@RISK: The Consensus Security Vulnerability Alert

Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys

• (1) HIGH: Google Chrome Multiple Vulnerabilities

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)

Windows

• 10.40.1 - Microsoft Internet Information Services Remote Script Code Execution Issue

Third Party Windows Apps

• 10.40.2 - Weird Solutions TFTP Desktop Directory Traversal Issue
• 10.40.3 - iWorkstation ".pls" File Buffer Overflow Issue
• 10.40.4 - EpicDJSoftware EpicVJ ".mpl" and ".m3u" File Buffer Overflow Issue
• 10.40.5 - Zortam Mp3 Media Studio Multiple Memory Corruption Vulnerabilities

Linux

• 10.40.6 - Linux Kernel "PKT_CTRL_CMD_STATUS" Invalid Pointer Dereference Denial of Service Issue

Unix

• 10.40.7 - stftp (simple terminal FTP) "PWD" Response Remote Stack Buffer Overflow

Cross Platform

• 10.40.8 - LEADTOOLS Imaging Common Dialogs ActiveX Control Multiple Memory Corruption Issues
• 10.40.9 - Gentoo python updater "sys.path" Search Path Local Privilege Escalation Issue
• 10.40.10 - IBM FileNet Application Engine Image Viewer Component ACL Security Bypass Issue
• 10.40.11 - RarCrack "filename" Buffer Overflow Issue
• 10.40.12 - Fly Help ".CHM" File Remote Buffer Overflow
• 10.40.13 - Collaborative Passwords Manager (cPassMan) Multiple Local File Include Issues
• 10.40.14 - HP-UX Directory Server and Red Hat Directory Server for HP-UX Local Unspecified Issue
• 10.40.15 - Fox Audio Player ".m3u" File Buffer Overflow Issue
• 10.40.16 - Sguil Database Remote Denial of Service Issue
• 10.40.17 - Google Chrome Multiple Security Vulnerabilities
• 10.40.18 - WebKit for Apple iPhone/iPod touch Form Menus Memory Corruption
• 10.40.19 - Cisco IOS And Unified Communications Manager Denial of Service Issue
• 10.40.20 - Cisco IOS And Unified Communications Manager Denial of Service Issue
• 10.40.21 - SAP Management Console NULL Pointer Dereference Denial of Service Issue
• 10.40.22 - ClamAV "find_stream_bounds()" PDF File Processing Denial of Service Issue

Web Application - Cross Site Scripting

• 10.40.23 - MyWeight Multiple Cross-Site Scripting Vulnerabilities
• 10.40.24 - FreeWebScriptz HUBScript "single_winner1.php" Cross-Site Scripting
• 10.40.25 - RadAFFILIATE Links "index.php" Cross-Site Scripting
• 10.40.26 - Tiki Wiki CMS Groupware Local File Include and Cross-Site Scripting Vulnerabilities
• 10.40.27 - MySITE SQL Injection and Cross-Site Scripting Vulnerabilities
• 10.40.28 - Hotscripts Type PHP Clone Script "msg" Parameter Multiple Cross-Site Scripting Vulnerabilities
• 10.40.29 - phpMyFAQ "index.php" Cross-Site Scripting Issue

Web Application - SQL Injection

• 10.40.30 - TYPO3 Commenting system Backend Module Unspecified SQL Injection issue
• 10.40.31 - Multi Website "Browse" Parameter SQL Injection Issue
• 10.40.32 - Blog Ink (Blink) Multiple SQL Injection Issues
• 10.40.33 - APBook Admin Login Multiple SQL Injection Vulnerabilities
• 10.40.34 - NetArt Media Car Portal "car" Parameter SQL Injection
• 10.40.35 - JE CMS Multiple SQL Injection Issues
• 10.40.36 - VS Panel "results.php" SQL Injection Issue
• 10.40.37 - WebLeague Multiple SQL Injection Issues
• 10.40.38 - WebLeague "profile.php" SQL Injection

