@RISK: The Consensus Security Vulnerability Alert

Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys

• (1) HIGH: Microsoft DRM Technology (msnetobj.dll) ActiveX Multiple Vulnerabilities

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)

Windows

• 10.39.1 - Microsoft .NET Framework ASP.NET Padding Oracle Information Disclosure Issue
• 10.39.2 - Microsoft Paint Memory Corruption Denial Of Service Issue
• 10.39.3 - Microsoft Digital Rights Management "msnetobj.dll" ActiveX Memory Corruption Issue

Third Party Windows Apps

• 10.39.4 - Spiceworks Accept Header Remote Buffer Overflow
• 10.39.5 - Alleycode Multiple META Tags Buffer Overflow Vulnerabilities
• 10.39.6 - Qt "QtCore.dll" DLL Loading Arbitrary Code Execution
• 10.39.7 - WinMod ".lst" File Remote Stack Based Buffer Overflow

Mac Os

• 10.39.8 - Apple Mac OS X AFP Server Password Validation Security Bypass

Linux

• 10.39.9 - Linux Kernel "CHELSIO_GET_QSET_NUM" Information Disclosure
• 10.39.10 - Linux Kernel "TIOCGICOUNT" Information Disclosure
• 10.39.11 - Linux Kernel "EQL_GETMASTRCFG" Information Disclosure
• 10.39.12 - Linux Kernel "DE4X5_GET_REG" Information Disclosure
• 10.39.13 - Linux Kernel "do_io_submit()" Integer Overflow Issue
• 10.39.14 - Linux Kernel Ptrace Local Privilege Escalation
• 10.39.15 - Linux Kernel Rose Protocol "srose_ndigis" Heap Memory Corruption Issue

Novell

• 10.39.16 - Novell PlateSpin Orchestrate Remote Code Execution Issue

Cross Platform

• 10.39.17 - Google Chrome Multiple Security Issues
• 10.39.18 - Python Asyncore Module "accept()" function Remote Denial of Service Issue
• 10.39.19 - HP System Management Homepage Unspecified HTTP Response Splitting Issue
• 10.39.20 - IBM FileNet Application Engine Multiple Issues
• 10.39.21 - Splunk Session Hijacking and Information Disclosure Vulnerabilities
• 10.39.22 - BACnet OPC Client Buffer Overflow
• 10.39.23 - IBM DB2 prior to 9.7 Fix Pack 3 Multiple Security Vulnerabilities
• 10.39.24 - SmarterMail Directory Traversal
• 10.39.25 - Alcatel Lucent OmniTouch Contact Center Security Bypass and Information Disclosure Issues
• 10.39.26 - Multiple Mozilla Products "XMLHttpRequest" Cross-Domain Information Disclosure
• 10.39.27 - Mozilla Firefox, Thunderbird, and SeaMonkey "normalizeDocument" Remote Code Execution Issue
• 10.39.28 - TUFaT myBackup MyBackup Information Disclosure and Remote File Include Vulnerabilities
• 10.39.29 - Ada Image Server "GET" Request Remote Buffer Overflow
• 10.39.30 - Hitachi JP1/NETM/Remote Control Agent File Transfer Feature Security Bypass
• 10.39.31 - LibTIFF "tiff" File Memory Corruption Issue

Web Application - Cross Site Scripting

• 10.39.32 - 3Com OfficeConnect Gigabit VPN Firewall (3CREVF100-73) Cross-Site Scripting
• 10.39.33 - ATutor Multiple "cid" Parameter Cross-Site Scripting Vulnerabilities
• 10.39.34 - Mollify "index.php" Cross-Site Scripting
• 10.39.35 - IBM FileNet Application Engine Open Redirection and Cross-Site Scripting Vulnerabilities
• 10.39.36 - x10 Media Automatic MP3 Search Engine Multiple Cross-Site Scripting Vulnerabilities
• 10.39.37 - HP System Management Homepage (SMH) Cross-Site Scripting Issue
• 10.39.38 - Gonafish WebStatCaffe Multiple Cross-Site Scripting Vulnerabilities
• 10.39.39 - @Mail "MailType" Parameter Cross-Site Scripting
• 10.39.40 - WebAsyst Shop-Script PREMIUM "searchstring" Parameter Cross-Site Scripting

Web Application - SQL Injection

• 10.39.41 - e107 Multiple SQL Injection Vulnerabilities
• 10.39.42 - LightNEasy "LightNEasy.php" SQL Injection
• 10.39.43 - Drupal Yr Weatherdata Module "sort" Method SQL Injection
• 10.39.44 - AbuShhab Alwasel "id" Parameter Multiple SQL Injection Vulnerabilities
• 10.39.45 - Smart ASP Survey "catid" SQL Injection
• 10.39.46 - Limny "CheckLogin()" Function SQL Injection Issue
• 10.39.47 - FreePBX "admin/cdr/call-comp.php" Multiple SQL Injection Issues

