@RISK: The Consensus Security Vulnerability Alert

Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys

• (1) HIGH: Adobe Reader / Acrobat Font Parsing Buffer Overflow Vulnerability
• (2) HIGH: Mozilla Firefox Multiple Vulnerabilities
• (3) HIGH: Apple Safari Multiple Security Vulnerabilities
• (4) HIGH: Google Chrome Multiple Security Vulnerabilities
• (5) HIGH: Apple iOS Multiple Vulnerabilities

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)

Third Party Windows Apps

• 10.37.1 - HP Operation Agent Privilege Escalation and Remote Code Execution Issues
• 10.37.2 - Tuniac ".pls" File Buffer Overflow issue
• 10.37.3 - Microsoft Internet Explorer CSS Handling Cross-Domain Information Disclosure

Mac Os

• 10.37.4 - Apple Mac OS X Mail Parental Control White List Security Bypass Issue

Linux

• 10.37.5 - Linux Kernel "keyctl_session_to_parent()" Null Pointer Dereference Denial of Service
• 10.37.6 - Linux Kernel "IrDA" Protocol NULL Pointer Dereference Denial of Service Issue
• 10.37.7 - oping Local Information Disclosure
• 10.37.8 - Linux Kernel "irda_bind()" Null Pointer Dereference
• 10.37.9 - Linux Kernel "SIOCGIWSSID" IOCTL Local Information Disclosure Issue
• 10.37.10 - Linux Kernel "XFS_IOC_FSGETXATTR" Information Disclosure Issue

Novell

• 10.37.11 - Novell Netware SSH Remote Buffer Overflow Issue

Cross Platform

• 10.37.12 - Blackboard Transact Multiple Insecure Password Handling Information Disclosure Issues
• 10.37.13 - Zope Unspecified Denial of Service Issue
• 10.37.14 - httpdx "h_readrequest()" Remote Format String
• 10.37.15 - Techlogica HTTP Server Remote File Disclosure
• 10.37.16 - Arno's IPTABLES Firewall IPv6 Detection Remote Security Bypass
• 10.37.17 - Hitachi JP1/Desktop Navigation Unexpected Data Denial Of Service Issue
• 10.37.18 - Google Chrome Multiple Security Vulnerabilities
• 10.37.19 - LDAPUserFolder Emergency User Arbitrary Password Authentication Bypass Issue
• 10.37.20 - ffdshow ".avi" File NULL Pointer Dereference Denial Of Service Issue
• 10.37.21 - Squid Proxy String Processing NULL Pointer Dereference Denial of Service
• 10.37.22 - VLC Media Player "smb://" URI Handler ".xspf" File Buffer Overflow Issue
• 10.37.23 - Weborf HTTP "modURL()" Function Directory Traversal Issue
• 10.37.24 - Todd Miller Sudo Runas Group Local Privilege Escalation Issue

Web Application - Cross Site Scripting

• 10.37.25 - TYPO3 XING Button Extension Unspecified Cross-Site Scripting
• 10.37.26 - AdaptBB "q" Parameter Cross-Site Scripting Issue
• 10.37.27 - TYPO3 The Official Twitter Tweet Button Unspecified Cross-Site Scripting
• 10.37.28 - phpMyAdmin Debug Backtrace Cross-Site Scripting
• 10.37.29 - OneCMS "index.php" Cross-Site Scripting Issue
• 10.37.30 - MySource Matrix "char_map.php" Multiple Cross-Site Scripting Issues

Web Application - SQL Injection

• 10.37.31 - CMS WebManager-Pro "c.php" SQL Injection
• 10.37.32 - A-Blog "sources/search.php" SQL Injection
• 10.37.33 - DMXReady Polling Booth Manager "inc_pollingboothmanager.asp" SQL Injection