Web Application

• 10.40.39 - Pixelpost Cross-Site-Scripting and SQL Injection Issues
• 10.40.40 - phplemon MyWeight "user_photo.php" Arbitrary File Upload Issue
• 10.40.41 - phpNagios "menu.php" Local File Include Issue
• 10.40.42 - AtomatiCMS "fckeditor" Multiple Arbitrary File Upload Vulnerabilities
• 10.40.43 - Achievo Time Registration Module "dispatch.php" Security Bypass Issue
• 10.40.44 - Micro CMS "name" Field HTML Injection

Network Device

• 10.40.45 - 3Com H3C S9500E Switches Denial of Service Issue

PART I Critical Vulnerabilities

Part I for this issue has been compiled by Josh Bronson at TippingPoint, a division of HP, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 40, 2010

Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com) This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 10237 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

• 10.40.1 - CVE: Not Available
• Platform: Windows
• Title: Microsoft Internet Information Services Remote Script Code Execution Issue
• Description: Microsoft Internet Information Services (IIS) is exposed to an issue that lets attackers execute arbitrary code. The problem occurs because IIS fails to properly sanitize user-supplied input when parsing directory names. Microsoft IIS version 6.0 is affected.
• Ref: http://www.securityfocus.com/bid/43561

• 10.40.2 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: Weird Solutions TFTP Desktop Directory Traversal Issue
• Description: Weird Solutions TFTP Desktop is a TFTP server for Microsoft Windows. The application is exposed to a directory traversal issue because it fails to sufficiently sanitize user-supplied input. Remote attackers can use a specially crafted request with directory traversal sequences ("../") to retrieve arbitrary files in the context of the application. Weird Solutions TFTP Desktop version 2.5 is affected.
• Ref: http://www.securityfocus.com/bid/42907

• 10.40.3 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: iWorkstation ".pls" File Buffer Overflow Issue
• Description: iWorkstation is an audio converter. The application is exposed to a buffer overflow issue because it fails to perform adequate checks on user-supplied input. Specifically, this issue occurs when opening a specially crafted ".pls" file. iWorkstation version 9.3.2.1.4 is affected.
• Ref: http://www.securityfocus.com/bid/43530

• 10.40.4 - CVE: CVE-2009-3536
• Platform: Third Party Windows Apps
• Title: EpicDJSoftware EpicVJ ".mpl" and ".m3u" File Buffer Overflow Issue
• Description: EpicDJSoftware EpicVJ is a multimedia application available for Microsoft Windows. The application is exposed to a heap-based buffer overflow issue because it fails to perform adequate checks on user-supplied input. EpicDJSoftware EpicVJ version 1.2.8.0 is affected.
• Ref: http://www.securityfocus.com/bid/43473

• 10.40.5 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: Zortam Mp3 Media Studio Multiple Memory Corruption Vulnerabilities
• Description: Zortam Mp3 Media Studio is a multimedia application available for Microsoft Windows. The application is exposed to multiple memory corruption issues because it fails to properly handle specially crafted ".m3u" files and ".mp3" files with exceptionally long ID3 tags. Zortam Mp3 Media Studio version 9.40 is affected.
• Ref: http://www.securityfocus.com/bid/43532

• 10.40.6 - CVE: Not Available
• Platform: Linux
• Title: Linux Kernel "PKT_CTRL_CMD_STATUS" Invalid Pointer Dereference Denial of Service Issue
• Description: The Linux kernel is exposed to an invalid pointer dereference denial of service issue. An attacker with permissions to open "/dev/pktcdvd/control" can exploit this issue to read arbitrary kernel memory or cause the kernel to crash, denying service to legitimate users. Due to the nature of the issue, code execution may be possible; this has not been confirmed.
• Ref: http://www.securityfocus.com/bid/43551

• 10.40.7 - CVE: Not Available
• Platform: Unix
• Title: stftp (simple terminal FTP) "PWD" Response Remote Stack Buffer Overflow
• Description: stftp (simple terminal FTP) is an FTP client for UNIX and UNIX like systems. The application is exposed to a stack-based buffer overflow issue because it fails to properly validate the "PWD" response in FTP connections before copying it into an insufficiently sized buffer. stftp version 1.1.0 is affected.
• Ref: http://www.securityfocus.com/bid/43442