Web Application

• 10.39.48 - Mantis Multiple HTML Injection Vulnerabilities
• 10.39.49 - PHP MicroCMS Local File Include and SQL Injection Vulnerabilities
• 10.39.50 - Drupal Advanced Book Blocks HTML Injection and Cross-Site Request Forgery Vulnerabilities
• 10.39.51 - Drupal Advanced Taxonomy Blocks Module HTML Injection and Cross-Site Request Forgery Issues
• 10.39.52 - Drupal "Mollom" Module Information Disclosure
• 10.39.53 - OTRS Core System Multiple Cross-Site Scripting and Denial of Service Vulnerabilities
• 10.39.54 - mojoportal HTML Injection
• 10.39.55 - PHP Affiliate Script SQL Injection and Cross-Site Scripting Issues
• 10.39.56 - UseBB Forum and Topic Feed Security Bypass
• 10.39.57 - PHPMyFamily Multiple Remote Issues
• 10.39.58 - Maian Gallery Directory Traversal
• 10.39.59 - OpenCart "fckeditor" Arbitrary File Upload Issue
• 10.39.60 - Willscript.com Forum Script Multiple HTML Injection Issues
• 10.39.61 - OpenNews SQL Injection and Code Execution Issue
• 10.39.62 - Ultrize TimeSheet "downloadFile.php" Directory Traversal
• 10.39.63 - cmsphp Local File Include and Cross-Site Scripting Issues
• 10.39.64 - Really Simple CMS "pagecontent.php" Local File Include
• 10.39.65 - Collabtive Arbitrary File/Folder Delete Security Bypass
• 10.39.66 - CollabNet Subversion Edge Log Parser HTML Injection

Network Device

• 10.39.67 - Ipswitch IMail Server List Mailer "imailsrv.exe" Memory Corruption Denial of Service Issue
• 10.39.68 - NitroSecurity NitroView Enterprise Security Manager (ESM) Local Privilege Escalation
• 10.39.69 - Alcatel Lucent OmniVista 4760 HTTP Proxy Remote Buffer Overflow Issue
• 10.39.70 - Hitachi Groupmax/Schedule Server Unspecified Denial of Service and Security Bypass Issues

PART I Critical Vulnerabilities

Part I for this issue has been compiled by Josh Bronson at TippingPoint, a division of HP, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 39, 2010

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com) This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 10135 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

• 10.39.1 - CVE: CVE-2010-3332
• Platform: Windows
• Title: Microsoft .NET Framework ASP.NET Padding Oracle Information Disclosure Issue
• Description: Microsoft ASP.NET is a collection of technologies within the .NET Framework that allows development of web applications and web services. Microsoft .NET Framework is exposed to an information disclosure issue that affects ASP.NET. Microsoft .NET Framework versions 4.0 and prior are affected.
• Ref: http://www.securityfocus.com/bid/43316/references

• 10.39.2 - CVE: Not Available
• Platform: Windows
• Title: Microsoft Paint Memory Corruption Denial Of Service Issue
• Description: Microsoft Paint is a graphics application available for Microsoft Windows. Microsoft Paint is exposed to a denial of service issue due to a memory corruption error when processing specially crafted ".bmp" files.
• Ref: http://www.securityfocus.com/bid/43322

• 10.39.3 - CVE: Not Available
• Platform: Windows
• Title: Microsoft Digital Rights Management "msnetobj.dll" ActiveX Memory Corruption Issue
• Description: Microsoft Digital Rights Management is a media rights manager for the Microsoft Windows operating system. Microsoft Digital Rights Management is exposed to a memory corruption issue that affects the "GetLicenseFromURLAsync()" method of the "msnetobj.dll" ActiveX control. Specifically, the application fails to validate input passed to the affected method of the ActiveX control identified by CLSID:A9FC132B-096D-460B-B7D5-1DB0FAE0C062
• Ref: http://www.securityfocus.com/bid/43345

• 10.39.4 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: Spiceworks Accept Header Remote Buffer Overflow
• Description: Spiceworks is a network management application available for Microsoft Windows. The application is exposed to a remote buffer overflow issue that occurs when processing an HTTP request containing a specially crafted "Accept" header. Spiceworks version 3.6.33156 is affected.
• Ref: http://community.spiceworks.com/topic/74080

• 10.39.5 - CVE: CVE-2009-3708
• Platform: Third Party Windows Apps
• Title: Alleycode Multiple META Tags Buffer Overflow Vulnerabilities
• Description: Alleycode is an HTML editor available for Microsoft Windows. The application is exposed to multiple buffer overflow issues because it fails to perform adequate checks on user-supplied input. Alleycode version 2.21 is affected.
• Ref: http://www.securityfocus.com/bid/43342