Web Application

• 10.37.34 - Pligg CMS SQL Injection and Cross-Site Scripting Issues
• 10.37.35 - Rumba XML "index.php" Multiple HTML Injection Vulnerabilities
• 10.37.36 - Rainbow CMS Multiple Input Validation Vulnerabilities
• 10.37.37 - cPanel "autoinstallhome.php" PHP Restriction Security Bypass
• 10.37.38 - TYPO3 Yet Another Calendar Extension Cross-Site Scripting and SQL Injection Issue
• 10.37.39 - SyndeoCMS Local File Include, Cross-Site Scripting and HTML Injection Vulnerabilities
• 10.37.40 - chillyCMS SQL Injection and Cross-Site Scripting Vulnerabilities
• 10.37.41 - Blue CMS "X-Forwarded-For" Header SQL Injection Issue
• 10.37.42 - DynPage "dynpage_load.php" Local File Disclosure Issue
• 10.37.43 - Zenphoto Multiple Cross-Site Scripting and SQL Injection Vulnerabilities
• 10.37.44 - DMXReady Members Area Manager "membersareamanager.asp" Multiple HTML Injection Issues

PART I Critical Vulnerabilities

Part I for this issue has been compiled by Josh Bronson at TippingPoint, a division of HP, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 37, 2010

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com) This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 9819 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

• 10.37.1 - CVE: CVE-2010-3004,CVE-2010-3005
• Platform: Third Party Windows Apps
• Title: HP Operation Agent Privilege Escalation and Remote Code Execution Issues
• Description: HP Operations Manager is an application for managing IT infrastructure. HP Operation Agent for Windows is exposed to a privilege escalation issue and a remote code execution issue.
• Ref: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02497800

• 10.37.2 - CVE: CVE-2009-3574
• Platform: Third Party Windows Apps
• Title: Tuniac ".pls" File Buffer Overflow issue
• Description: Tuniac is a multimedia application for Microsoft Windows. The application is exposed to a buffer overflow issue because it fails to perform adequate checks on user-supplied input. Specifically, this issue occurs when opening a specially crafted ".pls" file. Tuniac version 090517c is affected.
• Ref: http://www.docstoc.com/docs/39848362/Tuniac-v090517c-PLS-File-Local-Crash-PoC

• 10.37.3 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: Microsoft Internet Explorer CSS Handling Cross-Domain Information Disclosure
• Description: Microsoft Internet Explorer is a web browser for the Microsoft Windows operating system. Microsoft Internet Explorer is exposed to a cross-domain information disclosure issue because the application fails to enforce the same origin policy. Internet Explorer 6, 7, and 8 are affected.
• Ref: http://archives.neohapsis.com/archives/fulldisclosure/current/0066.html

• 10.37.4 - CVE: Not Available
• Platform: Mac Os
• Title: Apple Mac OS X Mail Parental Control White List Security Bypass Issue
• Description: Mail is an email client application for Mac OS X. Apple Mac OS X is exposed to a security bypass issue in Mail. Specifically, the mail client can be tricked into adding email addresses to a user's white list without proper authorization.
• Ref: http://www.securityfocus.com/bid/42904

• 10.37.5 - CVE: CVE-2010-2960
• Platform: Linux
• Title: Linux Kernel "keyctl_session_to_parent()" Null Pointer Dereference Denial of Service
• Description: The Linux kernel is exposed to a NULL pointer dereference denial of service issue that affects the "keyctl_session_to_parent()" function in the "security/keys/keyctl.c" source file. Specifically, if "pam_keyinit()" is not used during the login procedure, the parent session is mistakenly assumed to have a key ring.
• Ref: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-2960

• 10.37.6 - CVE: CVE-2010-2954
• Platform: Linux
• Title: Linux Kernel "IrDA" Protocol NULL Pointer Dereference Denial of Service Issue
• Description: The Linux kernel is exposed to a denial of service issue because the "IrDA" protocol does not properly handle kernel NULL pointer dereference.
• Ref: http://www.securityfocus.com/bid/42936

• 10.37.7 - CVE: Not Available
• Platform: Linux
• Title: oping Local Information Disclosure
• Description: oping is a library package for Linux. oping is exposed to a local information disclosure issue. Specifically, this issue occurs because one of the command line arguments allows the contents of a specified configuration file to be read to the console. oping version 1.3.2-1 is affected.
• Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=548684

