1.3 are affected.
  • Ref: http://permalink.gmane.org/gmane.comp.security.oss.general/3252
  • 10.32.44 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Avast! Internet Security "aswFW.sys" Driver IOCTL Handling Local Denial of Service
  • Description: Avast! Internet Security is an application that provides protection from different types of attacks. Avast! Internet Security is exposed to a local denial of service issue because the "aswFW.sys" driver fails to properly handle input via the 0x829C0964 (IOCTL_ASWFW_COMM_PIDINFO_RESULTS) IOCTL call. Specifically when a large integer value is provided to the first 4 bytes of the IOCTL request, memory corruption occurs. Avast! Internet Security version 5.0 is affected.
  • Ref: http://www.securityfocus.com/bid/42148/references
  • 10.32.45 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Citrix Online Plug-In and ICA Client Unspecified Remote Code Execution Issue
  • Description: Citrix Online Plug-In and ICA Client provide users with access to Citrix products like XenApp and XenDesktop servers. The applications are exposed to an unspecified remote code execution issue. This issue results in arbitrary code execution when a user connects to a malicious server through ICA protocol either by launching a ".ICA" file or by using an ICA client browser plug-in. The following products are affected: Citrix Online Plug-in for XenApp &amp; XenDesktop for Windows prior to version 11.2 Citrix Online Plug-in for XenApp &amp; XenDesktop for Mac prior to version 11.0 Citrix ICA Client for Linux (x86 and ARM) prior to version 11.100 Citrix ICA Client for Solaris (x86 and Sparc) prior to version 8.63 Citrix Receiver for Windows Mobile prior to version 11.5
  • Ref: http://support.citrix.com/article/CTX125975
  • 10.32.46 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Apple iOS Multiple Vulnerabilities
  • Description: Apple iOS is an operating platform for iPhone and iPod touch. iPhone is a mobile phone that runs on the ARM architecture. Apple iPod touch is a portable music player. Apple iOS is exposed to multiple issues. A code execution issue affects the iOS when handling a specially crafted PDF files. A privilege escalation issue affects the iOS kernel because of a unspecified error. iOS versions 4.0.1 and earlier are affected.
  • Ref: http://www.apple.com/iphone/softwareupdate/
  • 10.32.47 - CVE: CVE-2010-2709
  • Platform: Cross Platform
  • Title: HP OpenView Network Node Manager Remote Code Execution
  • Description: HP OpenView Network Node Manager is a fault management application for IP networks. The application is exposed to an unspecified remote code execution issue. OpenView Network Node Manager versions 7.51 and 7.53 are affected.
  • Ref: http://www.securityfocus.com/archive/1/512822
  • 10.32.48 - CVE: CVE-2009-4403
  • Platform: Web Application - Cross Site Scripting
  • Title: Rumba XML "index.php" Cross-Site Scripting Issue
  • Description: Rumba XML is a PHP-based content management system. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to an unspecified variable of the "index.php" script. Rumba XML version 1.8 is affected.
  • Ref: http://www.securityfocus.com/bid/41751
  • 10.32.49 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Xinha "mode" Parameter Cross-Site Scripting Issue
  • Description: Xinha is an HTML editor component. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input. Xinha version 0.96.1 is affected.
  • Ref: http://www.securityfocus.com/bid/41767
  • 10.32.50 - CVE: CVE-2009-4348
  • Platform: Web Application - Cross Site Scripting
  • Title: HB-NS "topic" Parameter Cross-Site Scripting
  • Description: HB-NS (Harold Bakker's NewsScript) is a PHP-based web application. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "topic" parameter of the "index.php" script when "action" is set to "topic". HB-NS version 1.3 is affected.
  • Ref: http://www.securityfocus.com/bid/41785
  • 10.32.51 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: ScriptsEz Ez FAQ Maker Cross-Site Scripting and Cross-Site Request Forgery Vulnerabilities
  • Description: ScriptsEz Ez FAQ Maker is a PHP-based web application. The application is exposed to multiple security issues. Ez FAQ Maker version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/41806
  • 10.32.52 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: daloRADIUS "login.php" Cross-Site Scripting Issue
  • Description: daloRADIUS is a PHP-based web application. The application is exposed to a cross-site scripting issue because it fails to sanitize user supplied input to the "error" parameter of the "daloradius-users/login.php" script.
