@RISK: The Consensus Security Vulnerability Alert

Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys

• (1) HIGH: Adobe Acrobat and Reader Multiple Code Execution Vulnerabilities
• (2) MODERATE: Foxit Reader Title Parsing Buffer Overflow Exploit

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)

Third Party Windows Apps

• 10.41.1 - MixSense DJ Studio ".mp3" File Remote Buffer Overflow Issue
• 10.41.2 - Mp3-Nator ".dat" File Remote Buffer Overflow Issue
• 10.41.3 - Hanso Player ".m3u" File Remote Buffer Overflow Issue

Linux

• 10.41.4 - Linux Kernel Xen Hypervisor Implementation Denial of Service Issue
• 10.41.5 - Linux Kernel OCFS2 Fast Symlink Memory Corruption
• 10.41.6 - Linux Kernel "set_ftrace_filter" File Local Denial of Service
• 10.41.7 - Linux Kernel SCTP HMAC Handling Memory Corruption Issue

Novell

• 10.41.8 - Novell iManager "getMultiPartParameters()" Arbitrary File Upload Issue
• 10.41.9 - Novell eDirectory Server Malformed Index Denial of Service Issue

Cross Platform

• 10.41.10 - ISC BIND Denial of Service and Security Bypass
• 10.41.11 - Opera Web Browser Multiple Security Issues
• 10.41.12 - SciTE ".rb" File Buffer Overflow Issue
• 10.41.13 - IBM DB2 prior to 9.5 Fix Pack 6a Unspecified Buffer Overflow
• 10.41.14 - Apache XML-RPC SAX Parser Information Disclosure Issue
• 10.41.15 - Barracuda Networks Spam & Virus Firewall "view_help.cgi" Directory Traversal Issue
• 10.41.16 - FreeRADIUS Multiple Denial of Service Vulnerabilities
• 10.41.17 - Apache APR-util "apr_brigade_split_line" Denial of Service Issue
• 10.41.18 - Subversion Server "SVNPathAuthz" Restriction Security Bypass Issue
• 10.41.19 - Oracle MySQL Prior to 5.1.51 Multiple Denial of Service Vulnerabilities
• 10.41.20 - Oracle MySQL Privilege Escalation Issue
• 10.41.21 - Research In Motion BlackBerry Device Software Cross-Domain Information Disclosure Issue
• 10.41.22 - Dovecot Access Control List Multiple Remote Vulnerabilities
• 10.41.23 - activeCollab Security Bypass
• 10.41.24 - SmarterMail Multiple HTML Injection Issues
• 10.41.25 - FreeType Rendering Engine Position Value Heap Buffer Overflow Issue
• 10.41.26 - Marcelo Costa FileServer Directory Traversal Issue
• 10.41.27 - PostgreSQL PL/Perl and PL/Tcl Local Privilege Escalation
• 10.41.28 - Socks Server 5 Unspecified Security Issue
• 10.41.29 - MIT Kerberos KDC "kdc_authdata.c" NULL Pointer Denial of Service
• 10.41.30 - Adobe Reader and Acrobat Security updates

Web Application - Cross Site Scripting

• 10.41.31 - Mantis Multiple Cross-Site Scripting Issues
• 10.41.32 - Drupal Memcache Security Bypass and Cross-Site Scripting Issues
• 10.41.33 - SurgeMail SurgeWeb Cross-Site Scripting Issue
• 10.41.34 - Online Guestbook Pro "ogp_show.php" Cross-Site Scripting Issue
• 10.41.35 - Rentventory "index.php" Multiple Cross-Site Scripting Issues
• 10.41.36 - StatsCode Multiple Cross-Site Scripting Vulnerabilities
• 10.41.37 - JNM Solutions DB Top Sites "vote.php" Cross-Site Scripting
• 10.41.38 - Linea21 "search" Parameter Cross-Site Scripting Issue
• 10.41.39 - SquirrelMail Virtual Keyboard Plugin