• 10.40.8 - CVE: Not Available
• Platform: Cross Platform
• Title: LEADTOOLS Imaging Common Dialogs ActiveX Control Multiple Memory Corruption Issues
• Description: LEADTOOLS Imaging Common Dialogs is an ActiveX control. The application is exposed to multiple memory corruption issues. LEADTOOLS Imaging Common Dialogs version 16.5 is affected.
• Ref: http://www.leadtools.com/sdk/common-dialog/default.htm

• 10.40.9 - CVE: Not Available
• Platform: Cross Platform
• Title: Gentoo python updater "sys.path" Search Path Local Privilege Escalation Issue
• Description: Gentoo python updater is exposed to a local privilege escalation issue. python-updater versions prior to 0.7-r1 are affected.
• Ref: http://www.securityfocus.com/bid/43385

• 10.40.10 - CVE: CVE-2006-7241
• Platform: Cross Platform
• Title: IBM FileNet Application Engine Image Viewer Component ACL Security Bypass Issue
• Description: IBM FileNet Application Engine is exposed to a security bypass issue because it fails to properly handle Access Control Lists. IBM FileNet Application Engine versions prior to 3. 5.1-002 are affected.
• Ref: http://www.securityfocus.com/bid/43389

• 10.40.11 - CVE: Not Available
• Platform: Cross Platform
• Title: RarCrack "filename" Buffer Overflow Issue
• Description: RarCrack is a password cracker for compressed archives. The application is exposed to a buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input. Specifically, this issue occurs when the application processes a file with an overly large name. RarCrack version 0.2 is affected.
• Ref: http://www.securityfocus.com/bid/43346

• 10.40.12 - CVE: Not Available
• Platform: Cross Platform
• Title: Fly Help ".CHM" File Remote Buffer Overflow
• Description: Fly Help is an application for generating online help files. The application is exposed to a remote buffer overflow issue because it fails to perform adequate checks on user-supplied input. Specifically, this issue occurs when parsing a specially crafted ".CHM" file.
• Ref: http://www.securityfocus.com/bid/43447

• 10.40.13 - CVE: Not Available
• Platform: Cross Platform
• Title: Collaborative Passwords Manager (cPassMan) Multiple Local File Include Issues
• Description: cPassMan is a web-based password manager application. The application is exposed to multiple local file include issues because it fails to properly sanitize user-supplied input to the "_SESSION[user_language]" parameter of the "admin.queries.php", "functions.queries.php", "views.queries.php", "groups.queries.php", and "items.queries.php" scripts. cPassMan version 1.07 is affected.
• Ref: http://www.securityfocus.com/bid/43466

• 10.40.14 - CVE: CVE-2010-3282
• Platform: Cross Platform
• Title: HP-UX Directory Server and Red Hat Directory Server for HP-UX Local Unspecified Issue
• Description: HP-UX Directory Server and Red Hat Directory Server for HP UX are exposed to an unspecified local issue. The following are affected. HP-UX B.11.11, B.11.23 and B.11.31 running HP-UX Directory Server versions B.08.10.02 and prior. Red Hat Directory Server for HP-UX versions B.08.00.01 and prior.
• Ref: http://www.securityfocus.com/bid/43469

• 10.40.15 - CVE: Not Available
• Platform: Cross Platform
• Title: Fox Audio Player ".m3u" File Buffer Overflow Issue
• Description: Fox Audio Player is exposed to a buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. Fox Audio Player version 0.8.0 is affected.
• Ref: http://www.securityfocus.com/bid/43521

• 10.40.16 - CVE: Not Available
• Platform: Cross Platform
• Title: Sguil Database Remote Denial of Service Issue
• Description: Sguil is an application for monitoring network traffic. The application is exposed to a remote denial of service issue because it fails to properly sanitize input to the database.
• Ref: http://www.securityfocus.com/bid/43528

• 10.40.17 - CVE: Not Available
• Platform: Cross Platform
• Title: Google Chrome Multiple Security Vulnerabilities
• Description: Google Chrome is a web browser for multiple platforms. Google Chrome is exposed to multiple issues. Chrome versions prior to 6.0.472.62 are affected.
• Ref: http://googlechromereleases.blogspot.com/2010/09/stable-beta-channel-updates_17.
  html