  • Ref: http://www.securityfocus.com/bid/41807
  • 10.32.53 - CVE: CVE-2009-4234
  • Platform: Web Application - Cross Site Scripting
  • Title: Micronet Network Access Controller SP1910 "error_user.shtml" Cross-Site Scripting
  • Description: Micronet Network Access Controller SP1910 is a device for managing wired and wireless networks. The device is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "msg" parameter of the "loginpages/error_user.shtml" script.
  • Ref: http://www.securityfocus.com/bid/41821
  • 10.32.54 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: AssetsSoSimple "supplier_admin.php" Cross-Site Scripting
  • Description: AssetsSoSimple is a PHP-based web application. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "supplier" parameter of the "supplier_admin.php" script. AssetsSoSimple version 0.33 is affected.
  • Ref: http://www.securityfocus.com/bid/41864
  • 10.32.55 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Claus Muus Spitfire Multiple Cross-Site Scripting Vulnerabilities
  • Description: Claus Muus Spitfire is a PHP-based content manager. The application is exposed to multiple cross-site scripting issues because it fails to properly sanitize user-supplied input. Claus Muus Spitfire version 1.0.336 is affected.
  • Ref: http://www.htbridge.ch/advisory/xss_vulnerability_in_spitfire_2.html
  • 10.32.56 - CVE: CVE-2009-3856
  • Platform: Web Application - Cross Site Scripting
  • Title: Stratek Web Design Twilight CMS "calendar" Cross-Site Scripting
  • Description: Twilight CMS is a PHP-based content manager. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "calendar" parameter of the "news/" script.
  • Ref: http://onsec.ru/vuln?id=10
  • 10.32.57 - CVE: CVE-2009-4853
  • Platform: Web Application - Cross Site Scripting
  • Title: JumpBox for the Foswiki Wiki System Multiple Cross-Site Scripting Issues
  • Description: JumpBox is a tool for virtualization and cloud computing. JumpBox for the Foswiki Wiki System is exposed to multiple unspecified cross-site scripting issues because it fails to sufficiently sanitize user-supplied input. JumpBox for the Foswiki Wiki System version 1.1.1 and prior are affected.
  • Ref: http://www.securityfocus.com/bid/41896
  • 10.32.58 - CVE: CVE-2010-2536
  • Platform: Web Application - Cross Site Scripting
  • Title: rekonq Error Page Cross-Site Scripting
  • Description: rekonq is a web browser for the KDE desktop environment. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input. Specifically, this issue occurs through the error page when a domain cannot be resolved. rekonq version 0.3.90 is affected.
  • Ref: https://bugs.kde.org/show_bug.cgi?id=217464
  • 10.32.59 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Omnistar Drive "index.php" Cross-Site Scripting Issue
  • Description: Omnistar Drive is web-based document management software. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user supplied input to the "interface" parameter of the "index.php" script.
  • Ref: http://www.securityfocus.com/bid/41920
  • 10.32.60 - CVE: CVE-2010-1969
  • Platform: Web Application - Cross Site Scripting
  • Title: Nessus Web Server Plugin Unspecified Cross-Site Scripting
  • Description: Nessus Web Server is a plugin for the Nessus security monitoring application. The plugin, "nessusd_www_server.nbin", is exposed to an unspecified cross-site scripting issue because it fails to sanitize user-supplied input. Nessus Web Server versions prior to 1.2.4 are affected.
  • Ref: http://www.securityfocus.com/archive/1/512645
  • 10.32.61 - CVE: CVE-2009-3901
  • Platform: Web Application - Cross Site Scripting
  • Title: e-Courier CMS "UserGUID" Parameter Multiple Cross-Site Scripting Issues
  • Description: e-Courier CMS is a web-based courier management system. The application is exposed to multiple cross-site scripting issues because it fails to properly sanitize user-supplied input to the "UserGUID" parameter of "home/index.asp" and other unspecified scripts.
  • Ref: http://www.securityfocus.com/bid/41970
  • 10.32.62 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: SPIP "var_login" Parameter Cross-Site Scripting Issue
  • Description: SPIP is a website publishing application implemented in PHP. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "var_login" parameter in the "prive/informer_auteur_fonctions.php" script. SPIP version 2.1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/42060
  • 10.32.63 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Sourcefabric Campsite Multiple Cross-Site Scripting Issues
  • Description: Sourcefabric Campsite is a PHP-based content management system. The application is prone to multiple cross-site scripting issues because it fails to properly sanitize user-supplied input. Sourcefabric Campsite version 3.3.6 is affected.