Web Application - SQL Injection

• 10.41.40 - Phenotype CMS "login.php" SQL Injection Issue
• 10.41.41 - Zen Cart Multiple Input Validation Issues
• 10.41.42 - MyMsg "Profile.php" SQL Injection Issue
• 10.41.43 - Morcego CMS "fichero.php" SQL Injection Issue
• 10.41.44 - Tausch Ticket Script Multiple SQL Injection Vulnerabilities
• 10.41.45 - ITS SCADA Username SQL Injection
• 10.41.46 - FAQMasterFlex "faq.php" SQL Injection
• 10.41.47 - almnzm "customer" Parameter SQL Injection
• 10.41.48 - ForumPal "login.asp" SQL Injection Issue
• 10.41.49 - KerviNet Forum Multiple SQL Injection Vulnerabilities

Web Application

• 10.41.50 - Drupal Imagemenu Module HTML Injection and Cross-Site Request Forgery Issues
• 10.41.51 - GenCMS Multiple Local File Include Issues
• 10.41.52 - Top Paidmailer "home.php" Remote File Include Issue
• 10.41.53 - TradeMC E-Ticaret Cross-Site Scripting and SQL Injection Issues
• 10.41.54 - Hastymail2 "htmLawed.php" HTML Injection
• 10.41.55 - Rapidsendit Clone Script "admin.php" Insecure Cookie Authentication Bypass
• 10.41.56 - Ebay Clone Cross-Site Scripting and SQL Injection Vulnerabilities
• 10.41.57 - Uebimiau Webmail "stage" Parameter Local File Include
• 10.41.58 - CAG's Simple CMS Multiple Cross-Site Scripting and SQL Injection Vulnerabilities

Network Device

• 10.41.59 - Intellicom Netbiter webSCADA Products "read.cgi" Multiple Remote Security Vulnerabilities
• 10.41.60 - Symbian S60 "euser.dll" Memory Corruption Issue

PART I Critical Vulnerabilities

Part I for this issue has been compiled by Josh Bronson at TippingPoint, a division of HP, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 41, 2010

Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com) This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 10265 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

• 10.41.1 - CVE: CVE-2009-3808
• Platform: Third Party Windows Apps
• Title: MixSense DJ Studio ".mp3" File Remote Buffer Overflow Issue
• Description: MixSense DJ Studio is a media player for Microsoft Windows. The application is exposed to a remote buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input. Specifically, this issue occurs when parsing a specially crafted ".mp3" file. MixSense DJ Studio version 1.0.0.1 is affected.
• Ref: http://www.securityfocus.com/bid/43568

• 10.41.2 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: Mp3-Nator ".dat" File Remote Buffer Overflow Issue
• Description: Mp3-Nator is a multimedia application available for Microsoft Windows. The application is exposed to a remote buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input. Specifically, this issue occurs when processing a specially crafted ".dat" file. Mp3-Nator 2.0 is affected.
• Ref: http://www.securityfocus.com/bid/43668

• 10.41.3 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: Hanso Player ".m3u" File Remote Buffer Overflow Issue
• Description: Hanso Player is an audio player available for Microsoft Windows. The application is exposed to a remote buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input. Specifically, this issue occurs when processing a specially crafted ".m3u" file. Hanso Player version 1.3.0 is affected.
• Ref: http://www.securityfocus.com/bid/43683

• 10.41.4 - CVE: CVE-2010-2938
• Platform: Linux
• Title: Linux Kernel Xen Hypervisor Implementation Denial of Service Issue
• Description: Xen is an open source hypervisor, a virtual machine monitor. The Linux kernel is exposed to a denial of service issue. This issue occurs because of an error in the implementation of Xen hypervisor when attempting to dump information about a crashing, fully virtualized guest.
• Ref: http://www.securityfocus.com/bid/43578

• 10.41.5 - CVE: Not Available
• Platform: Linux
• Title: Linux Kernel OCFS2 Fast Symlink Memory Corruption
• Description: The OCFS2 (Oracle Cluster File System) filesystem is a shared-disk clustered filesystem. The Linux kernel is exposed to a memory corruption issue that affects the OCFS2 filesystem. Specifically, in OCFS2, fast symlinks (symbolic links stored directly in an inode block) are terminated by NULL characters.
• Ref: http://git.kernel.org/?p=linux/kernel/git/jlbec/ocfs2.git;a=commitdiff;h=1fc8a11
  7865b54590acd773a55fbac9221b018f0;hp=899611ee7d373e5eeda08e9a8632684e1ebbbf00