• 10.40.18 - CVE: CVE-2010-1814, CVE-2010-1811, CVE-2010-1817,CVE-2010-1781, CVE-2010-1815, CVE-2010-1812, CVE-2010-1809,CVE-2010-1810, CVE-2010-1813
• Platform: Cross Platform
• Title: WebKit for Apple iPhone/iPod touch Form Menus Memory Corruption
• Description: WebKit is a browser framework used in multiple applications, including Apple Safari. Apple iOS is an operating platform for iPhone and iPod touch. The application is exposed to multiple issues. A memory corruption issue affects the "WebKit" and "ImageIO" component when handling form menus. A buffer overflow issue affects the "ImageIO" component. A remote code execution issue affects the WebKit component due to a double-free issue. iOS 2.0 through 4.0.2 for iPhone 3G and later and iOS 2.1 through 4.0.2 for iPod touch (2nd generation) and later are affected.
• Ref: http://www.apple.com/iphone/software-update/

• 10.40.19 - CVE: CVE-2010-2835
• Platform: Cross Platform
• Title: Cisco IOS And Unified Communications Manager Denial of Service Issue
• Description: Cisco IOS and Unified Communications Manager are exposed to a denial of service issue when handling specially crafted SIP messages. This issue can be exploited by sending specially crafted SIP messages via TCP and UDP Ports 5060 or 5061.
• Ref: http://www.securityfocus.com/archive/1/513898

• 10.40.20 - CVE: CVE-2010-2834
• Platform: Cross Platform
• Title: Cisco IOS And Unified Communications Manager Denial of Service Issue
• Description: Cisco IOS and Unified Communications Manager are exposed to a denial of service issue. This issue is tracked by Cisco Bug IDs CSCtf14987 and CSCtf72678.
• Ref: http://www.securityfocus.com/bid/43394

• 10.40.21 - CVE: Not Available
• Platform: Cross Platform
• Title: SAP Management Console NULL Pointer Dereference Denial of Service Issue
• Description: SAP Management Console is exposed to a denial of service issue. SAP Management Console version 6.40, 7.00 and 7.10 are affected.
• Ref: http://www.securityfocus.com/bid/43548

• 10.40.22 - CVE: CVE-2010-3434
• Platform: Cross Platform
• Title: ClamAV "find_stream_bounds()" PDF File Processing Denial of Service Issue
• Description: ClamAV is a multiplatform toolkit used for scanning email messages for viruses. ClamAV is exposed to a denial of service issue because it fails to properly handle specially crafted PDF files. Specifically, the issue occurs because of insufficient bounds checks on PDF files in the "find_stream_bounds()" function of the "libclamav/pdf.c" source file. ClamAV version 0.96.2 is affected.
• Ref: https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2226

• 10.40.23 - CVE: CVE-2009-3512
• Platform: Web Application - Cross Site Scripting
• Title: MyWeight Multiple Cross-Site Scripting Vulnerabilities
• Description: MyWeight is a web-based application. The application is exposed to multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied data. phplemon MyWeight version 1.0 is affected.
• Ref: http://www.securityfocus.com/bid/43488/references

• 10.40.24 - CVE: CVE-2009-3599
• Platform: Web Application - Cross Site Scripting
• Title: FreeWebScriptz HUBScript "single_winner1.php" Cross-Site Scripting
• Description: HUBScript is a PHP-based online auction application. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "bid_id" parameter of the "single_winner1.php" script. FreeWebScriptz HUBScript version V1 is affected.
• Ref: http://www.securityfocus.com/bid/43474

• 10.40.25 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: RadAFFILIATE Links "index.php" Cross-Site Scripting
• Description: RadAFFILIATE Links is a web application. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "feat" parameter of the "index.php" script.
• Ref: http://www.securityfocus.com/bid/43459

