@RISK: The Consensus Security Vulnerability Alert

Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys

• (1) HIGH: Adobe Shockwave Player
• (2) HIGH: Mozilla Multiple Products Security Updates
• (3) HIGH: RealNetworks RealPlayer Security Update
• (4) MEDIUM: Google Chrome Security Update
• (5) MEDIUM: VLC Multimedia Firefox Plug-in File Memory Corruption

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)

Third Party Windows Apps

• 10.43.1 - Nuance PDF Reader "pdfcore8.dll" Remote Stack Buffer Overflow
• 10.43.2 - Gekko Manager FTP Client "LIST" Command Remote Buffer Overflow
• 10.43.3 - Torrent DVD Creator "quserex.dll" DLL Loading Arbitrary Code Execution
• 10.43.4 - XacRett "explorer.exe" Executable Loading Arbitrary Code Execution
• 10.43.5 - Roxio CinePlayer "IAManager.dll" ActiveX Control Remote Heap Buffer Overflow
• 10.43.6 - httpdx dot Character Remote File Disclosure
• 10.43.7 - DJ Legend ".pls" File Remote Buffer Overflow
• 10.43.8 - Sahar Money Manager "unicows.dll" DLL Loading Arbitrary Code Execution
• 10.43.9 - Faslo Player ".m3u" File Stack Buffer Overflow
• 10.43.10 - Free 3GP Video Converter "quserex.dll" DLL Loading Arbitrary Code Execution
• 10.43.11 - ALPHA Player ".bmp" File Buffer Overflow

Linux

• 10.43.12 - Linux Kernel 915 GEM IOCTL Local Memory Overwrite
• 10.43.13 - Red Hat Enterprise MRG Messaging Multiple Denial of Service Vulnerabilities
• 10.43.14 - Linux Kernel ALSA "sound/core/control.c" Local Integer Overflow
• 10.43.15 - Linux Kernel Reliable Datagram Sockets (RDS) Protocol Local Privilege Escalation Issue

Cross Platform

• 10.43.16 - curl "Content-Disposition" HTTP Header Arbitrary File Overwrite
• 10.43.17 - Fujitsu Accela BizSearch Unspecified Phishing Issue
• 10.43.18 - Apple iOS for iPhone/iPad/iPod touch Local Privilege Escalation
• 10.43.19 - Wireshark ASN.1 BER Dissector Denial of Service Issue
• 10.43.20 - Winamp 5.581 and Prior Multiple Buffer Overflow Vulnerabilities
• 10.43.21 - Oracle Sun Convergence Webmail Remote Security Issue
• 10.43.22 - Odin Secure FTP Expert "LIST" Command Remote Stack Buffer Overflow
• 10.43.23 - Ken FTP Remote Buffer Overflow
• 10.43.24 - OpenConnect "webvpn" Cookie Debugging Output Information Disclosure
• 10.43.25 - httpdx "tolog" Function Multiple Remote Format String Vulnerabilities
• 10.43.26 - OpenConnect Insecure Temporary File Creation
• 10.43.27 - GNU glibc Dynamic Linker "$ORIGIN" Local Privilege Escalation
• 10.43.28 - IBM solidDB Multiple Denial of Service Vulnerabilities
• 10.43.29 - OpenConnect HTTP Status Code Remote Denial of Service Issue
• 10.43.30 - Cobbler Kickstart Template Remote Privilege Escalation Issue
• 10.43.31 - IBM Rational Quality Manager and Test Lab Manager Remote Code Execution Issue
• 10.43.32 - McAfee VirusScan "hcp://" Protocol Handler Security Bypass
• 10.43.33 - AVG Antivirus "hcp://" Protocol Handler Security Bypass Issue
• 10.43.34 - IBM Informix Dynamic Server DBINFO keyword Remote Stack Buffer Overflow
• 10.43.35 - Flex Code Generation Unspecified Security Issue
• 10.43.36 - Symantec Norton Antivirus 2011 "hpc://" Protocol Handler Security Bypass Issue
• 10.43.37 - VLC Media Player Mozilla Multimedia Plug-in Remote Code Execution
• 10.43.38 - LFTP "Content-Disposition" HTTP Header Arbitrary File Overwrite Issue
• 10.43.39 - Google Chrome Bidi Algorithm Memory Corruption
• 10.43.40 - Teiid LDAP Authentication Security Bypass Issue
• 10.43.41 - Mozilla Firefox, Thunderbird and SeaMonkey Security Updates

