Last day to save $500 for SANS San Diego 2013

@RISK: The Consensus Security Vulnerability Alert

Volume: IX, Issue: 4
January 21, 2010

SANS Newsletters Home

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Platform Number of Updates and Vulnerabilities
    • -------------------------- -------------------------------------
    • Windows
    • 1
    • Other Microsoft Products
    • 2 (#1)
    • Third Party Windows Apps
    • 3 (#7)
    • Mac Os
    • 2
    • Linux
    • 5
    • BSD
    • 1
    • Cross Platform
    • 25 (#2, #3, #4, #5, #6)
    • Web Application - Cross Site Scripting
    • 15
    • Web Application - SQL Injection
    • 22
    • Web Application
    • 23
    • Network Device
    • 2

*************************************************************************

TRAINING UPDATE

-- SANS AppSec 2010, San Francisco, January 29-February 5, 2010 8 courses and bonus evening presentations, including Social Zombies: Your Friends Want to Eat Your Brains

https://www.sans.org/appsec-2010/

-- SANS Phoenix, February 14 -February 20, 2010 6 courses and bonus evening presentations, including The Art of Incident Response and Advanced Forensic Techniques: Catching Hackers on the Wire

https://www.sans.org/phoenix-2010/

-- SANS 2010, Orlando, March 6 - March 15, 2010 38 courses and bonus evening presentations, including Software Security Street Fighting Style

https://www.sans.org/sans-2010/

-- SANS Northern Virginia Bootcamp 2010, April 6-13 Bonus evening presentations include Safe Surfing: How to Surf the Net Without Getting PWND

https://www.sans.org/reston-2010/

-- SANS Security West 2010, San Diego, May 7-15, 2010 23 courses. Bonus evening presentations include Killer Bee: Exploiting ZigBee and the Kinetic World

https://www.sans.org/security-west-2010/

Looking for training in your own community? https://sans.org/community/

Save on On-Demand training (30 full courses)

- See samples at

https://www.sans.org/ondemand/spring09.php

Plus Tokyo, Bangalore, Oslo and Dublin all in the next 90 days. For a list of all upcoming events, on-line and live: http://www.sans.org

*************************************************************************

Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Windows
Other Microsoft Products
Third Party Windows Apps
Mac Os
Linux
BSD
Cross Platform
Web Application - Cross Site Scripting
Web Application - SQL Injection
Web Application
Network Device
PART I Critical Vulnerabilities

Part I for this issue has been compiled by Rohan Kotian at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems.

Widely Deployed Software
  • (1) CRITICAL: Microsoft Internet Explorer Remote Code Execution Vulnerability
  • Affected:
    • Microsoft Windows 2000 Service Pack 4
    • Windows XP Service Pack 2 and Windows XP Service Pack 3
    • Windows XP Professional x64 Edition Service Pack 2
    • Windows Server 2003 Service Pack 2
    • Windows Server 2003 x64 Edition Service Pack 2
    • Windows Server 2003 with SP2 for Itanium-based Systems
    • Windows Vista, Windows Vista Service Pack 1, and Windows Vista Service Pack 2
    • Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition Service Pack 2
    • Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2
    • Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service pack 2
    • Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2
    • Windows 7
    • Windows 7 for x64-based Systems
    • Windows Server 2008 R2 for x64-based Systems
    • Windows Server 2008 R2 for Itanium-based Systems
    • Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4
    • Internet Explorer 6 for Windows XP Service Pack 2, Windows XP Service Pack 3, and Windows XP Professional x64 Edition Service Pack 2
    • Internet Explorer 6 for Windows Server 2003 Service Pack 2, Windows Server 2003 with SP2 for Itanium-based Systems, and Windows Server 2003 x64 Edition Service Pack 2
    • Internet Explorer 7 for Windows XP Service Pack 2 and Windows XP Service Pack 3, and Windows XP Professional x64 Edition Service Pack 2
    • Internet Explorer 7 for Windows Server 2003 Service Pack 2, Windows Server 2003 with SP2 for Itanium-based Systems, and Windows Server 2003 x64 Edition Service Pack 2
    • Internet Explorer 7 in Windows Vista, Windows Vista Service Pack 1, Windows Vista Service Pack 2, Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition Service Pack 2
    • Internet Explorer 7 in Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2
    • Internet Explorer 7 in Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2
    • Internet Explorer 7 in Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2
    • Internet Explorer 8 for Windows XP Service Pack 2, Windows XP Service Pack 3, and Windows XP Professional x64 Edition Service Pack 2
    • Internet Explorer 8 for Windows Server 2003 Service Pack 2, and Windows Server 2003 x64 Edition Service Pack 2
    • Internet Explorer 8 in Windows Vista, Windows Vista Service Pack 1, Windows Vista Service Pack 2, Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition Service Pack 2
    • Internet Explorer 8 in Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2
    • Internet Explorer 8 in Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2
    • Internet Explorer 8 in Windows 7 for 32-bit Systems
    • Internet Explorer 8 in Windows 7 for x64-based Systems
    • Internet Explorer 8 in Windows Server 2008 R2 for x64-based Systems
    • Internet Explorer 8 in Windows Server 2008 R2 for Itanium-based Systems

  • Description: Microsoft Internet Explorer (IE) has been reported with a remote code execution vulnerability. A specially crafted web page can be used to trigger this vulnerability. The vulnerability is caused by a use-after-free error in the way IE handles events, when the element triggering the event is removed. Successful exploitation might allow an attacker to execute arbitrary code in the context of the affected application and there are evidence that this vulnerability is actively exploited in the wild. Microsoft has suggested some workarounds to mitigate this issue and one of them is to enable Data Execution Protection (DEP) for all versions of Internet Explorer that has provision for the same. Full technical details for the vulnerability are publicly available along with proof-of-concepts.

  • Status: Vendors confirmed, updates should be available on January 21st 2010.

  • References:
  • (3) CRITICAL: RealNetworks RealPlayer Multiple Vulnerabilities
  • Affected:
    • RealPlayer SP 1.0.0 and 1.0.1
    • RealPlayer 11 (11.0.5 and higher)
    • RealPlayer 11 (11.0.1 - 11.0.4)
    • RealPlayer 11 (11.0.0)
    • RealPlayer 10.5 (6.0.12.1675) *
    • RealPlayer 10.5 (6.0.12.1040-6.0.12.1663, 6.0.12.1698, 6.0.12.1741)
    • RealPlayer 10
    • RealPlayer Enterprise
    • Mac RealPlayer 11.0.1
    • Mac RealPlayer 11.0
    • Mac RealPlayer 10 and 10.1
    • Linux RealPlayer 11.0.1
    • Helix Player (11.0.1)
    • Linux RealPlayer 11.0.0
    • Helix Player (11.0.0)
    • Linux RealPlayer 10
    • Helix Player (10.*)

  • Description: RealPlayer is a proprietary multi platform media player from RealNetworks designed to play different multimedia formats. Multiple vulnerabilities have been reported in RealNetworks RealPlayer. There are heap-based overflow errors in the way RealPlayer processes a malformed ASM Rulebook, a malformed GIF file, a malformed IVR file, a malformed compressed GIF file, a malformed SMIL file, and a malformed Skin. There is a buffer overflow error in the way RealPlayer handles a malformed media file, a malformed IVR file. An array overflow error has been reported caused by the way RealPlayer parses a malformed ASM RuleBook. There is a buffer overflow error in the RealPlayer rtsp "set_parameter" and a heap overflow error in the way RealPlayer handles SIPR codec. Successful exploitation of these vulnerabilities might allow an attacker to execute arbitrary code. Technical details for these vulnerabilities are not available publicly.