• 10.39.6 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: Qt "QtCore.dll" DLL Loading Arbitrary Code Execution
• Description: Qt is a cross-platform application development framework for GUI programs. Qt is exposed to an issue that lets attackers execute arbitrary code. Qt version 4.6.3 is affected.
• Ref: http://blogs.technet.com/b/msrc/archive/2010/08/21/microsoft-security-advisory-2
  269637-released.aspx

• 10.39.7 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: WinMod ".lst" File Remote Stack Based Buffer Overflow
• Description: WinMod is a media player available for Microsoft Windows. The application is exposed to a remote stack-based buffer overflow issue because it fails to perform adequate checks on user-supplied input. WinMod version 1.4 is affected.
• Ref: http://www.securityfocus.com/bid/43367

• 10.39.8 - CVE: CVE-2010-1820
• Platform: Mac Os
• Title: Apple Mac OS X AFP Server Password Validation Security Bypass
• Description: Apple Filing Protocol (AFP) Server is an application that provides file services, including uploading and downloading files onto users' computers. Apple Mac OS X is exposed to a security bypass issue that affects AFP Server. Mac OS X versions 10.6 through 10.6.4 and Mac OS X Server versions 10.6 through 10.6.4 are affected.
• Ref: http://www.securityfocus.com/bid/43341

• 10.39.9 - CVE: Not Available
• Platform: Linux
• Title: Linux Kernel "CHELSIO_GET_QSET_NUM" Information Disclosure
• Description: The Linux kernel is exposed to an information disclosure issue that occurs because the "addr" member of the "ch_reg" struct declared on the stack in the "cxgb_extension_ioctl()" function is not cleared before being copied back to the user.
• Ref: http://lkml.org/lkml/2010/9/11/170

• 10.39.10 - CVE: Not Available
• Platform: Linux
• Title: Linux Kernel "TIOCGICOUNT" Information Disclosure
• Description: The Linux kernel is exposed to an information disclosure issue that occurs because the "TIOCGICOUNT" device ioctl allows unprivileged users to read 9 bytes of uninitialized stack memory.
• Ref: https://bugzilla.redhat.com/show_bug.cgi?id=633140

• 10.39.11 - CVE: Not Available
• Platform: Linux
• Title: Linux Kernel "EQL_GETMASTRCFG" Information Disclosure
• Description: The Linux kernel is exposed to an information disclosure issue because the "EQL_GETMASTRCFG" device ioctl allows unprivileged users to read 16 bytes of uninitialized stack memory. Successful exploits may allow attackers to obtain potentially sensitive information on the stack that may aid in other attacks.
• Ref: http://lkml.org/lkml/2010/9/11/168

• 10.39.12 - CVE: Not Available
• Platform: Linux
• Title: Linux Kernel "DE4X5_GET_REG" Information Disclosure
• Description: The Linux kernel is exposed to an information disclosure issue that occurs because the "DE4X5_GET_REG" device's IOCTL allows unauthorized users to read 32 bytes of uninitialized stack memory.
• Ref: http://lkml.org/lkml/2010/9/11/169

• 10.39.13 - CVE: CVE-2010-3067
• Platform: Linux
• Title: Linux Kernel "do_io_submit()" Integer Overflow Issue
• Description: The Linux kernel is exposed to an integer overflow issue because it fails to properly validate user-supplied input. Specifically, the issue occurs during a multiplication operation in the "do_io_submit()" function of the "fs/aio.c" source file.
• Ref: http://www.securityfocus.com/bid/43353

• 10.39.14 - CVE: CVE-2010-3301
• Platform: Linux
• Title: Linux Kernel Ptrace Local Privilege Escalation
• Description: The Linux kernel is exposed to a local privilege escalation issue. Local attackers can exploit this issue to execute arbitrary code with kernel level privileges.
• Ref: https://access.redhat.com/kb/docs/DOC-40330

• 10.39.15 - CVE: CVE-2010-3310
• Platform: Linux
• Title: Linux Kernel Rose Protocol "srose_ndigis" Heap Memory Corruption Issue
• Description: Linux Kernel is prone to a heap-based memory corruption issue due to a signedness error in the remote operations service element (ROSE) protocol implementation. Specifically, this issue affects the "srose_ndigis" field of the "sockaddr_rose" structure. The user supplied value of the "srose_ndigis" field is used as a maximum index to read from and write into an array of "ROSE_MAX_DIGIS" size.
• Ref: http://www.securityfocus.com/bid/43368

• 10.39.16 - CVE: Not Available
• Platform: Novell
• Title: Novell PlateSpin Orchestrate Remote Code Execution Issue
• Description: Novell PlateSpin Orchestrate is a data center management tool. Novell PlateSpin Orchestrate is exposed to a remote code execution issue because it fails to sufficiently validate user-supplied data passed to the component used for rendering graphs.
• Ref: http://www.securityfocus.com/bid/43242