Web Application - Cross Site Scripting

• 10.43.42 - TWiki Multiple Cross-Site Scripting Vulnerabilities
• 10.43.43 - Attachmate Reflection for the Web Cross-Site Scripting
• 10.43.44 - Adobe RoboHelp Server and RoboHelp Cross-Site Scripting
• 10.43.45 - eXV2 CMS Multiple Cross-Site Scripting Vulnerabilities
• 10.43.46 - HP Easy Shopping Cart "subitems.php" Cross-Site Scripting Issue
• 10.43.47 - PDshopPro "search.asp" Cross-Site Scripting Issue
• 10.43.48 - AD-EDIT2 Multiple Cross-Site Scripting Issues
• 10.43.49 - SkyBlueCanvas "admin.php" Multiple Cross-Site Scripting Vulnerabilities

Web Application - SQL Injection

• 10.43.50 - AdaptWeb Local File Include and SQL Injection Vulnerabilities
• 10.43.51 - Silurus System "wcategory.php" SQL Injection Issue
• 10.43.52 - Silurus System "category.php" SQL Injection Issue

Web Application

• 10.43.53 - The Uploader "download_checker.php" Directory Traversal
• 10.43.54 - KCFinder Project Arbitrary File Upload
• 10.43.55 - Campus Virtual-LMS Cross-Site Scripting and SQL Injection Vulnerabilities
• 10.43.56 - Logoshows BBS Administrator Cookie Authentication Bypass

Network Device

• 10.43.57 - NETGEAR CG3100D Remote Security Bypass and Privilege Escalation Vulnerabilities
• 10.43.58 - Kingston DataTraveler USB Flash Drives Access Control Security Bypass

PART I Critical Vulnerabilities

Part I for this issue has been compiled by Josh Bronson at TippingPoint, a division of HP, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/risk/#process

Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 43, 2010

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com) This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 10350 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

• 10.43.1 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: Nuance PDF Reader "pdfcore8.dll" Remote Stack Buffer Overflow
• Description: Nuance PDF Reader is a PDF document handling application for Microsoft Windows. Nuance PDF Reader is exposed to a remote buffer overflow issue because the application fails to perform adequate boundary checks on user-supplied data. Nuance PDF Reader versions prior to 6.0 (Product ID: PD-1031-001-10472.1) are affected.
• Ref: http://www.securityfocus.com/bid/44059

• 10.43.2 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: Gekko Manager FTP Client "LIST" Command Remote Buffer Overflow
• Description: Gekko Manager is a file manager and FTP client available for Windows. The FTP client component of the application is exposed to a stack-based buffer overflow issue because it fails to properly validate the filenames sent as a response to the "LIST" command in FTP connections before copying it into an insufficiently sized buffer. Gekko Manager version 0.77 is affected.
• Ref: http://www.securityfocus.com/bid/44097

• 10.43.3 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: Torrent DVD Creator "quserex.dll" DLL Loading Arbitrary Code Execution
• Description: Torrent DVD Creator is a DVD creator and burner. Torrent DVD Creator is exposed to an issue that lets attackers execute arbitrary code. The issue arises because the application searches for the "quserex.dll" Dynamic Link Library file in the current working directory.
• Ref: http://blogs.technet.com/b/msrc/archive/2010/08/21/microsoft-security-advisory-2
  269637-released.aspx

• 10.43.4 - CVE: CVE-2010-3157
• Platform: Third Party Windows Apps
• Title: XacRett "explorer.exe" Executable Loading Arbitrary Code Execution
• Description: XacRett is an archive extractor. The application is exposed to an issue that lets attackers execute arbitrary code. The issue arises because the application searches for the "explorer.exe" executable file in the current working directory. XacRett version 49 is affected.
• Ref: http://www.securityfocus.com/bid/44125/references