• 10.41.6 - CVE: CVE-2010-3079
• Platform: Linux
• Title: Linux Kernel "set_ftrace_filter" File Local Denial of Service
• Description: The Linux kernel is exposed to a local denial of service issue affecting file descriptors associated with the "set_ftrace_filter" file. The Linux kernel with "ftrace.c" before 2.6.35.5 is affected.
• Ref: https://bugzilla.redhat.com/show_bug.cgi?id=631623

• 10.41.7 - CVE: Not Available
• Platform: Linux
• Title: Linux Kernel SCTP HMAC Handling Memory Corruption Issue
• Description: The Linux kernel is exposed to a memory corruption issue that may allow attackers to trigger a denial of service. Specifically, this issue occurs in "sctp_auth_asoc_get_hmac()" when parsing supported HMAC authentication options of a peer.
• Ref: http://www.securityfocus.com/bid/43701

• 10.41.8 - CVE: Not Available
• Platform: Novell
• Title: Novell iManager "getMultiPartParameters()" Arbitrary File Upload Issue
• Description: Novell iManager is a web-based management portal for various Novell products. The application is exposed to an arbitrary file upload issue because it fails to properly sanitize user-supplied input. Specifically, this issue affects the "getMultiPartParameters()" when validating uploaded files. Novell iManager version 2.7.3.2 and prior are affected.
• Ref: http://www.securityfocus.com/bid/43635

• 10.41.9 - CVE: Not Available
• Platform: Novell
• Title: Novell eDirectory Server Malformed Index Denial of Service Issue
• Description: Novell eDirectory is a directory service that is used to centrally manage computer resources on a network. Novell eDirectory is exposed to a denial of service issue that affects the Server's NCP implementation, which binds to TCP Port 524 by default. Novell eDirectory versions prior to 8.8.5 ftf3 are affected.
• Ref: http://www.securityfocus.com/bid/43662

• 10.41.10 - CVE: CVE-2010-0218
• Platform: Cross Platform
• Title: ISC BIND Denial of Service and Security Bypass
• Description: ISC BIND (Berkley Internet Domain Name) is an implementation of DNS protocols. ISC BIND is exposed to multiple issues. A denial of service issue affects the application and a security bypass issue affects the application can be exploited to access the cache via recursion even if an ACL restricts it. ISC BIND versions 9.7.2 through 9.7.2-P1 are affected.
• Ref: https://lists.isc.org/pipermail/bind-announce/2010-September/000655.html

• 10.41.11 - CVE: Not Available
• Platform: Cross Platform
• Title: Opera Web Browser Multiple Security Issues
• Description: Opera is a cross-platform web browser. The application is exposed to multiple security issues because it fails to properly sanitize user-supplied input. Opera 10.62 and prior are affected.
• Ref: http://www.securityfocus.com/bid/43607

• 10.41.12 - CVE: CVE-2009-3857
• Platform: Cross Platform
• Title: SciTE ".rb" File Buffer Overflow Issue
• Description: SciTE is a source code editor. The application is exposed to a buffer overflow issue because it fails to perform adequate checks on user-supplied input. Specifically, this issue occurs when opening a specially crafted ".rb" source code file. SciTE version 1.72 is affected.
• Ref: http://www.securityfocus.com/bid/43612

• 10.41.13 - CVE: Not Available
• Platform: Cross Platform
• Title: IBM DB2 prior to 9.5 Fix Pack 6a Unspecified Buffer Overflow
• Description: IBM DB2 is a database manager. IBM DB2 is exposed to a buffer overflow issue because it fails to perform adequate checks on user-supplied input. IBM DB2 versions prior to 9.5 Fix Pack 6a are affected.
• Ref: ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT

• 10.41.14 - CVE: Not Available
• Platform: Cross Platform
• Title: Apache XML-RPC SAX Parser Information Disclosure Issue
• Description: Apache XML-RPC is a java-based implementation of the XML-RPC protocol. Apache XML-RPC is exposed to an information disclosure issue because it allows the SAX Parser to include external entities. Apache XML-RPC versions prior to 3.1.3 are affected.
• Ref: http://www.securityfocus.com/bid/43637