• 10.39.17 - CVE: Not Available
• Platform: Cross Platform
• Title: Google Chrome Multiple Security Issues
• Description: Google Chrome is a web browser for multiple platforms. Google Chrome is exposed to multiple security issues. Google Chrome version prior to 6.0.472.59 are affected.
• Ref: http://www.securityfocus.com/bid/43228

• 10.39.18 - CVE: Not Available
• Platform: Cross Platform
• Title: Python Asyncore Module "accept()" function Remote Denial of Service Issue
• Description: Python is a programming language available for multiple platforms. Assyncore is a module for Python. The Asyncore module for Python is exposed to a denial of service issue. This issue occurs when handling an error in the "accept()" function.
• Ref: http://www.securityfocus.com/bid/43233

• 10.39.19 - CVE: CVE-2010-3011
• Platform: Cross Platform
• Title: HP System Management Homepage Unspecified HTTP Response Splitting Issue
• Description: HP System Management Homepage provides a web-based management interface for ProLiant and Integrity servers. The application is exposed to an HTTP response splitting issue that affects unspecified parameters because it fails to properly sanitize user-supplied input before using it in an HTTP response. HP System Management Homepage versions prior to 6.2 are affected.
• Ref: http://www.securityfocus.com/bid/43269

• 10.39.20 - CVE: Not Available
• Platform: Cross Platform
• Title: IBM FileNet Application Engine Multiple Issues
• Description: The IBM FileNet Application Engine is a component of the FileNet Platform. The engine is exposed to multiple remote issues. IBM FileNet Application Engine versions prior to 4.0.2.7-P8AE-FP007 are affected.
• Ref: http://www.securityfocus.com/bid/43271

• 10.39.21 - CVE: CVE-2010-3323, CVE-2010-3322
• Platform: Cross Platform
• Title: Splunk Session Hijacking and Information Disclosure Vulnerabilities
• Description: Splunk is an IT infrastructure monitoring system. Splunk is exposed to multiple issues. An attacker can exploit these vulnerabilities to gain access to the affected application, obtain sensitive information, or possibly perform actions with elevated privileges. Splunk versions prior to 4.1.5 are affected.
• Ref: http://www.splunk.com/view/SP-CAAAFQ6

• 10.39.22 - CVE: Not Available
• Platform: Cross Platform
• Title: BACnet OPC Client Buffer Overflow
• Description: BACnet OPC Client is an application used to communicate with the OPC complaint server. The application is exposed to a buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data.
• Ref: http://www.securityfocus.com/bid/43289

• 10.39.23 - CVE: Not Available
• Platform: Cross Platform
• Title: IBM DB2 prior to 9.7 Fix Pack 3 Multiple Security Vulnerabilities
• Description: IBM DB2 is a database manager. The application is exposed to multiple security bypass issues. Successful exploits of these issues will allow attackers to bypass certain restriction, perform unauthorized actions, and gain elevated privileges in the database. IBM DB2 9.7 Fix Pack 2 and prior versions are affected.
• Ref: http://www-01.ibm.com/support/docview.wss?uid=swg21446455

• 10.39.24 - CVE: Not Available
• Platform: Cross Platform
• Title: SmarterMail Directory Traversal
• Description: SmarterMail is a mail server application. The application is exposed to a directory traversal issue that can be exploited by providing directory traversal strings in the URI. SmarterMail version 7.1.3876 is affected.
• Ref: http://www.securityfocus.com/bid/43324

• 10.39.25 - CVE: CVE-2010-3280,CVE-2010-3279
• Platform: Cross Platform
• Title: Alcatel Lucent OmniTouch Contact Center Security Bypass and Information Disclosure Issues
• Description: Alcatel-Lucent OmniTouch Contact Center is an application that provides call center solutions. The application is exposed to multiple security issues. OmniTouch Contact Center Standard Edition versions prior to 9.0.8.4 are affected.
• Ref: http://www.securityfocus.com/archive/1/513869

• 10.39.26 - CVE: CVE-2010-2764
• Platform: Cross Platform
• Title: Multiple Mozilla Products "XMLHttpRequest" Cross-Domain Information Disclosure
• Description: Firefox is a browser. SeaMonkey is a suite of applications that includes a browser and an email client. Thunderbird is an email client. All three applications are available for multiple platforms. The applications are exposed to a cross-domain information disclosure issue because the applications fail to enforce the same-origin policy. Firefox versions prior to 3.6.9 and 3.5.12, Thunderbird versions prior to 3.1.3 and 3.0.7 and SeaMonkey versions prior to 2.0.7 are affected.
• Ref: http://www.securityfocus.com/bid/43104