• 10.40.26 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: Tiki Wiki CMS Groupware Local File Include and Cross-Site Scripting Vulnerabilities
• Description: Tiki Wiki CMS Groupware is a PHP-based database management application. The application is exposed to multiple issues because it fails to properly sanitize user-supplied input. 1) A local file include issue that affects the "language" parameter of the "tiki-jsplugin.php" script. 2) A cross-site scripting issue that affects the "type" parameter of the "tiki-edit_wiki_section.php" script. Tiki Wiki CMS Groupware version 5.2 is affected.
• Ref: http://www.johnleitch.net/Vulnerabilities/Tiki.Wiki.CMS.Groupware.5.2.Reflected.
  Cross-site.Scripting/44

• 10.40.27 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: MySITE SQL Injection and Cross-Site Scripting Vulnerabilities
• Description: MySITE is a PHP-based content management application. The application is exposed to multiple issues because it fails to sufficiently sanitize user-supplied input. 1) A cross-site scripting issue that affects the "query" parameter in the "portal/modules.php" script. 2) A SQL injection issue that affects the "pid" parameter of the "print.php" script.
• Ref: http://www.securityfocus.com/archive/1/513968

• 10.40.28 - CVE: CVE-2009-2588
• Platform: Web Application - Cross Site Scripting
• Title: Hotscripts Type PHP Clone Script "msg" Parameter Multiple Cross-Site Scripting Vulnerabilities
• Description: Hotscripts Type PHP Clone Script is an application. The application is exposed to multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied data.
• Ref: http://www.securityfocus.com/bid/43519

• 10.40.29 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: phpMyFAQ "index.php" Cross-Site Scripting Issue
• Description: phpMyFAQ is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input. phpMyFAQ version prior to 2.6.9 are affected.
• Ref: http://www.securityfocus.com/bid/43560

• 10.40.30 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: TYPO3 Commenting system Backend Module Unspecified SQL Injection issue
• Description: Commenting system Backend Module "commentsbe" is an extension for the TYPO3 content manager. The extension is exposed to an unspecified SQL injection issue because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Commenting system Backend Module 0.0.2 and prior are affected.
• Ref: http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-018/

• 10.40.31 - CVE: CVE-2009-3150
• Platform: Web Application - SQL Injection
• Title: Multi Website "Browse" Parameter SQL Injection Issue
• Description: Multi Website is a PHP-based web application. The application is exposed to an SQL injection issue because it fails to properly sanitize user-supplied input before using it in an SQL query. Specifically, this issue affects the "Browse" parameter when the "action" parameter is set to "vote". Multi Website version 1.5 is affected.
• Ref: http://www.securityfocus.com/bid/43243

• 10.40.32 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Blog Ink (Blink) Multiple SQL Injection Issues
• Description: Blog Ink (Blink) is a PHP-based blog system. The application is exposed to multiple SQL injection issues because the "db.php" script fails to sufficiently sanitize user-supplied data to the "username" and "password" parameters of the "login.php" script.
• Ref: http://www.securityfocus.com/bid/43284

• 10.40.33 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: APBook Admin Login Multiple SQL Injection Vulnerabilities
• Description: APBook is a PHP-based guestbook application. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "username" and "password" fields of the "admin/index.php" script. APBook version 1.3.0 is affected.
• Ref: http://www.securityfocus.com/bid/43452

• 10.40.34 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: NetArt Media Car Portal "car" Parameter SQL Injection
• Description: Car Portal is a web-based portal for automobile classifieds. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "car" parameter of the "index.php" script before using it in an SQL query. Car Portal version 2.0 is affected.
• Ref: http://www.securityfocus.com/bid/43536

• 10.40.35 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: JE CMS Multiple SQL Injection Issues
• Description: JE CMS is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. JE CMS version 1.0.0 and prior are affected.
• Ref: http://www.securityfocus.com/bid/43541

• 10.40.36 - CVE: CVE-2009-3595
• Platform: Web Application - SQL Injection
• Title: VS Panel "results.php" SQL Injection Issue
• Description: VS Panel is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. VS Panel version 7.5.5 is affected.
• Ref: http://www.securityfocus.com/bid/43545