• 10.43.5 - CVE: CVE-2009-4840
• Platform: Third Party Windows Apps
• Title: Roxio CinePlayer "IAManager.dll" ActiveX Control Remote Heap Buffer Overflow
• Description: Roxio CinePlayer is a media player available for Microsoft Windows. Roxio CinePlayer is exposed to a remote heap-based buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input to the "SetIAPlayerName()" method before copying it to an insufficiently sized buffer. Roxio CinePlayer version 3.2 is affected.
• Ref: http://support.microsoft.com/kb/240797

• 10.43.6 - CVE: CVE-2009-4531
• Platform: Third Party Windows Apps
• Title: httpdx dot Character Remote File Disclosure
• Description: The "httpdx" application is an HTTP server available for Microsoft Windows. The application is exposed to a file disclosure issue because it fails to properly sanitize user-supplied input. httpdx versions prior to 1.4.6b are affected.
• Ref: http://www.securityfocus.com/bid/44141

• 10.43.7 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: DJ Legend ".pls" File Remote Buffer Overflow
• Description: DJ Legend is a multimedia application for Microsoft Windows. The application is exposed to a remote buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input. DJ Legend version 6.01 is affected.
• Ref: http://www.securityfocus.com/bid/44147

• 10.43.8 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: Sahar Money Manager "unicows.dll" DLL Loading Arbitrary Code Execution
• Description: Sahar Money Manager is a personal finance application. Sahar Money Manager is exposed to an issue that lets attackers execute arbitrary code. The issue arises because the application searches for the "unicows.dll" Dynamic Link Library file in the current working directory. Sahar Money Manager version 1.0.1.232 is affected.
• Ref: http://blog.metasploit.com/2010/08/exploiting-dll-hijacking-flaws.html

• 10.43.9 - CVE: CVE-2009-3969
• Platform: Third Party Windows Apps
• Title: Faslo Player ".m3u" File Stack Buffer Overflow
• Description: Faslo Player is a multimedia player for Microsoft Windows. The application is exposed to a remote stack-based buffer overflow issue because it fails to perform adequate checks on user-supplied input. Specifically, this issue occurs when parsing a specially crafted ".m3u" file. Faslo Player version 7.0 is affected.
• Ref: http://www.securityfocus.com/bid/44183

• 10.43.10 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: Free 3GP Video Converter "quserex.dll" DLL Loading Arbitrary Code Execution
• Description: Free 3GP Video Converter is video and audio conversion software. The application is exposed to an issue that lets attackers execute arbitrary code. The issue arises because the Free 3GP Video Converter application comes with a vulnerable version of the "avcodec-52.dll" library, which searches for the "quserex.dll" Dynamic Link Library file in the current working directory. Free 3GP Video Converter version 3.7.15 is affected.
• Ref: http://blog.rapid7.com/?p=5325

• 10.43.11 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: ALPHA Player ".bmp" File Buffer Overflow
• Description: ALPHA Player is multimedia software for Microsoft Windows. The application is exposed to a buffer overflow issue because it fails to perform adequate checks on user-supplied input. Specifically, this issue occurs when opening a specially crafted ".bmp" file. ALPHA Player version 2.4 is affected.
• Ref: http://www.securityfocus.com/bid/44196

• 10.43.12 - CVE: CVE-2010-2962
• Platform: Linux
• Title: Linux Kernel 915 GEM IOCTL Local Memory Overwrite
• Description: The Linux Kernel is exposed to a local security issue that may allow attackers to overwrite arbitrary portions of memory. This issue affects the "i915_gem_pread_ioctl()" and "i915_gem_pwrite_ioctl()" functions.
• Ref: https://bugzilla.redhat.com/show_bug.cgi?id=637688