  • Status: Vendor confirmed, updates available.

  • References:
  • (4) HIGH: Google SketchUp Multiple Vulnerabilities
  • Affected:
    • Google SketchUp 7.0.10247
    • Google SketchUp 7.1.4871
    • Google SketchUp 7.1.6087
    • Google SketchUp 7.6859

  • Description: Google SketchUp is a 3D modeling program developed by Google for game developers, architects etc. Two vulnerabilities have been identified in Google SketchUp. The first issue is a memory corruption error in the "lib3ds" library, a library used for processing 3DS files. A specially crafted 3DS file can be used to trigger this vulnerability. The second issue is caused by an integer overflow error in the way Google SketchUp processes SKP file s. A specially crafted SKP file can be used to trigger this vulnerability. Successful exploitation in both cases might allow an attacker to execute arbitrary code in the context of the logged on user. Full technical details for the 3DS vulnerability are publicly available along with a proof-of-concept.

  • Status: Vendors confirmed, updates available.

  • References:
  • (6) HIGH: Zeus Web Server Multiple Vulnerabilities
  • Affected:
    • Zeus Technology Zeus Web Server versions 4.x

  • Description: Zeus Web Server is a scalable and high performance web server developed by Zeus Technology for Unix and Unix-like platforms. Two vulnerabilities have been reported in Zeus Web Server. The first issue is a buffer overflow vulnerability caused by a boundary error in Zeus Web Server SSL2 implementation (SSL2_CLIENT_HELLO). Successful exploitation in this case might allow an attacker to carry out remote code execution. The second issue is an error in the TLS protocol, specifically in the way it handles session re-negotiations. This can be exploited to insert arbitrary data via Man-in-the-Middle attacks. Technical details for these vulnerabilities are available publicly along with proof-of-concepts.

  • Status: Vendor confirmed, updates available.

  • References:
  • (7) MODERATE: BS.Player BSI File Processing Buffer Overflow Vulnerability
  • Affected:
    • BS.Player version 2.51 and prior

  • Description: BS.Player, a popular multimedia player used by more than 70 million users, has been reported with a buffer overflow vulnerability. A specially crafted BSPlayer Configuration file (BSI) file can be used to trigger this vulnerability. The specific flaw is a boundary error caused while processing a malformed BSI file that has an over long "Skin" parameter in the "Options" field. The user will have to be tricked by an attacker to open malicious BSI files in order to exploit this vulnerability. Successful exploitation might allow an attacker to execute arbitrary code in the context of the affected application. Full technical details about the vulnerability are publicly available along with a proof-of-concept.

  • Status: Vendor confirmed, updates available.

  • References:
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 4, 2010

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 7863 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely. ______________________________________________________________________