• 10.39.27 - CVE: CVE-2010-2766,CVE-2010-2765
• Platform: Cross Platform
• Title: Mozilla Firefox, Thunderbird, and SeaMonkey "normalizeDocument" Remote Code Execution Issue
• Description: Firefox is a browser. SeaMonkey is a suite of applications that includes a browser and an email client. Thunderbird is an email client. All three applications are available for multiple platforms. Firefox, Thunderbird and SeaMonkey are exposed to a remote code execution issue when normalizing a document. Specifically, this issue occurs because the applications may attempt to access deleted objects when normalizing a specially crafted webpage. This issue is fixed in: Firefox 3.6.9, Firefox 3.5.12, Thunderbird 3.1.3 Thunderbird 3.0.7 and SeaMonkey 2.0.7
• Ref: http://www.mozilla.org/security/announce/

• 10.39.28 - CVE: CVE-2009-4978,CVE-2009-4977
• Platform: Cross Platform
• Title: TUFaT myBackup MyBackup Information Disclosure and Remote File Include Vulnerabilities
• Description: myBackup is a website and database backup application. myBackup is exposed to multiple issues because it fails to properly sanitize user-supplied input and restrict access to sensitive files. TUFaT myBackup version 1.4.0 is affected.
• Ref: http://www.securityfocus.com/bid/43204

• 10.39.29 - CVE: Not Available
• Platform: Cross Platform
• Title: Ada Image Server "GET" Request Remote Buffer Overflow
• Description: Ada Image Server is an image gallery server for Microsoft Windows. Ada Image Server is exposed to a remote buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input before copying it to an insufficiently sized memory buffer. Ada Image Server versions 0.6.7 and earlier are affected.
• Ref: http://sourceforge.net/projects/adaimgsvr/

• 10.39.30 - CVE: Not Available
• Platform: Cross Platform
• Title: Hitachi JP1/NETM/Remote Control Agent File Transfer Feature Security Bypass
• Description: Hitachi JP1/NETM/Remote Control Agent is exposed to a security bypass issue due to an unspecified error in the file transfer feature.
• Ref: http://www.hitachi.co.jp/Prod/comp/soft1/global/prod/jp1/

• 10.39.31 - CVE: CVE-2010-3087
• Platform: Cross Platform
• Title: LibTIFF "tiff" File Memory Corruption Issue
• Description: LibTIFF is a library for reading and manipulating Tag Image File Format (TIFF) files. It is freely available for Microsoft Windows and UNIX-like operating systems. LibTIFF is exposed to a remote memory corruption issue because it fails to properly handle specially crafted "tiff" files.
• Ref: http://www.securityfocus.com/bid/43366/references

• 10.39.32 - CVE: CVE-2010-3010
• Platform: Web Application - Cross Site Scripting
• Title: 3Com OfficeConnect Gigabit VPN Firewall (3CREVF100-73) Cross-Site Scripting
• Description: 3Com OfficeConnect Gigabit VPN Firewall (3CREVF100-73) uses a web-based management interface and is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input. 3Com OfficeConnect Gigabit VPN Firewall (3CREVF100-73) with firmware versions prior to 1.0.13 are affected.
• Ref: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02507909

• 10.39.33 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: ATutor Multiple "cid" Parameter Cross-Site Scripting Vulnerabilities
• Description: ATutor is an academic content management application. The application is exposed to multiple cross-site scripting issues because it fails to properly sanitize user-supplied input. ATutor version 1.0 is affected.
• Ref: http://www.htbridge.ch/advisory/xss_vulnerability_in_atutor_edit_content_folder.
  html

• 10.39.34 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: Mollify "index.php" Cross-Site Scripting
• Description: Mollify is a web file manager. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied data to the "confirm" parameter of the "index.php" script. Mollify version 1.6 is affected.
• Ref: http://www.securityfocus.com/bid/43262

• 10.39.35 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: IBM FileNet Application Engine Open Redirection and Cross-Site Scripting Vulnerabilities
• Description: IBM FileNet is a unified platform for enterprise content management. The application is exposed to multiple security issues. IBM FileNet Application Engine versions prior to 3.5.1-021 are affected.
• Ref: http://www-01.ibm.com/software/data/content-management/filenet-p8-platform/

• 10.39.36 - CVE: CVE-2009-3153
• Platform: Web Application - Cross Site Scripting
• Title: x10 Media Automatic MP3 Search Engine Multiple Cross-Site Scripting Vulnerabilities
• Description: x10 Media Automatic MP3 Search Engine is a PHP-based web application. The application is exposed to multiple cross-site scripting issues because it fails to properly sanitize user-supplied input. x10 Media Automatic MP3 Search Engine version 1.6.5 is affected.
• Ref: http://www.securityfocus.com/bid/43336