• 10.43.13 - CVE: CVE-2009-5006,CVE-2009-5005
• Platform: Linux
• Title: Red Hat Enterprise MRG Messaging Multiple Denial of Service Vulnerabilities
• Description: Red Hat Enterprise MRG (Messaging, Realtime, and Grid) is a realtime IT infrastructure for enterprise computing. The application is exposed to multiple remote denial of service issues that occur due to improper handling of AMQP data by Apache Qpid and improper handling of a request to redeclare an existing exchange when adding a new alternate exchange by Apache Qpid. Red Hat Enterprise MRG v1 for Enterprise Linux AS (version 4); Red Hat Enterprise MRG v1 for Enterprise Linux ES (version 4) and Red Hat Enterprise MRG v1 for Red Hat Enterprise Linux (version 5) are affected.
• Ref: http://rhn.redhat.com/errata/RHSA-2010-0773.html

• 10.43.14 - CVE: CVE-2010-3442
• Platform: Linux
• Title: Linux Kernel ALSA "sound/core/control.c" Local Integer Overflow
• Description: The Linux kernel Advanced Linux Sound Architecture is exposed to a local heap-based integer overflow issue because it fails to properly validate user-supplied input.
• Ref: https://bugzilla.redhat.com/show_bug.cgi?id=638478

• 10.43.15 - CVE: CVE-2010-3904
• Platform: Linux
• Title: Linux Kernel Reliable Datagram Sockets (RDS) Protocol Local Privilege Escalation Issue
• Description: The Linux kernel is exposed to a local privilege escalation issue. This issue occurs because the Reliable Datagram Sockets protocol implementation fails to properly validate a user space address in memory before it is used by the kernel. Linux kernel version 2.6.30 through 2.6.36-rc8 are affected.
• Ref: http://www.securityfocus.com/bid/44219

• 10.43.16 - CVE: CVE-2010-3842
• Platform: Cross Platform
• Title: curl "Content-Disposition" HTTP Header Arbitrary File Overwrite
• Description: curl is a utility for retrieving remote content from servers over a number of protocols. curl is exposed to an issue that allows attackers to overwrite arbitrary files. Specifically, the issue occurs because it does not properly strip backslash characters that separate directory names and file names provided in the "Content-Disposition" HTTP header when downloading files from an HTTP server. curl versions 7.20.0 through 7.21.1 are affected.
• Ref: http://permalink.gmane.org/gmane.comp.security.oss.general/3653

• 10.43.17 - CVE: Not Available
• Platform: Cross Platform
• Title: Fujitsu Accela BizSearch Unspecified Phishing Issue
• Description: Fujitsu Accela BizSearch is prone to an issue that can aid in phishing attacks. The following products are affected: eAccela BizSearch 1.0, eAccela BizSearch 2.0, eAccela BizSearch 2.1, Accela BizSearch 3.0, Accela BizSearch 3.1, IntelligentSearch for WindowsNT 2.0L10 and IntelligentSearch for WindowsNT 2.0L20
• Ref: http://www.securityfocus.com/bid/44101

• 10.43.18 - CVE: Not Available
• Platform: Cross Platform
• Title: Apple iOS for iPhone/iPad/iPod touch Local Privilege Escalation
• Description: Apple iOS is an operating platform for iPhone, iPod touch, and iPad. The iPhone is a mobile phone that runs on the ARM architecture. The iPod touch is a portable music player. The iPad is a tablet device. iOS versions 4.1 and prior are affected.
• Ref: http://mobiputing.com/2010/10/iphone-dev-team-releases-greenpois0n-jailbreak-too
  l-for-ios-4-1/

• 10.43.19 - CVE: CVE-2010-3445
• Platform: Cross Platform
• Title: Wireshark ASN.1 BER Dissector Denial of Service Issue
• Description: Wireshark (formerly Ethereal) is an application for analyzing network traffic. Wireshark is exposed to a denial of service issue due to a stack overflow that occurs in the ASN.1 BER dissector when handling a series of malformed packets. Wireshark versions prior to and including 1.2.11 and 1.4.0 are affected.
• Ref: http://www.securityfocus.com/bid/43923