• 10.41.15 - CVE: Not Available
• Platform: Cross Platform
• Title: Barracuda Networks Spam & Virus Firewall "view_help.cgi" Directory Traversal Issue
• Description: Barracuda Networks Spam & Virus Firewall is an email security application. Barracuda Networks Spam & Virus Firewall is exposed to a directory traversal issue because it fails to sufficiently sanitize user-supplied input to the "locale" parameter of the "cgi-mod/view-help.cgi" script. Spam & Virus Firewall version 4.1.1.021 is affected.
• Ref: http://www.securityfocus.com/bid/43520

• 10.41.16 - CVE: Not Available
• Platform: Cross Platform
• Title: FreeRADIUS Multiple Denial of Service Vulnerabilities
• Description: FreeRADIUS is a RADIUS server available for the Unix and Linux platforms. FreeRADIUS is exposed to multiple denial of service issues because it fails to properly handle requests queued in "main/event.c" for more than 30 seconds and "DHCP" requests in "lib/dhcp.c" with the "Relay Agent Information" option. FreeRADIUS version 2.1.9 is affected.
• Ref: http://freeradius.org/press/index.html#2.1.10

• 10.41.17 - CVE: CVE-2010-1623
• Platform: Cross Platform
• Title: Apache APR-util "apr_brigade_split_line" Denial of Service Issue
• Description: Apache "APR-util" is a library of utility functions used by several applications, including the Apache HTTP server. "APR-util" is exposed to a denial of service issue. Specifically, the issue affects the "apr_brigade_split_line" function in the "apr_brigade.c" file. "APR-util" versions prior to 1.3.10 are affected.
• Ref: http://www.securityfocus.com/bid/43673

• 10.41.18 - CVE: CVE-2010-3315
• Platform: Cross Platform
• Title: Subversion Server "SVNPathAuthz" Restriction Security Bypass Issue
• Description: Subversion server is an open-source version control application. The application is exposed to a security bypass issue that affects the "SVNPathAuthz" configuration directive of the "mod_dav_svn" module. Subversion server versions 1.5.0 through 1.5.7 and versions 1.6.0 through 1.6.12 are affected.
• Ref: http://www.securityfocus.com/bid/43678

• 10.41.19 - CVE: Not Available
• Platform: Cross Platform
• Title: Oracle MySQL Prior to 5.1.51 Multiple Denial of Service Vulnerabilities
• Description: MySQL is an open-source SQL database available for multiple operating systems. MySQL is exposed to multiple denial of service issues. An attacker can exploit these issues to crash the database, denying access to legitimate users. MySQL versions prior to 5.1.51 are affected.
• Ref: http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html

• 10.41.20 - CVE: Not Available
• Platform: Cross Platform
• Title: Oracle MySQL Privilege Escalation Issue
• Description: MySQL is an open-source SQL database available for multiple operating systems. MySQL is exposed to a remote privilege escalation issue. MySQL versions prior to 5.1.50 are affected.
• Ref: http://www.securityfocus.com/bid/43677

• 10.41.21 - CVE: Not Available
• Platform: Cross Platform
• Title: Research In Motion BlackBerry Device Software Cross-Domain Information Disclosure Issue
• Description: Research In Motion BlackBerry Device Software is the user interface application for BlackBerry mobile phones. The software includes common utilities and applications such as a web browser. Research In Motion BlackBerry Device Software is exposed to a cross-domain information disclosure issue because the application's web browser fails to properly enforce the same origin policy on iframe content.
• Ref: http://www.securityfocus.com/bid/43685

• 10.41.22 - CVE: CVE-2010-3706, CVE-2010-3707
• Platform: Cross Platform
• Title: Dovecot Access Control List Multiple Remote Vulnerabilities
• Description: Dovecot is a mail server available for UNIX and Linux platforms. Dovecot is exposed to multiple remote issues. Successful exploits may allow attackers to mislead unsuspecting victims or gain elevated privileges on the affected application. Dovecot versions prior to 1.2.15 are affected.
• Ref: http://www.dovecot.org/list/dovecot/2010-October/053452.html