  • 10.4.1 - CVE: CVE-2010-0232
  • Platform: Windows
  • Title: Microsoft Windows #GP Trap Handler Local Privilege Escalation
  • Description: Microsoft Windows is exposed to a local privilege escalation issue in the #GP trap handler. Specifically, the operating system wrongly assumes the following: 1. Setting up a VDM (Virtual Desktop Manager) context requires 'SeTcbPrivileges' privileges. 2. Ring3 code cannot install arbitrary code segment selectors. 3. Ring3 code cannot forge a trap frame.
  • Ref: http://seclists.org/fulldisclosure/2010/Jan/341
  • 10.4.2 - CVE: CVE-2010-0249
  • Platform: Other Microsoft Products
  • Title: Microsoft Internet Explorer CVE-2010-0249 Remote Code Execution
  • Description: Microsoft Internet Explorer is exposed to a remote code execution issue that is caused by a memory corruption error triggered by an invalid pointer to a deleted object.
  • Ref: http://www.microsoft.com/technet/security/advisory/979352.mspx
  • 10.4.3 - CVE: Not Available
  • Platform: Other Microsoft Products
  • Title: Microsoft Internet Explorer Null Pointer Dereference Denial of Service Vulnerabilities
  • Description: Microsoft Internet Explorer is exposed to two remote denial of service issues that stem from NULL pointer dereference errors. Successful exploits can allow remote attackers to crash the affected browser, resulting in denial of service conditions. Internet Explorer 6 and 7 are affected.
  • Ref: http://www.securityfocus.com/bid/37877
  • 10.4.4 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: BS.Player ".bsl" File Remote Buffer Overflow
  • Description: BS.Player is a multimedia player available for Microsoft Windows. The player is exposed to a remote stack based buffer overflow issue because it fails to perform adequate checks on user-supplied input. Specifically, this issue occurs when parsing a specially crafted ".bsl" file containing an excessively large skin file. BS.Player version 2.51 is affected.
  • Ref: http://www.securityfocus.com/bid/37831
  • 10.4.5 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Gracenote CDDBControl ActiveX Control "ViewProfile" Method Heap Buffer Overflow
  • Description: Gracenote CDDBControl ActiveX is a client control module for a content delivery engine for CD information. The control is exposed to a heap based buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input.
  • Ref: http://www.securityfocus.com/archive/1/508971
  • 10.4.6 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: MediaMonkey ".mp3" File Remote Buffer Overflow
  • Description: MediaMonkey is a multimedia player available for Microsoft Windows. MediaMonkey is exposed to a remote buffer overflow issue because it fails to perform adequate checks on user-supplied input. Specifically, this issue occurs when opening a specially crafted ".mp3" file. MediaMonkey version 3.2.0 is affected.
  • Ref: http://www.securityfocus.com/bid/37836
  • 10.4.7 - CVE: CVE-2010-0036
  • Platform: Mac Os
  • Title: Apple Mac OS X CoreAudio MP4 File Buffer Overflow
  • Description: CoreAudio is an audio component of the Apple Mac OS X operating system. The component is exposed to a buffer overflow issue that occurs when handling a specially crafted MP4 file.
  • Ref: http://www.securityfocus.com/bid/37868
  • 10.4.8 - CVE: CVE-2010-0037
  • Platform: Mac Os
  • Title: Apple Mac OS X Image RAW "DNG" Image Handling Buffer Overflow
  • Description: Image RAW is a component of the Apple Mac OS X operating system. Image RAW is exposed to a buffer overflow issue that can be triggered by processing a malformed "DNG" (Digital Negative) image file. Mac OS X versions 10.5.8 and prior; Mac OS X Server 10.5.8 and prior; Mac OS X 10.6.2 and prior and Mac OS X Server 10.6.2 and prior are affected.
  • Ref: http://www.securityfocus.com/bid/37869
  • 10.4.9 - CVE: CVE-2010-0002
  • Platform: Linux
  • Title: GNU Bash "ls" Control Character Command Injection
  • Description: Bash is a command language interpreter, or shell, used in many Unix and Linux variants. Bash is exposed to a command injection issue because it fails to adequately sanitize user-supplied input to the "ls" command. Specifically, if the locale is UTF-8, control characters will always be displayed.
  • Ref: https://qa.mandriva.com/show_bug.cgi?id=56882
  • 10.4.10 - CVE: CVE-2009-4141
  • Platform: Linux
  • Title: Linux Kernel "fasync_helper()" Local Privilege Escalation
  • Description: Linux kernel is exposed to a local privilege escalation issue. This issue occurs in the "fasync_helper()" function because of a use-after-free error. The issue arises when the application handles file descriptors with the FASYNC flag set. Ref: http://archives.neohapsis.com/archives/fulldisclosure/2010-01/0252.html
  • 10.4.11 - CVE: CVE-2010-0006
  • Platform: Linux
  • Title: Linux Kernel "ipv6_hop_jumbo()" Remote Denial of Service
  • Description: The Linux kernel is exposed to a remote denial of service issue in the "ipv6_hop_jumbo()" function of the "net/ipv6/exthdrs.c" source file. This issue occurs because a NULL pointer dereference may be triggered when processing malformed IPv6 headers.
  • Ref: http://marc.info/?l=linux-netdev&m=126343325807340&w=2
  • 10.4.12 - CVE: CVE-2009-4272
  • Platform: Linux
  • Title: Red Hat Linux Kernel Routing Implementation Multiple Remote Denial of Service Vulnerabilities
  • Description: The Red Hat Linux kernel is exposed to multiple vulnerabilities affecting the routing implementation: A denial of service issue that exists due to a deadlock condition and a denial of service issue that may result in a kernel panic due to an uninitialized pointer after a route lookup.
  • Ref: https://bugzilla.redhat.com/show_bug.cgi?id=545411
  • 10.4.13 - CVE: CVE-2009-3556
  • Platform: Linux
  • Title: Red Hat Linux Kernel "qla2xxx" DriverSecurity Bypass
  • Description: The Red Hat Linux kernel is prone to a security bypass issue. This issue arises in N_Port ID Virtualization (NPIV) code of the "qla2xxx" driver. An attacker may exploit this issue to bypass security restrictions and set SCSI host attributes by modifying the world-writable "/sys/class/scsi_host/[a qla2xxx host]/vport_create" and "vport_delete" files.
  • Ref: https://bugzilla.redhat.com/show_bug.cgi?id=537177
  • 10.4.14 - CVE: Not Available
  • Platform: BSD
  • Title: NetBSD VFS Filesystem Autoloading Local Denial of Service
  • Description: NetBSD is exposed to a local denial of service issue. The filesystem module autoloader in VFS code improperly accesses a pointer to the filesystem name. Ref: http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2010-001.txt.asc
  • 10.4.15 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Google SketchUp 3DS File Remote Memory Corruption
  • Description: Google SketchUp is an application for creating, modifying, and sharing 3D models. Google SketchUp is exposed to a remote memory corruption issue because the application fails to perform adequate boundary checks on user-supplied input. This issue occurs in the "face_array_read()" function of the "src/lib3ds_mesh.c" source file. Google SketchUp versions 7.0.10247, 7.1.4871, and 7.1.6087 are affected.
  • Ref: http://www.coresecurity.com/content/google-sketchup-vulnerability
  • 10.4.16 - CVE: Not Available
  • Platform: Cross Platform
  • Title: SAP MaxDB Unspecified Information Disclosure and Denial of Service Vulnerabilities
  • Description: SAP MaxDB is a database application available for multiple platforms. MaxDB is exposed to an unspecified information disclosure issue and an unspecified denial of service issue. SAP MaxDB version 7.6.06 is affected.
  • Ref: http://www.securityfocus.com/bid/37766
  • 10.4.17 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Mozilla Firefox Yoono Extension "img" Tag DOM Event Handler Remote Code Injection
  • Description: Mozilla Firefox Yoono is a social networking application that is available as an extension for Mozilla Firefox. The extension is exposed to a remote code injection issue because it fails to properly sanitize user-supplied input. This issue affects the DOM event handlers of the "img" tag. Yoono versions prior to 6.1.1 are affected.
  • Ref: http://www.securityfocus.com/archive/1/508910
  • 10.4.18 - CVE: CVE-2009-4182
  • Platform: Cross Platform