• 10.43.20 - CVE: Not Available
• Platform: Cross Platform
• Title: Winamp 5.581 and Prior Multiple Buffer Overflow Vulnerabilities
• Description: Nullsoft Winamp is a media player for Microsoft Windows. Winamp is exposed to multiple buffer overflow issues because the application fails to perform adequate boundary checks on user-supplied input. Winamp versions 5.581 and earlier are affected.
• Ref: http://aluigi.org/adv/winamp_1-adv.txt

• 10.43.21 - CVE: CVE-2010-3579
• Platform: Cross Platform
• Title: Oracle Sun Convergence Webmail Remote Security Issue
• Description: Oracle Sun Convergence is prone to a remote issue. The issue can be exploited over the "HTTP" protocol. The "Webmail" sub component is affected. This issue affects versions 1.0 and 7.0
• Ref: http://www.securityfocus.com/bid/43968

• 10.43.22 - CVE: Not Available
• Platform: Cross Platform
• Title: Odin Secure FTP Expert "LIST" Command Remote Stack Buffer Overflow
• Description: Odin Secure FTP Expert is a file transfer program for Microsoft Windows. The application is exposed to a remote stack-based buffer overflow issue because it fails to properly validate data sent as response to the "LIST" command in FTP connections before copying it into an insufficiently sized buffer. Odin Secure FTP Expert version 4.1 is affected.
• Ref: http://www.odinshare.com/secure-ftp-expert.html

• 10.43.23 - CVE: Not Available
• Platform: Cross Platform
• Title: Ken FTP Remote Buffer Overflow
• Description: Ken FTP is an FTP file transfer program for Microsoft Windows platforms. The application is exposed to a remote buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. Ken FTP version 5.0 is affected.
• Ref: http://www.corelan.be:8800/index.php/2010/10/12/death-of-an-ftp-client/

• 10.43.24 - CVE: CVE-2010-3902
• Platform: Cross Platform
• Title: OpenConnect "webvpn" Cookie Debugging Output Information Disclosure
• Description: OpenConnect is a client for Cisco's AnyConnect SSL VPN. OpenConnect is exposed to an information disclosure issue because it fails to properly protect sensitive cookie data in debugging output. OpenConnect versions prior to 2.26 are affected.
• Ref: http://www.securityfocus.com/bid/44111

• 10.43.25 - CVE: CVE-2009-4769
• Platform: Cross Platform
• Title: httpdx "tolog" Function Multiple Remote Format String Vulnerabilities
• Description: httpdx is an HTTP/FTP server for Microsoft Windows. The application is exposed to multiple issues because it fails to properly sanitize user-supplied input to the "tolog()" function. httpdx versions 1.4, 1.4.5, 1.4.6, 1.4.6b, and 1.5 are affected.
• Ref: http://www.securityfocus.com/bid/44119

• 10.43.26 - CVE: CVE-2009-5007
• Platform: Cross Platform
• Title: OpenConnect Insecure Temporary File Creation
• Description: OpenConnect is a client for Cisco's AnyConnect SSL VPN. OpenConnect is exposed to a security issue because it creates temporary files in an insecure manner.
• Ref: http://www.securityfocus.com/bid/44108

• 10.43.27 - CVE: CVE-2010-3847
• Platform: Cross Platform
• Title: GNU glibc Dynamic Linker "$ORIGIN" Local Privilege Escalation
• Description: GNU glibc is an implementation of the GNU C library. GNU glibc is exposed to a local privilege escalation issue that arises because the dynamic linker expands the "ORIGIN" variable in the library search path of setuid applications.
• Ref: http://seclists.org/fulldisclosure/2010/Oct/257

• 10.43.28 - CVE: Not Available
• Platform: Cross Platform
• Title: IBM solidDB Multiple Denial of Service Vulnerabilities
• Description: IBM solidDB is a relational SQL database. solidDB is exposed to multiple issues. A denial of service issue when handling certain fields within a packet will cause the application to fall into a recursive loop and crash the "soliddb.exe" process. A NULL pointer dereference condition occurs when handling the "solid.exe" process. A denial of service occurs when processing certain fields. solidDB version 6.5.0.3 is affected.
• Ref: http://aluigi.altervista.org/adv.htm