• 10.37.8 - CVE: CVE-2010-2954
• Platform: Linux
• Title: Linux Kernel "irda_bind()" Null Pointer Dereference
• Description: The Linux kernel is exposed to a null pointer dereference issue that affects the function "irda_bind()" in "net/irda/af_irda.c" file. Specifically, it fails to properly free "hashbin" attached to the object and reset "ias_obj" pointer to null.
• Ref: http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git;a=commitdiff;h=628e3
  00cccaa628d8fb92aa28cb7530a3d5f2257

• 10.37.9 - CVE: Not Available
• Platform: Linux
• Title: Linux Kernel "SIOCGIWSSID" IOCTL Local Information Disclosure Issue
• Description: The Linux kernel is exposed to a local information disclosure issue that affects the Linux Wireless Extension. This issue occurs because the kernel allows local attackers to use the "SIOCGIWSSID" IOCTL to leak heap memory into user space.
• Ref: http://www.securityfocus.com/bid/42885

• 10.37.10 - CVE: Not Available
• Platform: Linux
• Title: Linux Kernel "XFS_IOC_FSGETXATTR" Information Disclosure Issue
• Description: Linux "XFS_IOC_FSGETXATTR" is an Ioctl (i o control) for the XFS file system. The application is exposed to an information disclosure issue. Specifically, the "XFS_IOC_FSGETXATTR" ioctl allows unprivileged users to read 12 bytes of uninitialized stack memory because "fsxattr struct" declared on the stack in "xfs_ioc_fsgetxattr()" does not alter (or zero) the 12-byte "fsx_pad" member before copying it back to the user.
• Ref: http://www.securityfocus.com/bid/43022

• 10.37.11 - CVE: Not Available
• Platform: Novell
• Title: Novell Netware SSH Remote Buffer Overflow Issue
• Description: Netware is a network operating system from Novell. Netware is exposed to a remote stack-based buffer overflow issue that affects the SSH service. Specifically, the issue occurs in the "SSHD.NLM" module and one of the sub-modules, "SFTP-SVR.NLM". Netware version 6.5 is affected.
• Ref: http://www.securityfocus.com/bid/42875

• 10.37.12 - CVE: Not Available
• Platform: Cross Platform
• Title: Blackboard Transact Multiple Insecure Password Handling Information Disclosure Issues
• Description: Blackboard Transact is a security card module for the Blackboard educational institute system. The application is exposed to multiple information disclosure issues. Blackboard Transact versions prior to 3.6.0.2 are affected.
• Ref: http://www.securityfocus.com

• 10.37.13 - CVE: CVE-2010-3198
• Platform: Cross Platform
• Title: Zope Unspecified Denial of Service Issue
• Description: Zope is a web application server. Zope is exposed to a denial of service issue caused by an unspecified error in certain non default configurations of the application. Zope versions prior to 2.10.12 and Zope 2.11.7 are affected.
• Ref: http://www.securityfocus.com/bid/42939

• 10.37.14 - CVE: CVE-2009-3663
• Platform: Cross Platform
• Title: httpdx "h_readrequest()" Remote Format String
• Description: httpdx is an HTTP/FTP server for Microsoft Windows. The application is exposed to a remote format string issue because it fails to properly sanitize user-supplied input to the "h_readrequest()" function of the "httpdx_src/http.c" script. httpdx version 1.4 is affected.
• Ref: http://httpdx.sourceforge.net/downloads/changelog.log

• 10.37.15 - CVE: Not Available
• Platform: Cross Platform
• Title: Techlogica HTTP Server Remote File Disclosure
• Description: Techlogica HTTP Server is exposed to a remote file disclosure issue that occurs because the application fails to properly handle HTTP requests. Techlogica HTTP Server version 1.03 is affected.
• Ref: http://www.securityfocus.com/bid/42891

• 10.37.16 - CVE: Not Available
• Platform: Cross Platform
• Title: Arno's IPTABLES Firewall IPv6 Detection Remote Security Bypass
• Description: Arno's IPTABLES Firewall is a firewall application. Arno's IPTABLES Firewall is exposed to a security bypass issue because the application fails to properly detect IPv6 network traffic. IPTABLES firewall versions prior to 1.9.2l are affected.
• Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=594326