• 10.41.23 - CVE: CVE-2010-0215
• Platform: Cross Platform
• Title: activeCollab Security Bypass
• Description: activeCollab is a project management and collaboration tool. The application is exposed to a security bypass issue that allows an authenticated attacker to subscribe, edit, or delete content of projects without proper authorization by using specially crafted URIs. activeCollab version 2.3.1 is affected.
• Ref: http://www.activecollab.com/docs/manuals/admin/release-notes/activecollab-2-3-2

• 10.41.24 - CVE: Not Available
• Platform: Cross Platform
• Title: SmarterMail Multiple HTML Injection Issues
• Description: SmarterMail is an ASP-based mail server application. The application is exposed to multiple HTML injection issues because it fails to properly sanitize user-supplied input. SmarterTools SmarterMail version 7.2.3925 is affected.
• Ref: http://www.securityfocus.com/bid/43698

• 10.41.25 - CVE: CVE-2010-3311
• Platform: Cross Platform
• Title: FreeType Rendering Engine Position Value Heap Buffer Overflow Issue
• Description: FreeType is an open-source font-handling library. FreeType is exposed to a heap-based buffer overflow issue. This issue occurs because the application's rendering engine fails to validate certain position values when processing input streams.
• Ref: http://www.securityfocus.com/bid/43700

• 10.41.26 - CVE: CVE-2009-2544
• Platform: Cross Platform
• Title: Marcelo Costa FileServer Directory Traversal Issue
• Description: Marcelo Costa FileServer is a file sharing script for Windows Live Messenger. The application is exposed to a directory traversal issue because it fails to sufficiently sanitize user-supplied input passed to the "!cd" command. Marcelo Costa FileServer version 1.0 is affected.
• Ref: http://www.securityfocus.com/bid/43688

• 10.41.27 - CVE: CVE-2010-3433
• Platform: Cross Platform
• Title: PostgreSQL PL/Perl and PL/Tcl Local Privilege Escalation
• Description: PostgreSQL is an open-source database application for Windows, UNIX and Linux. PostgreSQL is exposed to a local privilege escalation issue that occurs in the Perl or Tcl code. Specifically this issue may allow attackers with rights to access the Perl or Tcl language to execute arbitrary commands with the privileges of the victim. PostgreSQL versions prior to 9.0.1 are affected.
• Ref: http://www.postgresql.org/support/security

• 10.41.28 - CVE: CVE-2009-2368
• Platform: Cross Platform
• Title: Socks Server 5 Unspecified Security Issue
• Description: Socks Server 5 is a server that implements the SOCKS v4 and v5 protocol. The application is exposed to a remote security issue caused by unspecified error. Socks Server versions prior to 5 3.7.8-8 are affected.
• Ref: http://www.securityfocus.com/bid/43752

• 10.41.29 - CVE: CVE-2010-1322
• Platform: Cross Platform
• Title: MIT Kerberos KDC "kdc_authdata.c" NULL Pointer Denial of Service
• Description: MIT Kerberos is a suite of applications and libraries designed to implement the Kerberos network authentication protocol. MIT Kerberos is exposed to a remote denial of service issue caused by a NULL pointer dereference error. MIT Kerberos 5 versions 1.8 through 1.8.3 are affected.
• Ref: http://www.securityfocus.com/archive/1/514144

• 10.41.30 - CVE:CVE-2010-2883,CVE-2010-2884,CVE-2010-2887,CVE-2010-2888,CVE-2010-2889,CVE-2010-2890,CVE-2010-3619,CVE-2010-3620,CVE-2010-3621,CVE-2010-3622,CVE-2010-3623,CVE-2010-3624,CVE-2010-3625,CVE-2010-3626,CVE-2010-3627,CVE-2010-3628,CVE-2010-3629,CVE-2010-3630
• Platform: Cross Platform
• Title: Adobe Reader and Acrobat Security updates
• Description: Adobe Reader and Acrobat are applications for handling PDF files. Adobe Acrobat and Reader are exposed to multiple security issues. Adobe Reader and Acrobat versions prior to and including 9.3.4 and 8.2.4 are affected.
• Ref: http://www.adobe.com/support/security/bulletins/apsb10-21.html