• 10.39.37 - CVE: CVE-2010-3012
• Platform: Web Application - Cross Site Scripting
• Title: HP System Management Homepage (SMH) Cross-Site Scripting Issue
• Description: HP System Management Homepage (SMH) provides a web-based management interface for ProLiant and Integrity servers. HP System Management Homepage (SMH) is exposed to an unspecified cross-site scripting issue because it fails to sanitize user-supplied input. HP System Management Homepage versions prior to 6.2 are affected.
• Ref: http://www.securityfocus.com/archive/1/513840

• 10.39.38 - CVE: CVE-2009-4717
• Platform: Web Application - Cross Site Scripting
• Title: Gonafish WebStatCaffe Multiple Cross-Site Scripting Vulnerabilities
• Description: Gonafish WebStatCaffe is a PHP-based website monitoring application. The application is exposed to multiple cross-site scripting issues because it fails to properly sanitize user-supplied input.
• Ref: http://www.securityfocus.com/bid/43339

• 10.39.39 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: @Mail "MailType" Parameter Cross-Site Scripting
• Description: @Mail is a webmail application. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied data to the "MailType" parameter of the "index.php" script during the login process. @Mail version 6.1.9 is affected.
• Ref: http://www.securityfocus.com/archive/1/513890

• 10.39.40 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: WebAsyst Shop-Script PREMIUM "searchstring" Parameter Cross-Site Scripting
• Description: Shop-Script PREMIUM is a PHP-based e-commerce application. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied data to the "searchstring" parameter of the "index.php" script. Shop-Script PREMIUM is affected.
• Ref: http://www.securityfocus.com/bid/43380

• 10.39.41 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: e107 Multiple SQL Injection Vulnerabilities
• Description: e107 is a PHP-based web application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to certain parameters of the "wmessage.php" and "download.php" scripts before using it in an SQL query. e107 version 0.7.23 is affected.
• Ref: http://www.htbridge.ch/advisory/sql_injection_vulnerability_in_e107_1.html

• 10.39.42 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: LightNEasy "LightNEasy.php" SQL Injection
• Description: LightNEasy is a content management system. The application is exposed to an SQL injection issue that affects the "LightNEasy.php" script. The issue occurs because the "$_POST["handle"]" parameter in the "common.php" source file is not sufficiently sanitized. LightNEasy version 3.2.1 is affected.
• Ref: http://www.securityfocus.com/bid/43330

• 10.39.43 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Drupal Yr Weatherdata Module "sort" Method SQL Injection
• Description: Yr Weatherdata "yr_verdata" is a module for the Drupal content manager. The module is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data when setting the "sort" method before using it in an SQL query. yr_verdata 6.x versions prior to 6.x-1.6 are affected.
• Ref: http://drupal.org/node/905686

• 10.39.44 - CVE: CVE-2009-4862
• Platform: Web Application - SQL Injection
• Title: AbuShhab Alwasel "id" Parameter Multiple SQL Injection Vulnerabilities
• Description: AbuShhab Alwasel is a PHP-based directory application. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "xml.php" and "show.php" scripts. Alwasel version 1.5 is affected.
• Ref: http://xforce.iss.net/xforce/xfdb/52326

• 10.39.45 - CVE: CVE-2009-2776
• Platform: Web Application - SQL Injection
• Title: Smart ASP Survey "catid" SQL Injection
• Description: Smart ASP Survey is an ASP-based survey application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied input to the "catid" parameter of the "showresult.asp" script.
• Ref: http://www.securityfocus.com/bid/43370

• 10.39.46 - CVE: CVE-2009-4722
• Platform: Web Application - SQL Injection
• Title: Limny "CheckLogin()" Function SQL Injection Issue
• Description: Limny is a PHP-based content management system. The application is exposed to an SQL injection issue because the "CheckLogin()" function in the "includes/functions.php" script fails to sufficiently sanitize user-supplied data to the "username" parameter before using it in an SQL query. Limny version 1.01 is affected.
• Ref: http://www.securityfocus.com/bid/43371

• 10.39.47 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: FreePBX "admin/cdr/call-comp.php" Multiple SQL Injection Issues
• Description: FreePBX is a web-based configuration tool for the open source Asterisk PBX; it is implemented in PHP. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied input before it is used in an SQL query.
• Ref: http://www.securityfocus.com/bid/43375

• 10.39.48 - CVE: Not Available
• Platform: Web Application
• Title: Mantis Multiple HTML Injection Vulnerabilities
• Description: Mantis is a PHP-based web application. The application is exposed to multiple HTML injection issues because it fails to properly sanitize user-supplied input. Mantis versions prior to 1.2.3 are affected.
• Ref: http://www.mantisbt.org/bugs/changelog_page.php?version_id=111

• 10.39.49 - CVE: Not Available
• Platform: Web Application
• Title: PHP MicroCMS Local File Include and SQL Injection Vulnerabilities
• Description: PHP MicroCMS is a PHP-based content manager. The application is exposed to multiple input validation issues. PHP MicroCMS version 1.0.1 is affected.
• Ref: http://www.securityfocus.com/bid/43232