• 10.37.17 - CVE: Not Available
• Platform: Cross Platform
• Title: Hitachi JP1/Desktop Navigation Unexpected Data Denial Of Service Issue
• Description: Hitachi JP1/Desktop Navigation is exposed to a denial of service issue because it fails to properly handle unexpected data.
• Ref: http://www.securityfocus.com/bid/42882

• 10.37.18 - CVE: Not Available
• Platform: Cross Platform
• Title: Google Chrome Multiple Security Vulnerabilities
• Description: Google Chrome is a web browser for multiple platforms. Google Chrome is exposed to multiple issues. Chrome versions prior to 6.0.472.53 are affected.
• Ref: http://www.googlechromereleases.blogspot.com/2010/09/stable-and-beta-channel-upd
  ates.html

• 10.37.19 - CVE: CVE-2010-2944
• Platform: Cross Platform
• Title: LDAPUserFolder Emergency User Arbitrary Password Authentication Bypass Issue
• Description: LDAPUserFolder is a user folder replacement for Zope to authenticate Zope users against LDAP. The application is exposed to an authentication bypass issue. Specifically, the "authenticate()" function in the "Products/LDAPUserFolder/LDAPUserFolder.py" file does not properly verify the password provided for the emergency user. LDAPUserFolder version 2.9 is affected.
• Ref: http://secunia.com/advisories/41022

• 10.37.20 - CVE: Not Available
• Platform: Cross Platform
• Title: ffdshow ".avi" File NULL Pointer Dereference Denial Of Service Issue
• Description: ffdshow is an open-source audio and video codec. The application is exposed to a remote denial of service issue caused by a NULL pointer dereference. Specifically, the issue occurs when handling maliciously crafted ".avi" files. ffdshow version 1.1.3530.0 is affected.
• Ref: http://www.securityfocus.com/bid/42979

• 10.37.21 - CVE: Not Available
• Platform: Cross Platform
• Title: Squid Proxy String Processing NULL Pointer Dereference Denial of Service
• Description: Squid Web Proxy Cache is an open source proxy server available for a number of platforms. The application is exposed to a remote denial of service issue caused by a NULL pointer dereference error. Squid versions 3.0 to 3.0.STABLE25; 3.1 to 3.1.7 and 3.2 to 3.2.0.1 are affected.
• Ref: http://www.squid-cache.org/Advisories/SQUID-2010_3.txt

• 10.37.22 - CVE: Not Available
• Platform: Cross Platform
• Title: VLC Media Player "smb://" URI Handler ".xspf" File Buffer Overflow Issue
• Description: VLC is a cross-platform multimedia player and framework. VLC is exposed to a buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input. Specifically, this issue occurs when parsing a specially crafted ".xspf" file with the "smb://" URI handler. VLC media player version 1.1.3 is affected.
• Ref: http://www.securityfocus.com/bid/42989

• 10.37.23 - CVE: Not Available
• Platform: Cross Platform
• Title: Weborf HTTP "modURL()" Function Directory Traversal Issue
• Description: Weborf is an HTTP server for the Linux platform. The server is exposed to a directory traversal issue because it fails to sufficiently sanitize user-supplied input in the "modURL()" function. Weborf version 0.12.2 and prior versions are affected.
• Ref: http://www.securityfocus.com/bid/43016

• 10.37.24 - CVE: CVE-2010-2956
• Platform: Cross Platform
• Title: Todd Miller Sudo Runas Group Local Privilege Escalation Issue
• Description: Todd Miller "sudo" is a widely used Linux/UNIX command that allows users to securely run commands as the superuser or as other users. The utility is exposed to a local privilege escalation issue because it fails to properly validate user permissions. Todd Miller "sudo" version 1.7.0 up to and including 1.7.4p3 are affected.
• Ref: http://www.sudo.ws/sudo/alerts/runas_group.html

• 10.37.25 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: TYPO3 XING Button Extension Unspecified Cross-Site Scripting
• Description: XING Button is an extension for the TYPO3 content manager. The extension is exposed to an unspecified cross-site scripting issue because it fails to properly sanitize user-supplied input. XING Button versions prior to 1.0.2 are affected. Ref: http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-018/