• 10.41.31 - CVE: CVE-2010-3303
• Platform: Web Application - Cross Site Scripting
• Title: Mantis Multiple Cross-Site Scripting Issues
• Description: Mantis is a web-based bug tracker. The application is exposed to multiple cross-site scripting issues. Mantis versions prior to 1.2.3 are affected.
• Ref: http://www.securityfocus.com/bid/43604

• 10.41.32 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: Drupal Memcache Security Bypass and Cross-Site Scripting Issues
• Description: Memcache module is an alternative cache backend for the memcached program to speed up high traffic sites. The module is exposed to multiple security issues. Memcache for Drupal 6.x versions prior to 6.x-1.6 are affected and Memcache for Drupal 5.x versions prior to 5.x-1.10 are affected.
• Ref: http://www.securityfocus.com/bid/43606

• 10.41.33 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: SurgeMail SurgeWeb Cross-Site Scripting Issue
• Description: SurgeMail is a mail server. SurgeMail is exposed to a cross-site scripting issue that affects the SurgeWeb web interface because it fails to sufficiently sanitize user-supplied input to the "username_ex" parameter. SurgeMail version 4.3e is affected.
• Ref: http://www.securityfocus.com/bid/43679

• 10.41.34 - CVE: CVE-2009-2441
• Platform: Web Application - Cross Site Scripting
• Title: Online Guestbook Pro "ogp_show.php" Cross-Site Scripting Issue
• Description: Online Guestbook Pro is a PHP-based guestbook application. Online Guestbook Pro is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input to the "entry" parameter of the "ogp_show.php" script. Online Guestbook Pro version 5.1 is affected.
• Ref: http://www.securityfocus.com/bid/43689

• 10.41.35 - CVE: CVE-2009-2437
• Platform: Web Application - Cross Site Scripting
• Title: Rentventory "index.php" Multiple Cross-Site Scripting Issues
• Description: Rentventory is a PHP-based web application. The application is exposed to multiple cross-site scripting issues because the application fails to sufficiently sanitize user supplied data, specifically to the "login" and "password" fields of the "index.php" script. Rentventory version 1.0.1 is affected.
• Ref: http://www.securityfocus.com/bid/43692

• 10.41.36 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: StatsCode Multiple Cross-Site Scripting Vulnerabilities
• Description: StatsCode is a website statistics application. The application is exposed to multiple cross-site scripting issues because it fails to properly sanitize user-supplied input to the "Login" and "Password" fields of the "index.php" script.
• Ref: http://www.securityfocus.com/bid/43693

• 10.41.37 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: JNM Solutions DB Top Sites "vote.php" Cross-Site Scripting
• Description: JNM Solutions DB Top Sites is a PHP-based web application. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied data to the "u" parameter of the "vote.php" script. JNM Solutions DB Top Sites version 1.0 is affected.
• Ref: http://www.securityfocus.com/bid/43699

• 10.41.38 - CVE: CVE-2009-2442
• Platform: Web Application - Cross Site Scripting
• Title: Linea21 "search" Parameter Cross-Site Scripting Issue
• Description: Linea21 is a PHP-based content management application. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied data to the "search" parameter of the "index.php" script. Linea21 version 1.2.1 is affected.
• Ref: http://www.securityfocus.com/bid/43711

• 10.41.39 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: SquirrelMail Virtual Keyboard Plugin
• Description: Virtual Keyboard is a plugin for the SquirrelMail webmail application. Virtual Keyboard is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied data to the "passformname" parameter of the "vkeyboard.php" script. Virtual Keyboard 0.9.1 and prior are affected.
• Ref: http://www.securityfocus.com/bid/43749

• 10.41.40 - CVE: CVE-2009-3543
• Platform: Web Application - SQL Injection
• Title: Phenotype CMS "login.php" SQL Injection Issue
• Description: Phenotype CMS is a PHP-based content management system. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user supplied data to the "user" parameter of the "_phenotype/admin/login.php" script. Phenotype CMS version 2.8 is affected.
• Ref: http://www.securityfocus.com/bid/43620

• 10.41.41 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Zen Cart Multiple Input Validation Issues
• Description: Zen Cart is a PHP-based e-commerce application. The application is exposed to multiple security issues. Zen Cart version 1.3.9f is affected.
• Ref: http://www.securityfocus.com/bid/43628