  • Ref: http://www.securityfocus.com/bid/42107
  • 10.32.64 - CVE: CVE-2009-2897, CVE-2009-2898
  • Platform: Web Application - Cross Site Scripting
  • Title: Multiple SpringSource Products HTML Injection and Multiple Cross-Site Scripting Vulnerabilities
  • Description: SpringSource Hyperic HQ, tc Server, and Application Management Suite (AMS) are infrastructure management applications. The applications are exposed to multiple issues because they fail to sufficiently sanitize user-supplied input.
  • Ref: http://www.springsource.com/security/cve-2009-2898
  • 10.32.65 - CVE: CVE-2009-3974
  • Platform: Web Application - SQL Injection
  • Title: Invision Power Board Multiple SQL Injection
  • Description: Invision Power Board is a web-based forum application. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data. Invision Power Board version 3.0.0 through 3.0.2 are affected.
  • Ref: http://www.securityfocus.com/bid/42005
  • 10.32.66 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: SoftClones Marketing Management System "admin/login.aspx" Multiple SQL Injection Issues
  • Description: Preprojects SoftClones Marketing Management System is a web application implemented in PHP. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "ctl00$ContentPlaceHolder1$txtuname" and "ctl00$ContentPlaceHolder1$txtpass" POST parameters of the "admin/login.aspx" script.
  • Ref: http://www.securityfocus.com/bid/41774
  • 10.32.67 - CVE: CVE-2009-4351
  • Platform: Web Application - SQL Injection
  • Title: NetArt Media WSCreator "loginaction.php" SQL Injection Issue
  • Description: NetArt Media WSCreator is a PHP-based web application. The application is exposed to an SQL injection issue because it fails to properly sanitize user-supplied input to the "Email" field of the "ADMIN/loginaction.php" script when logging in to the affected application. WSCreator 1.1 is affected.
  • Ref: http://www.securityfocus.com/bid/41784
  • 10.32.68 - CVE: CVE-2009-2365
  • Platform: Web Application - SQL Injection
  • Title: GalleryPal FE "login.asp" SQL Injection
  • Description: GalleryPal FE is an ASP-based web application. The application is exposed to an SQL injection issue because it fails to properly sanitize user-supplied input to the "password" field of the "login.asp" script when logging in to the affected application. GalleryPal FE version 1.5 is affected.
  • Ref: http://www.securityfocus.com/bid/41788
  • 10.32.69 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: ClickTrackerASP "sitedetails.asp" SQL Injection Issue
  • Description: ClickTrackerASP is an ASP-based web application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "siteid" parameter of the "portfolio/sitedetails.asp" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/41790
  • 10.32.70 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: SnowFlake CMS "uid" Parameter SQL Injection
  • Description: SnowFlake CMS is a content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "uid" parameter in the "page.php" script before using it in an SQL query. SnowFlake CMS version 1.0 beta5.2 is affected.
  • Ref: http://www.securityfocus.com/bid/41791
  • 10.32.71 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Linkster "CID" Parameter SQL Injection
  • Description: Linkster is a link indexing script. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "CID" parameter in the "linkster.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/41793
  • 10.32.72 - CVE: CVE-2009-2614
  • Platform: Web Application - SQL Injection
  • Title: DataCheck Solutions LinkPal "z_admin_login.asp" SQL Injection
  • Description: DataCheck Solutions LinkPal is an ASP-based web application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "password" field of the "z_admin_login.asp" script.
  • Ref: http://www.securityfocus.com/bid/41809
  • 10.32.73 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Cnr Hikaye Scripti "hikaye.asp" SQL Injection
  • Description: Cnr Hikaye Scripti is an ASP-based web application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter in the "hikaye.asp" script before using it in an SQL query. Cnr Hikaye Scripti version 1.1 is affected.
  • Ref: http://www.securityfocus.com/bid/41810
  • 10.32.74 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Mayasan Portal "haberdetay.asp" SQL Injection Issue
  • Description: Mayasan Portal is an ASP-based web portal application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter in the "makaledetay.asp" script before using it in an SQL query. Mayasan Portal version 2.0 is affected.
  • Ref: http://www.securityfocus.com/bid/41817
  • 10.32.75 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Mayasan Portal "haberdetay.asp" SQL Injection Issue
  • Description: Mayasan Portal is an ASP-based web portal application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter in the "haberdetay.asp" script before using it in an SQL query. Mayasan Portal version 2.0 is affected.