• 10.37.26 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: AdaptBB "q" Parameter Cross-Site Scripting Issue
• Description: AdaptBB is a PHP-based bulletin board system. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied data to the "q" parameter of the "index.php" script. AdaptBB version 1.0 is affected.
• Ref: http://www.securityfocus.com/bid/42930

• 10.37.27 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: TYPO3 The Official Twitter Tweet Button Unspecified Cross-Site Scripting
• Description: The official twitter tweet button is an extension for the TYPO3 content manager. The extension is exposed to an unspecified cross-site scripting issue because it fails to properly sanitize user-supplied input. The official twitter tweet button versions prior to 1.0.5 are affected.
• Ref: http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-018/

• 10.37.28 - CVE: CVE-2010-2958
• Platform: Web Application - Cross Site Scripting
• Title: phpMyAdmin Debug Backtrace Cross-Site Scripting
• Description: phpMyAdmin is a web-based administration interface for MySQL databases. phpMyAdmin is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied data to an unspecified parameter in a debug backtrace. phpMyAdmin versions prior to 3.3.6 are affected.
• Ref: http://www.phpmyadmin.net/home_page/security/PMASA-2010-6.php

• 10.37.29 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: OneCMS "index.php" Cross-Site Scripting Issue
• Description: OneCMS is a PHP-based content management system. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied data to the "view" parameter of the "index.php" script. OneCMS version 2.6.1 is affected.
• Ref: http://www.securityfocus.com/bid/42949

• 10.37.30 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: MySource Matrix "char_map.php" Multiple Cross-Site Scripting Issues
• Description: MySource Matrix is a PHP-based content management script. The application is exposed to multiple cross-site scripting issues because it fails to properly sanitize user-supplied input to multiple parameters of the "char_map.php" script. MySource Matrix version 3.28.3 is affected.
• Ref: http://www.securityfocus.com/bid/43020

• 10.37.31 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: CMS WebManager-Pro "c.php" SQL Injection
• Description: CMS WebManager-Pro is a content manager application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
• Ref: http://www.securityfocus.com/archive/1/513485

• 10.37.32 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: A-Blog "sources/search.php" SQL Injection
• Description: A-Blog is a web log application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "words" parameter in the "sources/search.php" script before using it in an SQL query. A-Blog version 2.0 is affected.
• Ref: http://sourceforge.net/projects/a-blog/

• 10.37.33 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: DMXReady Polling Booth Manager "inc_pollingboothmanager.asp" SQL Injection
• Description: DMXReady Polling Booth Manager is a web-based application used to create, edit, and manage online polls. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied input to the "QuestionID" parameter of the "inc_pollingboothmanager.asp" script before using it in an SQL query. DMXReady Polling Booth Manager version 1 is affected.
• Ref: http://www.securityfocus.com/bid/42990

• 10.37.34 - CVE: Not Available
• Platform: Web Application
• Title: Pligg CMS SQL Injection and Cross-Site Scripting Issues
• Description: Pligg CMS is a PHP-based content management application. The application is exposed to multiple security issues because it fails to sufficiently sanitize user supplied input. Pligg CMS version 1.0.4 is affected.
• Ref: http://www.securityfocus.com/bid/42967

• 10.37.35 - CVE: Not Available
• Platform: Web Application
• Title: Rumba XML "index.php" Multiple HTML Injection Vulnerabilities
• Description: Rumba XML is a PHP-based content manager. The application is exposed to multiple HTML injection issues because it fails to properly sanitize user-supplied input to the "sendname" and "senddesc" parameters of the "index.php" script. Rumba XML version 2.4 is affected.
• Ref: http://www.securityfocus.com/archive/1/513462

• 10.37.36 - CVE: Not Available
• Platform: Web Application
• Title: Rainbow CMS Multiple Input Validation Vulnerabilities
• Description: Rainbow CMS is a PHP-based content management system. The application is exposed to multiple issues. Rainbow CMS versions 2.0.0.1881e and 2.0 are affected.
• Ref: http://www.securityfocus.com/bid/42934