• 10.41.42 - CVE: CVE-2009-3528
• Platform: Web Application - SQL Injection
• Title: MyMsg "Profile.php" SQL Injection Issue
• Description: MyMsg is a PHP-based web application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user supplied data to the "uid" parameter of the "Profile.php" script. MyMsg version 1.0.3 is affected.
• Ref: http://www.securityfocus.com/bid/43618

• 10.41.43 - CVE: CVE-2009-3713
• Platform: Web Application - SQL Injection
• Title: Morcego CMS "fichero.php" SQL Injection Issue
• Description: Morcego CMS is a content management system implemented in PHP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user supplied data to an unspecified parameter of the "fichero.php" script before using it in an SQL query. Morcego CMS version 1.7.6 is affected.
• Ref: http://www.securityfocus.com/bid/43638

• 10.41.44 - CVE: CVE-2009-2428
• Platform: Web Application - SQL Injection
• Title: Tausch Ticket Script Multiple SQL Injection Vulnerabilities
• Description: Tausch Ticket Script is a PHP-based web application. Tausch Ticket Script is exposed to multiple SQL injection issues because it fails to properly sanitize user-supplied input. Tausch Ticket Script version 3 is affected.
• Ref: http://www.securityfocus.com/bid/43710

• 10.41.45 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: ITS SCADA Username SQL Injection
• Description: ITS SCADA is a Supervisory Control And Data Acquisition (SCADA) system that allows users to interface with Motorola MOSCAD devices and products developed by Wonderware. The application is exposed to an SQL injection issue because it fails to properly sanitize input to the "Username" field of the login page.
• Ref: http://www.securityfocus.com/archive/1/514119

• 10.41.46 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: FAQMasterFlex "faq.php" SQL Injection
• Description: FAQMasterFlex is a web application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "category_id" parameter of the "faq.php" script before using it in an SQL query. FAQMasterFlex version 1.2 is affected.
• Ref: http://www.securityfocus.com/bid/43691

• 10.41.47 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: almnzm "customer" Parameter SQL Injection
• Description: almnzm is a PHP-based web application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "customer" parameter of the "index.php" script before using it in an SQL query. almnzm version 2.0 is affected.
• Ref: http://www.securityfocus.com/bid/43745

• 10.41.48 - CVE: CVE-2009-2366
• Platform: Web Application - SQL Injection
• Title: ForumPal "login.asp" SQL Injection Issue
• Description: ForumPal is a web application implemented in ASP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied input to the password field of the "login.asp" script before using it in an SQL query. ForumPal version 1.5 is affected.
• Ref: http://www.securityfocus.com/bid/43742

• 10.41.49 - CVE: CVE-2009-2326
• Platform: Web Application - SQL Injection
• Title: KerviNet Forum Multiple SQL Injection Vulnerabilities
• Description: KerviNet Forum is a PHP-based web application. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data. KerviNet Forum version 1.1 is affected.
• Ref: http://www.securityfocus.com/bid/43748

• 10.41.50 - CVE: Not Available
• Platform: Web Application
• Title: Drupal Imagemenu Module HTML Injection and Cross-Site Request Forgery Issues
• Description: Imagemenu is a module to create and maintain image-based menus for the Drupal content manager. The module is exposed to the multiple security issues. Imagemenu versions prior to 5.x-1.2 and 6.x-1.3 are affected.
• Ref: http://www.securityfocus.com/bid/43598

• 10.41.51 - CVE: CVE-2009-3825
• Platform: Web Application
• Title: GenCMS Multiple Local File Include Issues
• Description: GenCMS is a PHP-based content management system. The application is exposed to multiple local file include issues because it fails to properly sanitize user supplied input to the "p" parameter of the "show.php" script and the "Template" parameter of the "admin/pages/SiteNew.php" script. GenCMS version 2006 is affected.
• Ref: http://www.securityfocus.com/bid/43614