  • Title: HP Web Jetadmin Remote Information Disclosure
  • Description: HP Web Jetadmin is a web-based interface for remote management of network peripheral devices. The application is exposed to an information disclosure issue when configured to communicate with an external SQL Server installation. Specifically, database credentials and other communications are not encrypted when transmitted over the network. HP Web Jetadmin version 10.2 is affected.
  • Ref: http://www.securityfocus.com/archive/1/508914
  • 10.4.19 - CVE: CVE-2009-3617
  • Platform: Cross Platform
  • Title: aria2 "AbstractCommand::onAbort" Format String Vulnerability
  • Description: The "aria2" program is a client application that is used to download files via a number of protocols. It is available for multiple operating systems. The application is exposed to a format string issue because it fails to properly sanitize user-supplied data. This issue occurs because of a segmentation error when format string characters are provided to the "AbstractCommand::onAbort()" function in the "AbstractCommand.cc" source file. aria2 versions prior to 1.6.2 are affected. Ref: http://aria2.svn.sourceforge.net/viewvc/aria2/trunk/src/AbstractCommand.cc?r1=1539&r2=1572
  • 10.4.20 - CVE: CVE-2007-5655
  • Platform: Cross Platform
  • Title: TIBCO Runtime Agent Domain Properties Insecure File Permissions
  • Description: TIBCO Runtime Agent is bundled with various TIBCO products. TIBCO Runtime Agent is exposed to an insecure file permissions issue that affects the TIBCO Domain Utility ("domainutility" and "domainutilitycmd") components, which create domain properties files with insecure permissions. TIBCO Runtime Agent versions prior to 5.6.2 are affected. Ref: http://www.tibco.com/multimedia/security_advisory_runtime_agent_20100113_tcm8-10392.txt
  • 10.4.21 - CVE: Not Available
  • Platform: Cross Platform
  • Title: OpenOffice ".csv" File Remote Denial of Service
  • Description: OpenOffice is a suite of office applications for multiple operating platforms. OpenOffice is exposed to a remote denial of service issue when handling a specially crafted ".csv" file. The issue reportedly stems from a NULL pointer dereference. OpenOffice versions 3.1.0 and 3.1.1 on Microsoft Windows are affected.
  • Ref: http://www.securityfocus.com/archive/1/508935
  • 10.4.22 - CVE: Not Available
  • Platform: Cross Platform
  • Title: IBM Tivoli Directory Server "ibmdiradm" Null Pointer Dereference Denial of Service
  • Description: IBM Tivoli Directory Server is an LDAP based identity management application. The application is exposed to a denial of service issue caused by a NULL pointer deference. This issue affects the "do_extendedOp" process. IBM Tivoli Directory Server version 6.2 is affected. Ref: http://intevydis.blogspot.com/2010/01/tivoli-directory-server-62-doextendedop.html
  • 10.4.23 - CVE: CVE-2009-4012
  • Platform: Cross Platform
  • Title: LibThai Unspecified Integer Overflow
  • Description: The "LibThai" library is freely available software that is used to provide Thai language support to applications. The library is exposed to a heap-based buffer overflow issue because of an integer overflow condition. The issue occurs when a large string is handled.
  • Ref: http://www.securityfocus.com/bid/37822
  • 10.4.24 - CVE: CVE-2008-7251, CVE-2008-7252
  • Platform: Cross Platform
  • Title: phpMyAdmin Insecure Temporary File and Directory Creation Vulnerabilities
  • Description: phpMyAdmin is a web-based administration interface for MySQL databases. phpMyAdmin creates temporary directories and files in an insecure way. Specifically the temporary directory is world writable and the temporary files have predictable file names. phpMyAdmin versions 2.11.x prior to 2.11.10 are affected.
  • Ref: http://www.phpmyadmin.net/home_page/security/PMASA-2010-2.php
  • 10.4.25 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Zeus Web Server Unspecified Remote Buffer Overflow
  • Description: Zeus Web Server is an HTTP server. The application is exposed to a remote buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Ref: http://intevydis.blogspot.com/2010/01/zeus-web-server-ssl2clienthello.html
  • 10.4.26 - CVE: Not Available
  • Platform: Cross Platform
  • Title: VLC Media Player ASS File Buffer Overflow
  • Description: VLC is a cross-platform media player that can be used to serve streaming data. VLC is exposed to a buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input. The issue stems from a buffer overflow while parsing specially crafted Aegisub Advanced SubStation (".ass") files. VLC media player version 0.6.8 is affected.
  • Ref: http://www.securityfocus.com/bid/37832
  • 10.4.27 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Oracle Internet Directory "oidldapd" Remote Memory Corruption
  • Description: Oracle Internet Directory is an LDAP directory. The application is exposed to an unspecified remote vulnerability that may result in heap memory corruption. The issue may allow attackers to execute arbitrary code in the context of the vulnerable application. Oracle Internet Directory version 10.1.2.0.2 is affected. Ref: http://intevydis.blogspot.com/2010/01/oracle-internet-directory-heap.html
  • 10.4.28 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Web Server Creator Web Portal Multiple Input Validation Vulnerabilities
  • Description: Web Server Creator Web Portal is a PHP-based portal application. Because it fails to sufficiently sanitize user-supplied input, the application is exposed to multiple input validation issues. Web Server Creator Web Portal version 0.1 is affected.
  • Ref: http://www.securityfocus.com/bid/37841
  • 10.4.29 - CVE: CVE-2009-4273
  • Platform: Cross Platform
  • Title: SystemTap "stat-server" Remote Arbitrary Command Injection
  • Description: SystemTap is a data collection utility for analyzing a running Linux kernel. The "stat-server" component of SystemTap is exposed to a remote command injection issue because it fails to adequately sanitize user-supplied input data supplied by client requests. SystemTap versions prior to 1.1 are affected.
  • Ref: http://sourceware.org/bugzilla/show_bug.cgi?id=11105
  • 10.4.30 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Zenoss Multiple Cross-Site Request Forgery Vulnerabilities
  • Description: Zenoss is an enterprise IT management solution. Zenoss is exposed to multiple cross-site request forgery issues that affect the administration interface. Zenoss version 2.3.3 is affected.
  • Ref: http://www.securityfocus.com/archive/1/508982
  • 8 - CVE: Not Available10.0.42.34 running with Internet Explorer and are affected.
  • Platform: Cross Platform
  • Title: Adobe Flash Player SWF File Denial of Service
  • Description: Adobe Flash Player is a multimedia application for Microsoft Windows, Mozilla, and Apple technologies. The application is exposed to a denial of service issue. Specifically, this issue arises when the application is used with Internet Explorer and handles a specially crafted Shockwave Flash ("SWF") file. Flash Player version
  • Ref: http://www.mertsarica.com/?p=541
  • 10.4.32 - CVE: Not Available
  • Platform: Cross Platform
  • Title: OpenOffice ".slk" File NULL Pointer Dereference Remote Denial of Service
  • Description: OpenOffice is a suite of office applications for multiple operating platforms. OpenOffice is exposed to a remote denial of service issue when handling a specially crafted ".slk" file. The issue reportedly stems from a NULL pointer dereference. OpenOffice versions 3.1.0 and 3.1.1 are affected.
  • Ref: http://www.securityfocus.com/bid/37857
  • 10.4.33 - CVE: CVE-2010-0097
  • Platform: Cross Platform
  • Title: ISC BIND 9 DNSSEC Bogus NXDOMAIN Response Remote Cache Poisoning
  • Description: ISC BIND (Berkley Internet Domain Name) is an implementation of DNS protocols. A remote DNS cache poisoning vulnerability affects BIND 9. This issue occurs because the software may improperly cache "bogus" NXDOMAIN query responses for records proven by NSEC or NSEC3 to exist. These cached responses may then be returned in response to subsequent DNSSEC queries. BIND versions prior to the following are affected: BIND 9.4.3-P5, BIND 9.5.2-P2 and BIND 9.6.1-P3.
  • Ref: https://www.isc.org/advisories/CVE-2010-0097