• 10.40.37 - CVE: CVE-2009-4561
• Platform: Web Application - SQL Injection
• Title: WebLeague Multiple SQL Injection Issues
• Description: WebLeague is a PHP-based web application. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "username" and "password" fields of the "Admin/index.php" script. WebLeague version 2.2.0 is affected..
• Ref: http://www.securityfocus.com/bid/43557

• 10.40.38 - CVE: CVE-2009-4560
• Platform: Web Application - SQL Injection
• Title: WebLeague "profile.php" SQL Injection
• Description: WebLeague is a PHP-based web application. The application is exposed to an SQL injection issue because it fails to properly sanitize user-supplied input to the "name" parameter of the "profile.php" script before using it in an SQL query. WebLeague version 2.2.0 is affected.
• Ref: http://www.securityfocus.com/bid/43558

• 10.40.39 - CVE: Not Available
• Platform: Web Application
• Title: Pixelpost Cross-Site-Scripting and SQL Injection Issues
• Description: Pixelpost is a PHP-based image sharing application. The application is exposed to the multiple security issues. Pixelpost versions prior to 1.7.3 are affected.
• Ref: http://www.securityfocus.com/bid/43300

• 10.40.40 - CVE: Not Available
• Platform: Web Application
• Title: phplemon MyWeight "user_photo.php" Arbitrary File Upload Issue
• Description: phplemon MyWeight is a PHP based web application. The application is exposed to an arbitrary file upload issue because it fails to properly sanitize user-supplied input. Specifically this issue affects the "user_photo.php" script.
• Ref: http://www.securityfocus.com/bid/43086/references

• 10.40.41 - CVE: CVE-2009-4626
• Platform: Web Application
• Title: phpNagios "menu.php" Local File Include Issue
• Description: phpNagios is a PHP-based application used to configure Nagios. phpNagios is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "conf[lang]" parameter of the "menu.php" script. phpNagios version 1.2.0 is affected.
• Ref: http://www.securityfocus.com/bid/42927/references

• 10.40.42 - CVE: Not Available
• Platform: Web Application
• Title: AtomatiCMS "fckeditor" Multiple Arbitrary File Upload Vulnerabilities
• Description: AtomatiCMS is an ASP-based content manager. The application is exposed to multiple arbitrary file upload issues because it fails to properly sanitize user-supplied input. AtomatiCMS 10_all is vulnerable; other versions may also be affected.
• Ref: http://www.exploit-db.com/exploits/15139/

• 10.40.43 - CVE: Not Available
• Platform: Web Application
• Title: Achievo Time Registration Module "dispatch.php" Security Bypass Issue
• Description: Achievo is a web-based resource management tool. The application is exposed to a security bypass issue that affects the Time Registration module. Specifically, user-supplied data provided through the "person.id" or "hoursbase.id" parameters in the "dispatch.php" script is not properly validated prior to performing certain actions. Achievo versions prior to 1.4.5 are affected.
• Ref: http://www.securityfocus.com/bid/43544

• 10.40.44 - CVE: Not Available
• Platform: Web Application
• Title: Micro CMS "name" Field HTML Injection
• Description: Micro CMS is a PHP-based content management system. Micro CMS is exposed to an HTML injection issue because it fails to sufficiently sanitize user-supplied data passed through the "name" field when posting comments to the "comments/send" directory before using it in dynamically generated content. Micro CMS version 1.0 beta 1 is affected.
• Ref: http://www.securityfocus.com/bid/43556

• 10.40.45 - CVE: Not Available
• Platform: Network Device
• Title: 3Com H3C S9500E Switches Denial of Service Issue
• Description: 3Com H3C S9500E is a series of core routing switches. The devices are exposed to a denial of service issue when handling specially crafted SNMP requests. Specifically, the issue occurs when an attacker sends an SNMP request for the "hh3cAclIPAclBasicCount" MIB to the device configured with many ACL rules (around 8,000). 3Com version H3C S9500E-CMW520-R1233 switches are affected.
• Ref: http://support.3com.com/documents/H3C/switches/9500/H3C_S9500E_CMW5.20.R1233P01_
  Release_Notes.pdf

(c) 2010. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge by the SANS Institute to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization. For a free subscription or to update a current subscription, visit http://portal.sans.org/