  • Ref: http://www.securityfocus.com/bid/41823
  • 10.32.76 - CVE: CVE-2009-4155
  • Platform: Web Application - SQL Injection
  • Title: Eshopbuilde CMS Multiple SQL Injection Vulnerabilities
  • Description: Eshopbuilde CMS is a content manager implemented in ASP. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
  • Ref: http://www.securityfocus.com/bid/41835
  • 10.32.77 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Imagine-cms "index.php" SQL Injection
  • Description: Imagine-cms is a PHP-based content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "idnews" parameter of the "index.php" script before using it in an SQL query. Imagine-cms version 2.50 is affected.
  • Ref: http://www.securityfocus.com/bid/41837
  • 10.32.78 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: myLinksDump Widget for Wordpress "url" Parameter SQL Injection
  • Description: myLinksDump is a widget for Wordpress. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied input to the "url" parameter of the "myLDlinker.php" script before using it in an SQL query. Silvercover myLinksDump version 2.9.2 is affected.
  • Ref: http://www.securityfocus.com/bid/41898
  • 10.32.79 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: AlefMentor "cource.php" SQL Injection
  • Description: AlefMentor is a PHP-based learning management system. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "courc_id" parameter of the "cource.php" script before using it in an SQL query. AlefMentor version 2.0 is affected.
  • Ref: http://www.securityfocus.com/bid/41903
  • 10.32.80 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: ZeeAdbox "bannerclick.php" SQL Injection Issue
  • Description: ZeeAdbox is a PHP-based banner management application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "bnnnerid" parameter of the "bannerclick.php" script before using it in an SQL query. ZeeAdbox version v2x is affected.
  • Ref: http://www.securityfocus.com/bid/41907
  • 10.32.81 - CVE: CVE-2009-4767
  • Platform: Web Application - SQL Injection
  • Title: Plohni Shoutbox "index.php" Multiple HTML Injection Issue
  • Description: Plohni Shoutbox is a PHP-based commenting tool. The application is exposed to multiple HTML injection issues because it fails to properly sanitize user-supplied input to the "input_name" and "input_text" parameters of the "index.php" script before using it in dynamically generated content. Plohni Shoutbox version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/41922
  • 10.32.82 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: CMS Ignition "shopMGID" Parameter SQL Injection
  • Description: CMS Ignition is a web-based content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "shopMGID" parameter of the "shop.htm" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/41934
  • 10.32.83 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: BALlettin Forum Multiple SQL Injection Vulnerabilities
  • Description: BALlettin Forum is a PHP-based forum application. The application is exposed multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "mesajid" parameter in the "alinti.php" script and to the "ballettin" cookie parameter.
  • Ref: http://www.securityfocus.com/bid/41935
  • 10.32.84 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: WhiteBoard "controlpanel.php" Multiple SQL Injection Issue
  • Description: WhiteBoard is a PHP-based discussion board application. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "Display Name" and "E-mail" parameters of the "controlpanel.php" script. WhiteBoard version 0.1.30 is affected.
  • Ref: http://www.securityfocus.com/bid/41936
  • 10.32.85 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: XAOS CMS "m" Parameter SQL Injection
  • Description: XAOS CMS is a content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "m" parameter of the "index.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/41937
  • 10.32.86 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: AKY Blog "default.asp" SQL Injection Issue
  • Description: AKY Blog is an ASP-based blogging application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied input to the "id" parameter in the "default.asp" script.
  • Ref: http://www.securityfocus.com/bid/41941
  • 10.32.87 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PhotoPost "ecard.php" SQL Injection Issue
  • Description: PhotoPost is a web-based photo gallery application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "ecard" parameter of the "ecard.php" script before using it in an SQL query. PhotoPost version 4.6.5 is affected.
  • Ref: http://www.securityfocus.com/bid/41943
  • 10.32.88 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: eoCMS "Page Divide" Function Multiple SQL Injection Issues
  • Description: eoCMS is a PHP-based content manager. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "page divide" function of the "viewboard" and "viewtopic" modules. eoCMS version 0.9.02 is affected.
  • Ref: http://www.securityfocus.com/bid/41999
  • 10.32.89 - CVE: CVE-2009-4386
  • Platform: Web Application - SQL Injection
  • Title: Venalsur Booking Centre "hotel_tiempolibre_ext.php" SQL Injection issue
  • Description: Venalsur Booking Centre is a PHP-based web application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied input to the "NoticiaID" parameter in the "hotel_tiempolibre_ext.php" script.