  • 10.4.34 - CVE: Not Available
  • Platform: Cross Platform
  • Title: HP Power Manager Script Login URI Buffer Overflow Remote Code Execution
  • Description: HP Power Manager is a web-based application to manage an HP UPS. HP Power Manager is exposed to a remote code execution issue because it fails to properly bounds check user-supplied data. Specifically, when logins are made using a script, the username and password string will trigger a buffer overflow from an overly long URI if the string length exceeds 20 characters. Power Manager versions prior to 4.2.10 are affected.
  • Ref: http://www.securityfocus.com/archive/1/509042
  • 10.4.35 - CVE: CVE-2009-3999
  • Platform: Cross Platform
  • Title: HP Power Manager Export Logs Buffer Overflow Remote Code Execution
  • Description: HP Power Manager is a web-based application to manage an HP UPS. HP Power Manager is exposed to a remote code execution issue because it fails to properly bounds check user-supplied data. Specifically, an unspecified textbox value in the "Export Logs" section can be used to provide excess data to a memory buffer. Power Manager versions prior to 4.2.10 are affected.
  • Ref: http://secunia.com/secunia_research/2009-47/
  • 10.4.36 - CVE: CVE-2009-400211.5.1.606 are affected.
  • Platform: Cross Platform
  • Title: Adobe Shockwave Player (CVE-2009-4002) Unspecified Remote Buffer Overflow
  • Description: Adobe Shockwave Player is a multimedia player application. Shockwave Player is exposed to an unspecified remote buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. Shockwave Player versions prior to
  • Ref: http://www.adobe.com/support/security/bulletins/apsb10-03.html
  • 10.4.37 - CVE: CVE-2009-400311.5.2.606 for Microsoft Windows and Apple Mac OS X are affected.
  • Platform: Cross Platform
  • Title: Adobe Shockwave Player Multiple Integer Overflow Vulnerabilities
  • Description: Adobe Shockwave Player is a multimedia player available for multiple platforms. Shockwave Player is exposed to multiple integer overflow issues. Shockwave Player versions prior to
  • Ref: http://secunia.com/secunia_research/2009-62/
  • 10.4.38 - CVE: Not Available
  • Platform: Cross Platform
  • Title: SAP Web Application Server Unspecified Remote Buffer Overflow
  • Description: SAP Web Application Server is a web server component included in SAP Kernel. SAP Web Application Server is exposed to an unspecified remote buffer overflow issue. An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the application.
  • Ref: http://seclists.org/fulldisclosure/2010/Jan/348
  • 10.4.39 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Sun Java System Web Server WebDAV Unspecified Remote Buffer Overflow
  • Description: Sun Java System Web Server is an HTTP server. The application is exposed to a remote stack based buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. The issue arises in "/opt/sun/webserver7/lib/libdavplugin.so" when processing a specially crafted WebDAV request. Sun Java System Web Server version 7.0 Update 7 is affected. Ref: http://intevydis.blogspot.com/2010/01/sun-java-system-web-server-70u7-webdav.html
  • 10.4.40 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: TYPO3 Unit Converter Unspecified Cross-Site Scripting
  • Description: Unit Converter is an extension for the TYPO3 content manager. The extension is exposed to an unspecified cross-site scripting issue because it fails to properly sanitize user-supplied input. Unit Converter versions 1.0.4 and earlier are affected.
  • Ref: http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/
  • 10.4.41 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: TYPO3 KJ: Imagelightbox Unspecified Cross-Site Scripting
  • Description: KJ: Imagelightbox is an extension for the TYPO3 content manager. The extension is exposed to an unspecified cross-site scripting issue because it fails to properly sanitize user-supplied input. KJ: Imagelightbox versions 2.0.0 and earlier are affected.
  • Ref: http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/
  • 10.4.42 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: TYPO3 Tip many friends Extension Unspecified Cross-Site Scripting
  • Description: "Tip many friends" (mimi_tipfriends) is an extension for the TYPO3 content manager. The extension is exposed to an unspecified cross-site scripting issue because it fails to properly sanitize user-supplied input. Tip many friends versions 0.0.2 and earlier are affected. Ref: http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/
  • 10.4.43 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: TYPO3 VD / Geomap Extension Unspecified Cross-Site Scripting
  • Description: "VD / Geomap" (vd_geomap) is an extension for the TYPO3 content manager. The extension is exposed to an unspecified cross-site scripting issue because it fails to properly sanitize user-supplied input. "VD / Geomap" versions 0.3.1 and earlier are affected.
  • Ref: http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/
  • 10.4.44 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: TYPO3 Majordomo Extension Unspecified Cross-Site Scripting
  • Description: Majordomo is an extension for the TYPO3 content manager. The extension is exposed to an unspecified cross-site scripting issue because it fails to properly sanitize user-supplied input. Majordomo versions 1.1.3 and earlier are affected. Ref: http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/
  • 10.4.45 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Joomla! "com_tienda" Component "categoria" Parameter Cross-Site Scripting
  • Description: The "com_tienda" application is a component for the Joomla! content manager. The component is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "categoria" parameter.
  • Ref: http://www.securityfocus.com/bid/37798
  • 10.4.46 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Tribisur "cat" Parameter Cross-Site Scripting
  • Description: Tribisur is a PHP-based content manager. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "cat" parameter of the "forum.php" script.
  • Ref: http://www.securityfocus.com/bid/37800
  • 10.4.47 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Technology for Solutions "id" Parameter Cross-Site Scripting
  • Description: Technology for Solutions is a PHP-based application. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "id" parameter of the "contacto_demo.php" script.
  • Ref: http://www.securityfocus.com/bid/37811
  • 10.4.48 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Xforum "nbpageliste" Parameter Cross-Site Scripting
  • Description: Xforum is a web-based forum application. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the 'nbpageliste' parameter of the "liste.php" script. Xforum version 1.4 is affected.
  • Ref: http://www.securityfocus.com/bid/37818
  • 10.4.49 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Joomla! "com_marketplace" Component "catid" Parameter Cross-Site Scripting
  • Description: The "com_marketplace" application is a component for the Joomla! content manager. The component is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "catid" parameter. com_marketplace version 1.2 is affected.
  • Ref: http://www.securityfocus.com/bid/37819
  • 10.4.50 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: IBM Lotus Web Content Management Login Page Cross-Site Scripting
  • Description: IBM Lotus Web Content Management is a suite of web-based applications for Windows, Unix and Sun platforms. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the login page. IBM Lotus Web Content Management versions 6.1.0.1, 6.1.0.2, 6.0.1.4, 6.0.1.5, and 6.0.1.6 are affected.
  • Ref: http://www-01.ibm.com/support/docview.wss?uid=swg1PM04647
  • 10.4.51 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: TestLink "order_by_login_dir" Parameter Cross-Site Scripting
  • Description: TestLink is a web-based testing application. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "order_by_login_dir" parameter of the "lib/usermanagement/usersView.php" script. TestLink version 1.8.5 is affected.
  • Ref: http://www.securityfocus.com/bid/37839
  • 10.4.52 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: SurgeFTP "surgeftpmgr.cgi" Multiple Cross-Site Scripting Vulnerabilities