• 10.39.50 - CVE: Not Available
• Platform: Web Application
• Title: Drupal Advanced Book Blocks HTML Injection and Cross-Site Request Forgery Vulnerabilities
• Description: Advanced Book Blocks is a module for the Drupal content manager. The module is exposed to multiple security issues. Advanced Book Blocks versions prior to 6.x-2.2 are affected.
• Ref: http://drupal.org/node/912708

• 10.39.51 - CVE: Not Available
• Platform: Web Application
• Title: Drupal Advanced Taxonomy Blocks Module HTML Injection and Cross-Site Request Forgery Issues
• Description: Advanced Taxonomy Blocks is a module for the Drupal content manager. The module is exposed to multiple security issues. Advanced Taxonomy Blocks versions prior to 6.x-3.4 are affected.
• Ref: http://www.securityfocus.com/bid/43252

• 10.39.52 - CVE: Not Available
• Platform: Web Application
• Title: Drupal "Mollom" Module Information Disclosure
• Description: Mollom is a module for the Drupal content manager. The module is exposed to an information disclosure weakness because it logs sensitive user data through calls to Drupal's watchdog API. Mollom 6.x versions prior to 6.x-1.14 and 7.x alpha release are affected.
• Ref: http://drupal.org/node/912412

• 10.39.53 - CVE: CVE-2010-2080
• Platform: Web Application
• Title: OTRS Core System Multiple Cross-Site Scripting and Denial of Service Vulnerabilities
• Description: OTRS (Open Ticket Request System) is a Perl-based application for managing support tickets. The application is exposed to multiple issues. An attacker may leverage these issues to cause denial of service conditions or to execute arbitrary script code. OTRS versions prior to 2.3.6 and 2.4.8 are affected.
• Ref: http://otrs.org/advisory/OSA-2010-02-en/

• 10.39.54 - CVE: Not Available
• Platform: Web Application
• Title: mojoportal HTML Injection
• Description: mojoportal is an application used to build web portals using ASP. The application is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input to the "User ID" field in the "/Secure/Register.aspx" script. mojoportal version 2.3.4.3 is affected.
• Ref: http://www.securityfocus.com/bid/43268

• 10.39.55 - CVE: CVE-2009-4985,CVE-2009-4984
• Platform: Web Application
• Title: PHP Affiliate Script SQL Injection and Cross-Site Scripting Issues
• Description: PHP Affiliate Script is a PHP based e-commerce application. The application is exposed to the multiple security issues because it fails to sufficiently sanitize user-supplied input. PHP Affiliate Script version 1.4 is affected.
• Ref: http://www.securityfocus.com/bid/43277

• 10.39.56 - CVE: Not Available
• Platform: Web Application
• Title: UseBB Forum and Topic Feed Security Bypass
• Description: UseBB is a PHP-based forum application. The application is exposed to a security bypass issue because it fails to properly verify the identity of a user and incorrectly enforces access permissions to forum and topic feeds. UseBB versions prior to 1.0.11 are affected.
• Ref: http://www.usebb.net/community/topic.php?id=2501

• 10.39.57 - CVE: Not Available
• Platform: Web Application
• Title: PHPMyFamily Multiple Remote Issues
• Description: PHPMyFamily is a web-based genealogy application. The application is exposed to multiple issues. PHPMyFamily versions 1.42 and prior are affected.
• Ref: http://www.securityfocus.com/bid/43293

• 10.39.58 - CVE: Not Available
• Platform: Web Application
• Title: Maian Gallery Directory Traversal
• Description: Maian Gallery is a web-based photo gallery application. The application is exposed to a directory traversal issue that affects the "mgallery_theme_cookie" cookie parameter. Maian Gallery version 2 is affected.
• Ref: http://www.securityfocus.com/bid/43321

• 10.39.59 - CVE: Not Available
• Platform: Web Application
• Title: OpenCart "fckeditor" Arbitrary File Upload Issue
• Description: OpenCart is a shopping cart application implemented in PHP. The application is exposed to an arbitrary file upload issue because it fails to properly sanitize user-supplied input. Specifically, this issue affects the "admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html" script of the "fckeditor" component. OpenCart version 1.4.9.1 is affected.
• Ref: http://www.securityfocus.com/bid/43325/references

• 10.39.60 - CVE: Not Available
• Platform: Web Application
• Title: Willscript.com Forum Script Multiple HTML Injection Issues
• Description: Willscript.com Forum Script is a web-based application. The application is exposed to multiple HTML injection issues because it fails to sufficiently sanitize user-supplied data when creating a topic or posting an answer.
• Ref: http://www.securityfocus.com/bid/43162/references