  • Ref: http://www.securityfocus.com/bid/42056
  • 10.32.90 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Empire CMS Remote SQL Injection Issue
  • Description: Empire CMS is a web-based application implemented in PHP. Empire CMS is exposed to a remote SQL injection issue because the application fails to properly validate user-supplied input to the "CLIENT-IP" parameter of the "index.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/42139
  • 10.32.91 - CVE: Not Available
  • Platform: Web Application
  • Title: Drupal Simple Gallery Module Multiple Unspecified HTML Injection Vulnerabilities
  • Description: Simple Gallery is a module for the Drupal content manager that provides a gallery using taxonomy and CCK imagefields. The module is exposed to multiple HTML injection issues because it fails to properly sanitize certain unspecified user-supplied input before using it in dynamically generated content.
  • Ref: http://drupal.org/node/854402
  • 10.32.92 - CVE: Not Available
  • Platform: Web Application
  • Title: MediaWiki "api.php" Information Disclosure Issue
  • Description: MediaWiki is a media and image content wiki application. MediaWiki is exposed to an information disclosure issue. This issue occurs because the "api.php" script does not properly enforce "Cache-Control" headers on cache data. MediaWiki version 1.8 through 1.15.4 are affected.
  • Ref: http://www.securityfocus.com/bid/42019
  • 10.32.93 - CVE: Not Available
  • Platform: Web Application
  • Title: PHP-Fusion Remote Command Execution Issue
  • Description: PHP-Fusion is a PHP-based content manager. PHP-Fusion is exposed to an issue that attackers can leverage to execute arbitrary commands. This issue occurs because the software fails to adequately sanitize user-supplied input passed to the "sendmail" parameter in the "class.phpmailer.php" script.
  • Ref: http://www.securityfocus.com/bid/41758
  • 10.32.94 - CVE: Not Available
  • Platform: Web Application
  • Title: Subrion Auto Classifieds Script HTML Injection
  • Description: Auto Classifieds Script is a web-based application implemented in PHP. The application is exposed to an HTML injection issue because it fails to sufficiently sanitize user-supplied input to the "options" input field of the "autos/submit.php" script.
  • Ref: http://www.securityfocus.com/bid/41772
  • 10.32.95 - CVE: Not Available
  • Platform: Web Application
  • Title: Yacs CMS "context[path_to_root]" Parameter Remote File Include
  • Description: Yacs CMS is a PHP-based content manager. The application is exposed to a remote file include issue because it fails to properly sanitize user-supplied input to the "context[path_to_root]" parameter of the "index.php" script. Yacs CMS version 10.5.27 is affected.
  • Ref: http://www.securityfocus.com/bid/41773
  • 10.32.96 - CVE: Not Available
  • Platform: Web Application
  • Title: Group-Office SQL Injection Vulnerability and Remote Command Execution
  • Description: Group-Office is a PHP-based content manager. The application is exposed to multiple input validation issues. Group-Office version 3.5.12 is affected.
  • Ref: http://www.securityfocus.com/bid/41775
  • 10.32.97 - CVE: Not Available
  • Platform: Web Application
  • Title: Freelancer Marketplace Script "post_project.php" Multiple HTML Injection
  • Description: Freelancer Marketplace Script is a PHP-based web application. The application is exposed to multiple HTML injection issues because it fails to sufficiently sanitize user-supplied input to the "title" and the "describe project" input fields of the "post_project.php" script.
  • Ref: http://www.securityfocus.com/bid/41776
  • 10.32.98 - CVE: Not Available
  • Platform: Web Application
  • Title: TenderSystem "main.php" Multiple Local File Include Issues
  • Description: TenderSystem is a content manager implemented in PHP. The application is exposed to multiple local file include issues because it fails to properly sanitize user-supplied input to the "module" and "function" parameters in the "main.php" script. TenderSystem version 0.9.5 Beta is affected.
  • Ref: http://www.securityfocus.com/bid/41792
  • 10.32.99 - CVE: CVE-2009-4315
  • Platform: Web Application
  • Title: Nuggetz "ajaxsave.php" Multiple Directory Traversal Vulnerabilities
  • Description: Nuggetz is a PHP-based content manager. The application is exposed to multiple directory traversal issues because it fails to sufficiently sanitize user-supplied input to the "pagevalue" and "nugget" parameters of the "admin/ajaxsave.php" script. Nuggetz version 1.0 is affected.
  • Ref: http://www.nuggetz.co.uk/versionhistory.htm
  • 10.32.100 - CVE: CVE-2009-4908
  • Platform: Web Application
  • Title: oBlog "article.php" Multiple HTML Injection Issues
  • Description: oBlog is a PHP-based web application. The application is exposed to multiple HTML injection issues because it fails to sufficiently sanitize user-supplied input to the "commentName", "commentEmail", "commentWeb", and "commentText" input fields of the "article.php" script when adding comments to a blog post.