  • Description: SurgeFTP is a web server available for multiple platforms. It includes an web-based administration interface. The web interface is exposed to multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied data to the "domainid" and "classid" parameters of the "surgeftpmgr.cgi" CGI application. SurgeFTP version 2.3a6 is affected.
  • Ref: http://www.securityfocus.com/bid/37844
  • 10.4.53 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: EasySiteNetwork Jokes Complete Website Multiple Cross-Site Scripting Vulnerabilities
  • Description: EasySiteNetwork Jokes Complete Website is a web-based application. The application is exposed to multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied data to the following scripts and parameters: "joke.php": "id" and "results.php": "searchingred".
  • Ref: http://www.securityfocus.com/bid/37852
  • 10.4.54 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: THELIA Multiple Cross-Site Scripting Vulnerabilities
  • Description: THELIA is a PHP-based ecommerce application. The application is exposed to multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied data to the "ref" parameter if the "panier.php", "produit.php" and "rss.php" scripts. THELIA version 1.4.2.1 is affected.
  • Ref: http://www.securityfocus.com/bid/37855
  • 10.4.55 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: TYPO3 MK-AnydropdownMenu Unspecified SQL Injection
  • Description: MK-AnydropdownMenu ("mk_anydropdownmenu") is an extension for the TYPO3 content manager. The extension is exposed to an unspecified SQL injection issue because it fails to sufficiently sanitize input before using it in an SQL query. TYPO3 MK-AnydropdownMenu versions 0.3.28 and earlier are affected. Ref: http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/
  • 10.4.56 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: TYPO3 Customer Reference List Unspecified SQL Injection
  • Description: Customer Reference List ("ref_list") is an extension for the TYPO3 content manager. The extension is exposed to an unspecified SQL injection issue because it fails to sufficiently sanitize input before using it in an SQL query. Customer Reference List versions 1.0.1 and earlier are affected.
  • Ref: http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/
  • 10.4.57 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: TYPO3 Google Maps for tt_news Extension Unspecified SQL Injection
  • Description: "Google Maps for tt_news" ("jf_easymaps") is an extension for the TYPO3 content manager. The extension is exposed to an unspecified SQL injection issue because it fails to sufficiently sanitize input before using it in an SQL-query. "Google Maps for tt_news" versions prior to 1.0.3 are affected.
  • Ref: http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/
  • 10.4.58 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: TYPO3 tt_news Mail alert (dl3_tt_news_alerts) Unspecified SQL Injection
  • Description: "tt_news Mail alert" (dl3_tt_news_alerts) is an extension for the TYPO3 content manager. The extension is exposed to an unspecified SQL injection issue because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. tt_news Mail alert versions 0.2.0 and earlier are affected.
  • Ref: http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/
  • 10.4.59 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: TYPO3 User Links (vm19_userlinks) Unspecified SQL Injection
  • Description: User Links (vm19_userlinks) is an extension for the TYPO3 content manager. The extension is exposed to an unspecified SQL injection issue because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. User Links versions 0.1.1 and earlier are affected. Ref: http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/
  • 10.4.60 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: TYPO3 Helpdesk (mg_help) Extension Unspecified SQL Injection
  • Description: Helpdesk (mg_help) is an extension for the TYPO3 content manager. The extension is exposed to an unspecified SQL injection issue because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Helpdesk versions 1.1.6 and earlier are affected. Ref: http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/
  • 10.4.61 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: TYPO3 MJS Event Pro (mjseventpro) Unspecified SQL Injection
  • Description: MJS Event Pro (mjseventpro) is an extension for the TYPO3 content manager. The extension is exposed to an unspecified SQL injection issue because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. MJS Event Pro versions 0.2.1 and earlier are affected. Ref: http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/
  • 10.4.62 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: TYPO3 BB Simple Jobs (bb_simplejobs) Unspecified SQL Injection
  • Description: BB Simple Jobs (bb_simplejobs) is an extension for the TYPO3 content manager. The extension is exposed to an unspecified SQL injection issue because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. BB Simple Jobs versions 0.1.0 and earlier are affected. Ref: http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/
  • 10.4.63 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: TYPO3 Reports for Job (job_reports) Unspecified SQL Injection
  • Description: Reports for Job (job_reports) is an extension for the TYPO3 content manager. The extension is exposed to an unspecified SQL injection issue because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Reports for Job versions 0.1.0 and earlier are affected. Ref: http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/
  • 10.4.64 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: TYPO3 Clan Users List (pb_clanlist) Unspecified SQL Injection
  • Description: Clan Users List (pb_clanlist) is an extension for the TYPO3 content manager. The extension is exposed to an unspecified SQL injection issue because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Ref: http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/
  • 10.4.65 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: TYPO3 zak_store_management Unspecified SQL Injection
  • Description: The "zak_store_management" application is an extension for the TYPO3 content manager. The extension is exposed to an unspecified SQL injection issue because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. zak_store_management versions 1.0.0 and earlier are affected. Ref: http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/
  • 10.4.66 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: TYPO3 Powermail Extension Unspecified SQL Injection
  • Description: Powermail is an extension for the TYPO3 content manager. The extension is exposed to an unspecified SQL injection issue because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Powermail versions 1.5.1 and earlier are affected. Ref: http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/
  • 10.4.67 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Public Media Manager Multiple SQL Injection Vulnerabilities
  • Description: Public Media Manager is a web-based content manager. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the following script and parameter: "NewsCMS/newsdb/fullstory.php": "storyid".
  • Ref: http://pmm-cms.sourceforge.net/
  • 10.4.68 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Joomla! "com_articlemanager" Component "artid" Parameter SQL Injection
  • Description: "com_articlemanager" is a PHP-based component for the Joomla! content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "artid" parameter before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/37799
  • 10.4.69 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Zenoss Multiple SQL Injection Vulnerabilities
  • Description: Zenoss is an enterprise IT management solution. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data. Zenoss version 2.3.3 is affected. Ref: http://www.ngenuity.org/wordpress/2010/01/14/ngenuity-2010-001-zenoss-getjsoneventsinfo-sql-injection/
  • 10.4.70 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: xt:Commerce Direct URL Component "coID" Parameter SQL Injection
  • Description: Direct URL is a PHP-based component for the xt:Commerce ecommerce application. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "coID" parameter of the "shop_content.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/37808