• 10.41.52 - CVE: CVE-2009-4750
• Platform: Web Application
• Title: Top Paidmailer "home.php" Remote File Include Issue
• Description: Top Paidmailer is a PHP-based web application. The application is exposed to a remote file include issue because it fails to properly sanitize user-supplied input to the "page" parameter of the "home.php" script.
• Ref: http://www.securityfocus.com/bid/43626

• 10.41.53 - CVE: Not Available
• Platform: Web Application
• Title: TradeMC E-Ticaret Cross-Site Scripting and SQL Injection Issues
• Description: TradeMC E-Ticaret is an ASP-based e-commerce application. The application is exposed to the multiple security issues like cross-site scripting and SQL injection.
• Ref: http://www.securityfocus.com/bid/43670

• 10.41.54 - CVE: Not Available
• Platform: Web Application
• Title: Hastymail2 "htmLawed.php" HTML Injection
• Description: Hastymail2 is a PHP-based IMAP/SMTP mail client. Hastymail2 is exposed to an HTML injection issue. The application fails to properly sanitize user-supplied input before using it in dynamically generated content. Hastymail2 versions prior to 1.01 are affected.
• Ref: http://www.hastymail.org/security/

• 10.41.55 - CVE: Not Available
• Platform: Web Application
• Title: Rapidsendit Clone Script "admin.php" Insecure Cookie Authentication Bypass
• Description: Rapidsendit Clone Script is a file hosting script. Rapidsendit Clone Script is exposed to an authentication bypass issue because it fails to adequately verify user-supplied input used for cookie-based authentication. Rapidsendit Clone Script versions 2.1 and earlier are affected.
• Ref: http://www.securityfocus.com/bid/43702

• 10.41.56 - CVE: CVE-2009-2424,CVE-2009-2423
• Platform: Web Application
• Title: Ebay Clone Cross-Site Scripting and SQL Injection Vulnerabilities
• Description: Ebay Clone is a PHP-based web application. The application is exposed to multiple issues because it fails to sufficiently sanitize user-supplied input. Ebay Clone 2009 is affected.
• Ref: http://www.securityfocus.com/bid/43720

• 10.41.57 - CVE: Not Available
• Platform: Web Application
• Title: Uebimiau Webmail "stage" Parameter Local File Include
• Description: Uebimiau Webmail is a web application. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "stage" parameter in the "/webmail/admin/install/index.php" script. Uebimiau Webmail version 3.2.0-2.0 is affected.
• Ref: http://www.securityfocus.com/bid/43713

• 10.41.58 - CVE: Not Available
• Platform: Web Application
• Title: CAG's Simple CMS Multiple Cross-Site Scripting and SQL Injection Vulnerabilities
• Description: CAG's Simple Content Management System is a PHP-based content management application. The application is exposed to multiple input validation issues because it fails to sufficiently sanitize user-supplied data. CAG's Simple Content Management System version 0.2 Beta is affected.
• Ref: http://www.securityfocus.com/bid/43719

• 10.41.59 - CVE: Not Available
• Platform: Network Device
• Title: Intellicom Netbiter webSCADA Products "read.cgi" Multiple Remote Security Vulnerabilities
• Description: Intellicom Netbiter webSCADA products are web gateways for industrial serial devices. The products are exposed to multiple issues. A directory traversal issue affects the "page" parameter of the "cgi-bin/read.cgi" script because the application fails to properly sanitize user-supplied input. An information disclosure issue affects the "file" parameter of the "cgi-bin/read.cgi" script. An arbitrary file upload issue affects the "cgi-bin/read.cgi" script. Netbiter webSCADA WS100 and Netbiter webSCADA WS200 are affected.
• Ref: http://www.securityfocus.com/archive/1/514104

• 10.41.60 - CVE: Not Available
• Platform: Network Device
• Title: Symbian S60 "euser.dll" Memory Corruption Issue
• Description: Symbian S60 is an operating system for mobile phones. Symbian S60 is exposed to a memory corruption issue when handling specially crafted input. The "euser.dll" dynamic link library is affected. The following devices running Symbian S60 9.3 3rd Edition are affected: Nokia N96, Nokia E61i and Nokia E71
• Ref: http://www.securityfocus.com/bid/43761

(c) 2010. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge by the SANS Institute to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization. For a free subscription or to update a current subscription, visit http://portal.sans.org/