  • Ref: http://www.securityfocus.com/bid/41814
  • 10.32.101 - CVE: CVE-2009-4595, CVE-2009-4596, CVE-2009-4597
  • Platform: Web Application
  • Title: PHP Wares PHP Inventory Cross-Site Scripting and SQL Injection Vulnerabilities
  • Description: PHP Inventory is a web-based application. The application is exposed to multiple issues because it fails to sanitize user-supplied input. PHP Wares PHP Inventory version 1.2 is affected.
  • Ref: http://www.securityfocus.com/bid/41819
  • 10.32.102 - CVE: Not Available
  • Platform: Web Application
  • Title: Uploaderr Arbitrary File Upload Issue
  • Description: Uploaderr is a PHP-based file uploading script. Uploaderr is exposed to an issue that lets attackers upload arbitrary files because it fails to adequately validate file extensions and content type in the "/uploads/" directory before uploading them onto the web server. Uploaderr version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/41820
  • 10.32.103 - CVE: CVE-2009-4224
  • Platform: Web Application
  • Title: SweetRice "root_dir" Parameter Multiple Remote File Include Vulnerabilities
  • Description: SweetRice is a PHP-based content management system. The application is exposed to multiple remote file include vulnerabilities because it fails to sufficiently sanitize user-supplied input to the "root_dir" parameter of the "_plugin/subscriber/inc/post.php" and the "as/lib/news_modify.php" scripts. SweetRice versions 0.5.4 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/41825
  • 10.32.104 - CVE: Not Available
  • Platform: Web Application
  • Title: PHP Chat Module for 123 Flash Chat "login_chat.php" Remote File Include Issue
  • Description: 123 Flash Chat is a PHP-based instant messaging application. PHP Chat is a module for 123 Flash Chat application. The application is exposed to a remote file include issue because it fails to properly sanitize user-supplied input to the "select_db" parameter of the "login_chat.php" script.
  • Ref: http://www.securityfocus.com/bid/41826
  • 10.32.105 - CVE: Not Available
  • Platform: Web Application
  • Title: MultipleFileUpload Arbitrary File Upload Issue
  • Description: MultipleFileUpload is a web-based file uploading application. The application is exposed to an arbitrary file upload issue because it fails to adequately sanitize file extensions before uploading a file onto the web server. MultipleFileUpload version 2.0 is affected.
  • Ref: http://www.securityfocus.com/bid/41844
  • 10.32.106 - CVE: Not Available
  • Platform: Web Application
  • Title: MyBB Advanced Stats Plugin Multiple HTML Injection Issues
  • Description: Advanced Stats is a plugin for the MyBB message board application. The Advanced Stats plugin for MyBB is exposed to multiple HTML injection issues. These issues occur because the application fails to sanitize user-supplied input. MyBB Advanced Stats plugin versions 3.1 and prior are affected.
  • Ref: http://www.securityfocus.com/bid/41867
  • 10.32.107 - CVE: Not Available
  • Platform: Web Application
  • Title: Theeta CMS Multiple Cross-Site Scripting and SQL Injection Vulnerabilities
  • Description: Theeta CMS is a PHP-based content manager. The application is exposed to multiple issues because it fails to sufficiently sanitize user-supplied input. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials.
  • Ref: http://www.securityfocus.com/bid/41869
  • 10.32.108 - CVE: Not Available
  • Platform: Web Application
  • Title: Drupal Tagging Module Free tagging Vocabularies HTML Injection
  • Description: Tagging is a module for the Drupal content manager. The module is exposed to an HTML injection issue because it fails to properly sanitize content submitted to free tagging vocabularies before using it in dynamically generated content. Tagging versions prior to 6.x-2.4 are affected.
  • Ref: http://www.securityfocus.com/bid/41883
  • 10.32.109 - CVE: Not Available
  • Platform: Web Application
  • Title: PHP Photo Gallery Remote Command Execution and Remote File Include
  • Description: PHP Photo Gallery is a PHP-based photo gallery application. The application is exposed to the multiple input validation issues.