• 10.39.61 - CVE: CVE-2009-2736,CVE-2009-2735
• Platform: Web Application
• Title: OpenNews SQL Injection and Code Execution Issue
• Description: OpenNews is a PHP-based news application. The application is exposed to multiple input validation issues because it fails to sufficiently sanitize user-supplied data. OpenNews version 1.0 is affected.
• Ref: http://www.securityfocus.com/bid/43164

• 10.39.62 - CVE: CVE-2009-3151
• Platform: Web Application
• Title: Ultrize TimeSheet "downloadFile.php" Directory Traversal
• Description: Ultrize TimeSheet is a web-based client billing management system. The application is exposed to a directory traversal issue because the "readfile()" function fails to sufficiently sanitize user-supplied input to the "fileName" parameter of the "actions/downloadFile.php" script before using it to read files. Ultrize TimeSheet version 1.2.2 is affected.
• Ref: http://www.securityfocus.com/bid/43308

• 10.39.63 - CVE: CVE-2009-3506
• Platform: Web Application
• Title: cmsphp Local File Include and Cross-Site Scripting Issues
• Description: cmsphp is a PHP-based content management application. The application is exposed to multiple security issue because it fails to properly sanitize user-supplied input. cmsphp version 0.21 is affected.
• Ref: http://www.securityfocus.com/bid/43311

• 10.39.64 - CVE: CVE-2009-2792
• Platform: Web Application
• Title: Really Simple CMS "pagecontent.php" Local File Include
• Description: Really Simple CMS is a PHP-based content manager. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "PT" parameter of the "plugings/pagecontent.php" script. Really Simple CMS version 0.3a is affected.
• Ref: http://www.securityfocus.com/bid/43309

• 10.39.65 - CVE: Not Available
• Platform: Web Application
• Title: Collabtive Arbitrary File/Folder Delete Security Bypass
• Description: Collabtive is open-source collaboration software. Collabtive is exposed to a security bypass issue caused by an unspecified error that allows an attacker to delete arbitrary files and folders. Collabtive versions prior to 0.6.1 are affected.
• Ref: http://www.securityfocus.com/bid/43344

• 10.39.66 - CVE: Not Available
• Platform: Web Application
• Title: CollabNet Subversion Edge Log Parser HTML Injection
• Description: CollabNet Subversion Edge is a free, open-source web application. CollabNet Subversion Edge is exposed to an HTML injection issue because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. CollabNet Subversion Edge version 1.2.0 is affected.
• Ref: http://www.securityfocus.com/archive/1/513888

• 10.39.67 - CVE: Not Available
• Platform: Network Device
• Title: Ipswitch IMail Server List Mailer "imailsrv.exe" Memory Corruption Denial of Service Issue
• Description: Ipswitch IMail Server is an email server that serves clients their mail through a web interface. It runs on Microsoft Windows. Ipswitch IMail Server is exposed to a denial of service issue because it fails to properly validate user-supplied data. Ipswitch IMail Server versions prior to 11.02 Patch 2 are affected.
• Ref: http://www.securityfocus.com/bid/43279

• 10.39.68 - CVE: Not Available
• Platform: Network Device
• Title: NitroSecurity NitroView Enterprise Security Manager (ESM) Local Privilege Escalation
• Description: NitroView Enterprise Security Manager (ESM) is a Unified Security Management appliance. The device is exposed to a local privilege escalation issue due to an input validation error in the management interface. NitroView Enterprise Security Manager (ESM) firmware version 8.4.0 is affected.
• Ref: http://nitrosecurity.com/products/nitroview/#specs

• 10.39.69 - CVE: CVE-2010-3281
• Platform: Network Device
• Title: Alcatel Lucent OmniVista 4760 HTTP Proxy Remote Buffer Overflow Issue
• Description: Alcatel Lucent OmniVista 4760 is an interface for managing OmniPCX PBX devices. OmniVista 4760 is exposed to a remote buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. Specifically, the software fails to handle overly large HTTP "GET" requests passed to the internal proxy. OmniVista 4760 versions prior to R5.1.06.03.c_Patch3 are affected.
• Ref: http://www.securityfocus.com/archive/1/513866

• 10.39.70 - CVE: Not Available
• Platform: Network Device
• Title: Hitachi Groupmax/Schedule Server Unspecified Denial of Service and Security Bypass Issues
• Description: Multiple Hitachi products are exposed to unspecified denial of service and security bypass issues. Specifically, these issues affect the Groupmax Scheduler Server and Groupmax Facilities Manager components of the products. The following products are affected: Hitachi Groupmax Groupware Server, Hitachi Groupmax Server Set, Hitachi Groupware Server Set and Hitachi Schedule Server Set.
• Ref: http://www.securityfocus.com/bid/43362

(c) 2010. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge by the SANS Institute to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization. For a free subscription or to update a current subscription, visit http://portal.sans.org/