• 10.43.29 - CVE: Not Available
• Platform: Cross Platform
• Title: OpenConnect HTTP Status Code Remote Denial of Service Issue
• Description: OpenConnect is a client for Cisco's AnyConnect SSL VPN. OpenConnect is exposed to a denial of service issue. OpenConnect versions prior to 2.23 are affected.
• Ref: http://www.securityfocus.com/bid/44164

• 10.43.30 - CVE: CVE-2010-2235
• Platform: Cross Platform
• Title: Cobbler Kickstart Template Remote Privilege Escalation Issue
• Description: Cobbler is a network installation and update server. The application is exposed to a remote privilege escalation issue.
• Ref: http://www.securityfocus.com/bid/44174

• 10.43.31 - CVE: Not Available
• Platform: Cross Platform
• Title: IBM Rational Quality Manager and Test Lab Manager Remote Code Execution Issue
• Description: IBM Rational Quality Manager and Test Lab Manager are application testing suites. IBM Rational Quality Manager and Test Lab Manager is exposed to a remote code execution issue. This issue affects the tomcat server built into the affected applications. IBM Rational Quality Manager and Test Lab Manager versions prior to 7.9.0.3 build: 1046 are affected.
• Ref: http://www.securityfocus.com/bid/44172

• 10.43.32 - CVE: CVE-2010-3496
• Platform: Cross Platform
• Title: McAfee VirusScan "hcp://" Protocol Handler Security Bypass
• Description: McAfee VirusScan is an enterprise antivirus application that offers protection against computer virus threats. McAfee VirusScan is exposed to a security bypass issue that may allow an attacker to bypass virus scans. McAfee VirusScan version 8.7i is affected.
• Ref: http://www.securityfocus.com/archive/1/514356

• 10.43.33 - CVE: CVE-2010-3498
• Platform: Cross Platform
• Title: AVG Antivirus "hcp://" Protocol Handler Security Bypass Issue
• Description: AVG Antivirus is an enterprise antivirus application that offers protection against computer virus threats. AVG Antivirus is exposed to a security bypass issue that may allow an attacker to bypass virus scans.
• Ref: http://www.securityfocus.com/bid/44189

• 10.43.34 - CVE: Not Available
• Platform: Cross Platform
• Title: IBM Informix Dynamic Server DBINFO keyword Remote Stack Buffer Overflow
• Description: IBM Informix Dynamic Server is an application server that runs on various platforms. IBM Informix Dynamic Server is exposed to a remote stack-based buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data before copying it into an insufficiently sized buffer. Specifically, the issue occurs when processing the keyword "DBINFO" in an SQL query.
• Ref: http://www.securityfocus.com/bid/44190

• 10.43.35 - CVE: CVE-2010-0634
• Platform: Cross Platform
• Title: Flex Code Generation Unspecified Security Issue
• Description: Flex is a tool for generating lexical analyzers; it is written in the C programming language. Flex is exposed to an unspecified issue. Flex versions prior to 2.5.35 are affected.
• Ref: http://www.securityfocus.com/bid/44181

• 10.43.36 - CVE: CVE-2010-3497
• Platform: Cross Platform
• Title: Symantec Norton Antivirus 2011 "hpc://" Protocol Handler Security Bypass Issue
• Description: Symantec Norton Antivirus 2011 is an application that offers protection against computer virus threats. Symantec Norton Antivirus 2011 is exposed to a security bypass issue that may allow an attacker to bypass virus scans. Specifically, the application loads a malicious file into memory through the "hpc://" protocol handler prior to comparing its signature against malware databases.
• Ref: http://www.securityfocus.com/bid/44188

• 10.43.37 - CVE: Not Available
• Platform: Cross Platform
• Title: VLC Media Player Mozilla Multimedia Plug-in Remote Code Execution
• Description: VLC is a cross-platform multimedia player and multimedia player framework. VLC media player is exposed to a remote code execution issue due to an error in the VLC Mozilla Multimedia Plugin. VLC media player version 1.1.4 is affected.
• Ref: http://www.securityfocus.com/bid/44211