  • 10.4.71 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: RoseOnlineCMS "username" Field Login SQL Injection
  • Description: RoseOnlineCMS is a PHP-based content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "username" field of the login page. RoseOnlineCMS version 3.81 is affected.
  • Ref: http://www.securityfocus.com/bid/37838
  • 10.4.72 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: SemanticScuttle "tags.php" SQL Injection
  • Description: SemanticScuttle is a social bookmarking application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied input passed via the URI to the "tags.php" script. SemanticScuttle versions prior to 0.95.2 and 0.94.2 are affected. Ref: http://semanticscuttle.svn.sourceforge.net/viewvc/semanticscuttle/branches/0.95.2/doc/ChangeLog?revision=602&view=markup&pathrev=602
  • 10.4.73 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: FreePBX "config.php" SQL Injection
  • Description: FreePBX is a web-based configuration tool for the open source Asterisk PBX. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied input to the "extdisplay" parameter of the "config.php" script before using it in an SQL query. FreePBX version 2.5.1 is affected.
  • Ref: http://www.freepbx.org/trac/changeset/7640
  • 10.4.74 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: vBulletin "misc.php" SQL Injection
  • Description: vBulletin is a content manager. vBulletin is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "name" parameter of the "misc.php" script before using it in an SQL query. vBulletin version 4.0.1 is affected.
  • Ref: http://www.securityfocus.com/bid/37854
  • 10.4.75 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: VisualShapers ezContents Authentication Bypass and Multiple SQL Injection Vulnerabilities
  • Description: ezContents is a content manager. The application is exposed to multiple input validation issues. A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. ezContents version 2.0.3 is affected.
  • Ref: http://www.securityfocus.com/bid/37858
  • 10.4.76 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: MySmartBB Multiple SQL Injection Vulnerabilities
  • Description: MySmartBB is a bulletin board application. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data. MySmartBB version 1.7.0 is affected.
  • Ref: http://www.securityfocus.com/bid/37863
  • 10.4.77 - CVE: Not Available
  • Platform: Web Application
  • Title: TYPO3 Photo Book Unspecified Directory Traversal
  • Description: Photo Book ("goof_fotoboek") is a module for the TYPO3 content manager. The application is exposed to a directory traversal issue because it fails to sufficiently sanitize user-supplied input. Photo Book versions 1.7.14 and earlier are affected. Ref: http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/
  • 10.4.78 - CVE: Not Available
  • Platform: Web Application
  • Title: TYPO3 kiddog_mysqldumper Unspecified Information Disclosure
  • Description: TYPO3 kiddog_mysqldumper is an extension for the TYPO3 content manager. The extension is exposed to an unspecified information disclosure issue. kiddog_mysqldumper versions 0.0.3 and earlier are affected. Ref: http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/
  • 10.4.79 - CVE: Not Available
  • Platform: Web Application
  • Title: TYPO3 SB Folderdownload Unspecified Information Disclosure
  • Description: SB Folderdownload ("sb_folderdownload") is an extension for the TYPO3 content manager. The extension is exposed to an unspecified information disclosure issue. SB Folderdownload version 0.2.2 is affected. Ref: http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/
  • 10.4.80 - CVE: Not Available
  • Platform: Web Application
  • Title: TYPO3 TT_Products editor (ttpedit) Unspecified SQL Injection
  • Description: TT_Products editor (ttpedit) is an extension for the TYPO3 content manager. The extension is exposed to an unspecified SQL injection issue because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. TT_Products editor versions 0.0.2 and earlier are affected. Ref: http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/
  • 10.4.81 - CVE: Not Available
  • Platform: Web Application
  • Title: TYPO3 TV21 Talkshow Extension Unspecified Cross-Site Scripting and SQL Injection Vulnerabilities
  • Description: TYPO3 TV21 Talkshow ("tv21_talkshow") is an extension for the TYPO3 content manager. The extension is exposed to a cross-site scripting issue and an SQL injection issue because it fails to properly sanitize user-supplied input. TV21 Talkshow versions 1.0.1 and earlier are affected. Ref: http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/
  • 10.4.82 - CVE: Not Available
  • Platform: Web Application
  • Title: Drupal Node Block Module "Title" HTML Injection
  • Description: Node Block is a Drupal module that allows users to specify content types as being a block. The module is exposed to an HTML injection issue because it fails to properly sanitize the "titles" field.
  • Ref: http://www.securityfocus.com/archive/1/508933
  • 10.4.83 - CVE: Not Available
  • Platform: Web Application
  • Title: Drupal Own Term Module "term description" Field HTML Injection
  • Description: Own Term is a module for the Drupal content manager. The module allows users to create taxonomy terms in a designated vocabulary. The module is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input to the "term description" field of the "term listing" page. Own Term versions prior to 6.x-1.1 are affected.
  • Ref: http://drupal.org/node/683576
  • 10.4.84 - CVE: Not Available
  • Platform: Web Application
  • Title: TYPO3 Vote rank for news Extension Cross-Site Scripting and SQL Injection Vulnerabilities
  • Description: TYPO3 "Vote rank for news" ("'vote_for_tt_news") is an extension for the TYPO3 content manager. The extension is exposed to a cross-site scripting issue and an SQL injection issue because it fails to properly sanitize user-supplied input. Vote rank for news versions 1.0.1 and earlier affected. Ref: http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/
  • 10.4.85 - CVE: Not Available
  • Platform: Web Application
  • Title: Drupal Bibliography Module HTML Injection
  • Description: Bibliography is a PHP-based component for the Drupal content manager. Drupal Bibliography module is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input. Bibliography module versions 5.x-1.17 and earlier as well as 6.x-1.9 and earlier are affected.
  • Ref: http://drupal.org/node/683786
  • 10.4.86 - CVE: Not Available
  • Platform: Web Application
  • Title: DokuWiki "ajax.php" Multiple Security Bypass Vulnerabilities
  • Description: DokuWiki is a PHP-based wiki application. The application is exposed to multiple security bypass issues because it fails to adequately authenticate users before performing certain actions. Specifically, unauthenticated attackers can change or delete wiki permissions via the "cmd[save]", "cmd[del]", and "cmd[update]" parameters of the "lib/plugins/acl/ajax.php" script.
  • Ref: http://www.securityfocus.com/bid/37820
  • 10.4.87 - CVE: Not Available
  • Platform: Web Application
  • Title: Dokuwiki File Enumeration Information Disclosure
  • Description: Dokuwiki is a PHP-based wiki application. The application is exposed to a directory traversal issue because it fails to sufficiently sanitize user-supplied input to the "ns" parameter of the "ajax.php" script. This can allow an attacker to enumerate file names but not the contents of the files.
  • Ref: http://www.securityfocus.com/bid/37821
  • 10.4.88 - CVE: Not Available
  • Platform: Web Application
  • Title: Testlink Multiple Unspecified Directory Traversal Vulnerabilities
  • Description: TestLink is a PHP-based testing suite. The application is exposed to multiple unspecified directory traversal issues because it fails to sufficiently sanitize user-supplied input. Remote attackers may use a specially crafted request with directory traversal characters ("../") to retrieve arbitrary files from the affected system in the context of the application.
  • Ref: http://www.securityfocus.com/bid/37824
  • 10.4.89 - CVE: Not Available
  • Platform: Web Application