• 10.37.37 - CVE: Not Available
• Platform: Web Application
• Title: cPanel "autoinstallhome.php" PHP Restriction Security Bypass
• Description: cPanel is a web hosting control panel. The application is exposed to a security bypass issue that affects the "Show_Notice()" function of the "autoinstallhome.php" script. Specifically, the application allows users to bypass PHP security restrictions, allowing them to gain access to files on the web server. cPanel version 11.25 is affected.
• Ref: http://securitytracker.com/alerts/2010/Sep/1024382.html

• 10.37.38 - CVE: Not Available
• Platform: Web Application
• Title: TYPO3 Yet Another Calendar Extension Cross-Site Scripting and SQL Injection Issue
• Description: Yet Another Calendar "ke_yac" is an extension for the TYPO3 content manager. The extension is exposed to unspecified SQL injection and cross-site scripting issues because it fails to sufficiently sanitize user-supplied data. Yet Another Calendar version 1.1.1 and prior are affected.
• Ref: http://www.securityfocus.com/bid/42945

• 10.37.39 - CVE: Not Available
• Platform: Web Application
• Title: SyndeoCMS Local File Include, Cross-Site Scripting and HTML Injection Vulnerabilities
• Description: SyndeoCMS is a PHP-based content manager. SyndeoCMS is exposed to multiple input validation issues. A local file include issue affects the "theme" parameter of the "starnetcorecon_configuration.inc.php" script. A cross-site scripting issue affects the "email" parameter of the "starnetcorecon_alerts.inc.php" script when "modoption" is set to "save_alert". An HTML injection issue affects the "name" parameter of the "starnetcorecon_alerts.inc.php" script when "modoption" is set to "save_alert".
• Ref: http://www.securityfocus.com/bid/42978

• 10.37.40 - CVE: Not Available
• Platform: Web Application
• Title: chillyCMS SQL Injection and Cross-Site Scripting Vulnerabilities
• Description: chillyCMS is a PHP-based content management application. The application is exposed to multiple issues because it fails to sufficiently sanitize user-supplied input. A cross-site scripting issue affects the "username" field in the "login" page. An SQL injection issue affects the "show.site.php" script. chillyCMS version 1.1.3 is affected.
• Ref: http://frozenpepper.de/chillyCMS/core/show.site.php

• 10.37.41 - CVE: Not Available
• Platform: Web Application
• Title: Blue CMS "X-Forwarded-For" Header SQL Injection Issue
• Description: Blue CMS is a web-based content management system implemented in PHP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "X-Forwarded-For" header.
• Ref: http://www.securityfocus.com/bid/42999

• 10.37.42 - CVE: Not Available
• Platform: Web Application
• Title: DynPage "dynpage_load.php" Local File Disclosure Issue
• Description: DynPage is a web-based content manager implemented in PHP. The application is exposed to a local file disclosure issue because it fails to sufficiently sanitize user-supplied data to the "file" parameter of the "content/dynpage_load.php" script. DynPage version 1.0 is affected.
• Ref: http://www.securityfocus.com/bid/43018

• 10.37.43 - CVE: Not Available
• Platform: Web Application
• Title: Zenphoto Multiple Cross-Site Scripting and SQL Injection Vulnerabilities
• Description: Zenphoto is a PHP-based photo gallery application. The application is exposed to multiple input validation issues because it fails to sufficiently sanitize user-supplied data. Zenphoto version 1.3 is affected.
• Ref: http://www.securityfocus.com/bid/43021

• 10.37.44 - CVE: Not Available
• Platform: Web Application
• Title: DMXReady Members Area Manager "membersareamanager.asp" Multiple HTML Injection Issues
• Description: DMXReady Members Area Manager is an ASP-based content management system. DMXReady Members Area Manager is exposed to multiple HTML injection issues because it fails to properly sanitize user supplied input to the "Address2" and "shipping_Address2" parameters of the "membersareamanager.asp" script. DMXReady Members Area Manager version 2 is affected.
• Ref: http://www.securityfocus.com

(c) 2010. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge by the SANS Institute to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization. For a free subscription or to update a current subscription, visit http://portal.sans.org/