  • Ref: http://www.securityfocus.com/bid/41889
  • 10.32.110 - CVE: CVE-2009-4843
  • Platform: Web Application
  • Title: SF ToutVirtual VirtualIQ Pro Multiple Remote Command Execution Issues
  • Description: ToutVirtual VirtualIQ Pro is a tool for managing virtual platforms. The application exposed to multiple remote command execution issues because it fails to properly restrict access to the included JBOSS web application. VirtualIQ Pro version 3.2 build 7882 is affected.
  • Ref: http://www.securenetwork.it/ricerca/advisory/download/SN-2009-02.txt
  • 10.32.111 - CVE: CVE-2009-4085
  • Platform: Web Application
  • Title: PHP Traverser "mp3_id.php" Remote File Include issue
  • Description: PHP Traverser is a PHP-based web application. The application is exposed to a remote file include issue because it fails to properly sanitize user-supplied input to the "GLOBALS[BASE]" parameter of the "assets/plugins/mp3_id/mp3_id.php" script. PHP Traverser version 0.8.0 is affected.
  • Ref: http://www.securityfocus.com/bid/41899
  • 10.32.112 - CVE: Not Available
  • Platform: Web Application
  • Title: ZEEWAYS ZeeNetworking "member_photo.php" Arbitrary File Upload
  • Description: ZeeNetworking is a PHP-based social networking application. The application is exposed to an arbitrary file upload issue because it fails to properly sanitize user-supplied input. Specifically this issue affects the "members/member_photo.php" script. ZeeNetworking version v1x is affected.
  • Ref: http://www.securityfocus.com/bid/41908
  • 10.32.113 - CVE: Not Available
  • Platform: Web Application
  • Title: MC Content Manager SQL Injection and Cross-Site Scripting Issue
  • Description: MC Content Manager is a web application. The application is exposed to the multiple issues because it fails to sufficiently sanitize user-supplied input.
  • Ref: http://www.securityfocus.com/bid/41949
  • 10.32.114 - CVE: CVE-2009-4567
  • Platform: Web Application
  • Title: Viscacha "editprofile.php" HTML Injection Issue
  • Description: Viscacha is a PHP-based bulletin board application. The application is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input to the "instant messenger" field of the "editprofile.php" script before using it in dynamically generated content. Viscacha version 0.8 Gold is affected.
  • Ref: http://www.securityfocus.com/bid/41953/references
  • 10.32.115 - CVE: Not Available
  • Platform: Web Application
  • Title: PHPIDS "unserialize()" PHP Code Execution
  • Description: PHPIDS is a PHP-based intrusion detection system. The application is exposed to an issue that lets remote attackers execute arbitrary code because the application fails to sanitize user-supplied input. PHPIDS versions prior to and including 0.6.2 are affected.
  • Ref: http://www.sektioneins.com/en/advisories/advisory-022009-phpids-unserialize-vuln
    erability/
  • 10.32.116 - CVE: Not Available
  • Platform: Web Application
  • Title: Mundi Mail Multiple Remote Command Execution Vulnerabilities
  • Description: Mundi Mail is a PHP-based newsletter manager. Mundi Mail is exposed to multiple remote command execution issues because it fails to properly validate user-supplied input to the "mypid" and the "idtag" parameters of the "admin/status/index.php" script. MundiMail version 0.8.2 is affected.
  • Ref: http://www.securityfocus.com/bid/41957
  • 10.32.117 - CVE: Not Available
  • Platform: Web Application
  • Title: Portili Personal and Team Wiki Multiple Security Issues
  • Description: Portili Wiki is a PHP-based web application. The application is exposed to the multiple security issues like information disclosure, cross-site scripting and arbitrary file upload issue. Personal Wiki versions 1.14 and Team Wiki 1.14 are affected.
  • Ref: http://www.securityfocus.com/bid/41973
  • 10.32.118 - CVE: Not Available
  • Platform: Web Application
  • Title: Theeta CMS SQL Injection and Multiple Cross-Site Scripting Vulnerabilities
  • Description: Theeta CMS is a PHP-based content management system. The application is exposed to multiple issues because it fails to sufficiently sanitize user-supplied input.
  • Ref: http://www.securityfocus.com/archive/1/512661
  • 10.32.119 - CVE: Not Available
  • Platform: Web Application
  • Title: Jira Cross-Site Scripting and Information Disclosure Vulnerabilities
  • Description: JIRA is a web-based bug tracking application. The application is exposed to multiple issues. 1) An information disclosure issue that affects the "reportKey" parameter of the "ConfigureReport.jspa" script. 2) Multiple cross-site scripting issues that affect the "returnUrl" parameter of the "ViewIssue.jspa" and the "default.jspa" scripts. Jira version 4.01 is affected.