  • Title: LetoDMS "lang" Parameter Local File Include
  • Description: LetoDMS (formerly known as MyDMS) is a PHP-based document manager. The application is exposed to a local file include issue because it fails to sufficiently sanitize user-supplied input to the "lang" parameter of the "op/op.Login.php" script. LetoDMS version 1.7.2 is affected.
  • Ref: http://www.securityfocus.com/archive/1/508947
  • 10.4.90 - CVE: Not Available
  • Platform: Web Application
  • Title: Php-residence "template_data_dir" Parameter Multiple Local File Include Vulnerabilities
  • Description: Php-residence is a web-based application for tracking rentals of rooms and apartments. The application is exposed to multiple local file include issues because it fails to properly sanitize user-supplied input. Php-residence version 0.7.2 is affected.
  • Ref: http://www.securityfocus.com/bid/37837
  • 10.4.91 - CVE: Not Available
  • Platform: Web Application
  • Title: Joomla! "com_uploader" Component Arbitrary File Upload
  • Description: The "com_uploader" application is a PHP-based component for the Joomla! content manager. The application is exposed to an issue that lets attackers upload arbitrary files because it fails to adequately sanitize file extensions before uploading the file to the web server through the "uploadimage.php" script.
  • Ref: http://www.securityfocus.com/bid/37840
  • 10.4.92 - CVE: Not Available
  • Platform: Web Application
  • Title: FreePBX "admin/config.php" Password Information Disclosure
  • Description: FreePBX is a web-based configuration tool for the open-source Asterisk PBX. The application is exposed to an information disclosure issue. Specifically, authenticated attackers who can access the "admin/config.php" script can view password data for other administrator accounts. FreePBX versions prior to 2.6 are affected. Ref: http://archives.neohapsis.com/archives/fulldisclosure/2010-01/0335.html
  • 10.4.93 - CVE: Not Available
  • Platform: Web Application
  • Title: FreePBX Inbound Route Description HTML Injection
  • Description: FreePBX is a web-based configuration tool for the open-source Asterisk PBX. The application is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input before displaying it in a browser. Specifically, the issue may be triggered via a specially-crafted "Inbound Route" description. FreePBX versions 2.5.x and 2.6.0 are affected. Ref: http://archives.neohapsis.com/archives/fulldisclosure/2010-01/0336.html
  • 10.4.94 - CVE: Not Available
  • Platform: Web Application
  • Title: Datalife Engine Multiple Remote File Include Vulnerabilities
  • Description: Datalife Engine is a content manager. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input. Datalife Engine version 8.3 is affected.
  • Ref: http://www.securityfocus.com/bid/37851
  • 10.4.95 - CVE: Not Available
  • Platform: Web Application
  • Title: MoinMoin Unspecified Information Disclosure
  • Description: MoinMoin is a freely available, open-source wiki written in Python. MoinMoin is exposed to an unspecified information disclosure issue that arises when the application handles data passed through "sys.argv". MoinMoin version 1.9.0 is affected.
  • Ref: http://moinmo.in/MoinMoinChat/Logs/moin-dev/2010-01-18
  • 10.4.96 - CVE: Not Available
  • Platform: Web Application
  • Title: phpMySport Information Disclosure and SQL Injection Vulnerabilities
  • Description: phpMySport is a PHP-based application. The application is exposed to multiple security issues. An information disclosure issue occurs in the File manager. Multiple SQL injection issues occur because the application fails to properly sanitize input to the "v1" and "v2" parameters of the "index.php" script before using them in SQL queries. phpMySport version 1.4 is affected.
  • Ref: http://www.securityfocus.com/bid/37856
  • 10.4.97 - CVE: Not Available
  • Platform: Web Application
  • Title: XOOPS Arbitrary File Deletion and HTTP Header Injection Vulnerabilities
  • Description: XOOPS is a PHP-based content manager. XOOPS is exposed to multiple issues. An arbitrary file deletion vulnerability occurs because the application fails to sufficiently sanitize user-supplied data passed via the "old_smile" parameter before using it in a call to the "unlink()" PHP function. An HTTP header injection issue occurs because the application fails to sufficiently sanitize user-supplied data passed via the "xoops_redirect" parameter before using it to construct a "Location" HTTP header. XOOPS version 2.4.3 is affected.
  • Ref: http://www.securityfocus.com/archive/1/509034
  • 10.4.98 - CVE: CVE-2009-4605
  • Platform: Web Application
  • Title: phpMyAdmin "unserialize()" Remote Code Execution
  • Description: phpMyAdmin is a web-based administration interface for MySQL databases. The application is exposed to an issue that lets attackers execute arbitrary files. The issue occurs because the application fails to sanitize user-supplied data passed to the "unserialize()" function. phpMyAdmin versions prior to 3.0.0 or 2.11.10 are affected.
  • Ref: http://www.phpmyadmin.net/home_page/security/PMASA-2010-3.php
  • 10.4.99 - CVE: CVE-2009-4000
  • Platform: Web Application
  • Title: HP Power Manager "formExportDataLogs" Directory Traversal Remote Code Execution
  • Description: HP Power Manager is a web-based application to manage an HP UPS. HP Power Manager is exposed to a remote code execution issue because it fails to properly validate user-supplied data. Specifically, the "fileName" parameter passed to "/goform/formExportDataLogs" can be used to overwrite arbitrary files using directory traversal techniques. Power Manager versions prior to 4.2.10 are affected.
  • Ref: http://www.securityfocus.com/archive/1/509042
  • 10.4.100 - CVE: CVE-2009-3739
  • Platform: Network Device
  • Title: MicroLogix 1100 and 1400 Controllers Multiple Unspecified Vulnerabilities
  • Description: MicroLogix 1100 and 1400 Controllers are gateway SCADA devices. The devices are exposed to multiple unspecified issues. Attackers may exploit these issues to gain unauthorized access to the process logic controllers (PLC). Successful exploits will result in a denial of service condition and allow attackers to compromise affected devices.
  • Ref: http://www.securityfocus.com/archive/1/508946
  • 10.4.101 - CVE: Not Available
  • Platform: Network Device
  • Title: Novatel Wireless MiFi Mobile Hotspot Multiple Remote Vulnerabilities
  • Description: Novatel Wireless MiFi is a mobile hotspot used to access the internet from wifi enabled devices. The device is exposed to multiple remote issues. The web-based management interface fails to require authentication. The device fails to properly encode user input when displaying it back to a user. The web-based interface is exposed to cross-site request forgery attacks because it fails to validate referrer headers. An information disclosure weakness allows attackers to enable GPS and obtain the geographical location of users.
  • Ref: http://www.securityfocus.com/archive/1/508948

(c) 2010. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge by the SANS Institute to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.

SANS courses bring the best of the best to one place to learn cutting edge information.
-Jeremy Baca, LMIT at Sandia National Labs

SANS San Diego 2013

Latest Whitepapers

Building and Maintaining a "Certifiable" Workforce
By Robert J. Mavretich

How Can You Build and Leverage SNORT IDS Metrics to Reduce Risk?
By Tim Proffitt

Daisy Chain Authentication
By Courtney Imbert

Latest Tweets

NEW #SANS Survey: Security Analytics & Intelligence 2nd [...]
October 1, 2013 - 6:30 PM

Tips on how to convince your boss to let you train online wi [...]
October 1, 2013 - 6:23 PM

#2 Tip on how 2 convince your boss 2 let u train online: Fle [...]
October 1, 2013 - 3:00 PM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"As a security professional, this info is foundational to do a competent job, let alone be successful."
- Michael Foster, Providence Health & Security

"Because of the use of real-world examples it's easier to apply what you learn."
- Danny Hill, Friedkin Companies, Inc.

"Expertise of the trainer is impressive, real life situations explained, very good manuals. Best training ever!"
- Jerry Robles de Medina, Godo CU