  • Ref: http://www.securityfocus.com/bid/42025
  • 10.32.120 - CVE: Not Available
  • Platform: Web Application
  • Title: nuBuilder "report.php" Remote File Include
  • Description: nuBuilder is a PHP-based database management application. The application is exposed to a remote file include issue because it fails to properly sanitize user-supplied input to the "StartingDirectory" parameter of the "report.php" script. nuBuilder version 10.04.20 is affected.
  • Ref: http://www.securityfocus.com/bid/42027
  • 10.32.121 - CVE: Not Available
  • Platform: Web Application
  • Title: Piwik Remote File Include Issue
  • Description: Piwik is a PHP-based web analytics application. The application is exposed to a remote file include issue because it fails to properly sanitize user-supplied input. Piwik version 0.6 through 0.6.3 are affected.
  • Ref: http://www.securityfocus.com/bid/42031
  • 10.32.122 - CVE: CVE-2009-3492
  • Platform: Web Application
  • Title: Loggix "pathToIndex" Parameter Multiple Remote File Include
  • Description: Loggix is a web-based application. The application is exposed to multiple remote file include issues because it fails to properly sanitize user-supplied input. Loggix versions 9.4.5 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/42057
  • 10.32.123 - CVE: Not Available
  • Platform: Web Application
  • Title: Mantis Attachment HTML Injection
  • Description: Mantis is a web-based bug tracker. The application is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input when uploading an attachment. Successful exploitation of this issue requires the attacker to have permission to upload attachments. Mantis version 1.2.1 is affected.
  • Ref: http://www.mantisbt.org/blog/?p=113
  • 10.32.124 - CVE: Not Available
  • Platform: Web Application
  • Title: PMSoftware Simple Web Server "From:" Header Processing Remote Denial Of Service Issue
  • Description: PMSoftware Simple Web Server is an HTTP server application. PMSoftware Simple Web Server is exposed to a denial of service issue when processing "From:" header requests that contain arbitrary ASCII characters. Simple Web Server version 2.1 is affected.
  • Ref: http://www.securityfocus.com/archive/1/512820
  • 10.32.125 - CVE: CVE-2010-2633
  • Platform: Network Device
  • Title: EMC Disk Library Communication Module Remote Denial of Service
  • Description: EMC Disk Library is a storage appliance. The appliance is exposed to a remote denial of service issue because it fails to handle specially crafted messages sent over TCP. This issue will cause the communication module to crash. EMC Disk Library versions prior to 3.2.7; 3.3.2 and 4.0.1 are affected.
  • Ref: http://www.securityfocus.com/bid/42105
  • 10.32.126 - CVE: Not Available
  • Platform: Network Device
  • Title: D-Link WBR-2310 Web Server HTTP GET Request Remote Buffer Overflow Issue
  • Description: D-Link WBR-2310 is a range-booster device. D-Link WBR-2310 is exposed to an unspecified remote buffer overflow issue because it fails to bounds check user-supplied input before copying it into an insufficiently sized memory buffer. The issue occurs in the device's web server when handling specially crafted HTTP "GET" requests. D-Link WBR-2310 firmware version 1.04 is affected.
  • Ref: http://www.securityfocus.com/archive/1/512821

(c) 2010. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge by the SANS Institute to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.

If you want to be a technology and security leader, this is the course for you!
-Andrew Longsworth, Priscoll's

CISSP Get Certified Program

Latest Whitepapers

Building and Maintaining a &quot;Certifiable&quot; Workforce
By Robert J. Mavretich

How Can You Build and Leverage SNORT IDS Metrics to Reduce Risk?
By Tim Proffitt

Daisy Chain Authentication
By Courtney Imbert

Latest Tweets

NEW #SANS Survey: Security Analytics & Intelligence 2nd [...]
October 1, 2013 - 6:30 PM

Tips on how to convince your boss to let you train online wi [...]
October 1, 2013 - 6:23 PM

#2 Tip on how 2 convince your boss 2 let u train online: Fle [...]
October 1, 2013 - 3:00 PM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"It has really been an eye opener concerning the depth of security training & awareness that SANS has to offer."
- Michael Hall, Drivesavers

"It was a great learning experience that helped open my eyes wider. The instructor's knowledge was fantastic."
- Manuja Wikesekera, Melbourne Cricket Club

"Just amazing content and instruction, it's really a 'must do' for any info sec professional."
- Mark Austin, PHH Mortgage