• 10.43.38 - CVE: CVE-2010-2251
• Platform: Cross Platform
• Title: LFTP "Content-Disposition" HTTP Header Arbitrary File Overwrite Issue
• Description: LFTP is a file transfer program for a number of network protocols. LFTP is exposed to an issue that allows attackers to overwrite arbitrary files. LFTP versions prior to 4.0.6 are affected.
• Ref: http://www.securityfocus.com/bid/43728

• 10.43.39 - CVE: CVE-2010-2648, CVE-2010-2647
• Platform: Cross Platform
• Title: Google Chrome Bidi Algorithm Memory Corruption
• Description: Google Chrome is a web browser for multiple platforms. Google Chrome is exposed to a memory corruption issue because it fails to properly implement the Unicode Bidirectional Algorithm (Bidi Algorithm) and a remote denial of service issue when handling a specially crafted SVG document. Chrome versions prior to 5.0.375.99 are affected.
• Ref: http://googlechromereleases.blogspot.com/2010/07/stable-channel-update.html

• 10.43.40 - CVE: Not Available
• Platform: Cross Platform
• Title: Teiid LDAP Authentication Security Bypass Issue
• Description: Teiid is a data virtualization system. Teiid is exposed to a security bypass issue because it does not properly verify user credentials when using the LDAP protocol for authentication. An attacker can exploit this issue by entering an empty password. Teiid version 6.0.0 is affected.
• Ref: http://www.securityfocus.com/bid/44224

• 10.43.41 - CVE:CVE-2010-3183,CVE-2010-3182,CVE-2010-3181,CVE-2010-3180,CVE-2010-3179,CVE-2010-3178,CVE-2010-3177,CVE-2010-3176,CVE-2010-3175,CVE-2010-3174,CVE-2010-3173
• Platform: Cross Platform
• Title: Mozilla Firefox, Thunderbird and SeaMonkey Security Updates
• Description: The Mozilla Foundation has released eight security advisories specifying issues in Mozilla Firefox, Thunderbird, and SeaMonkey. These issues are fixed in the following versions: Firefox 3.6.11, Firefox 3.5.14, Thunderbird 3.0.9, Thunderbird 3.1.5 and SeaMonkey 2.0.9.
• Ref: http://www.mozilla.org/security/announce

• 10.43.42 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: TWiki Multiple Cross-Site Scripting Vulnerabilities
• Description: TWiki is a web-based wiki application. The application is exposed to multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied data to the "rev" parameter of the "bin/view" script and an unspecified parameter of the "bin/login" script. TWiki versions prior to 5.0.1 are affected.
• Ref: http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2010-3841

• 10.43.43 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: Attachmate Reflection for the Web Cross-Site Scripting
• Description: Reflection for the Web is a web-based terminal emulation application. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input to an unspecified parameter.
• Ref: http://support.attachmate.com/techdocs/1704.html

• 10.43.44 - CVE: CVE-2010-2886
• Platform: Web Application - Cross Site Scripting
• Title: Adobe RoboHelp Server and RoboHelp Cross-Site Scripting
• Description: Adobe RoboHelp Server is an application for serving RoboHelp files using the IIS web server. Adobe RoboHelp is an application for generating online help systems. The applications are exposed to multiple cross-site scripting issues because they fail to sufficiently sanitize user-supplied input.
• Ref: http://www.adobe.com/support/security/bulletins/apsb10-23.html

• 10.43.45 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: eXV2 CMS Multiple Cross-Site Scripting Vulnerabilities
• Description: eXV2 CMS is a content management application. The application is exposed to multiple cross-site scripting issues because it fails to sanitize user-supplied input to the "rssfeedURL" and "sumb" parameters of the following scripts: "archive.php"; "topics.php"; "example.php"; and "index.php". eXV2 CMS version 2.10 is affected.
• Ref: http://www.securityfocus.com/bid/44169

• 10.43.46 - CVE: CVE-2009-4856
• Platform: Web Application - Cross Site Scripting
• Title: HP Easy Shopping Cart "subitems.php" Cross-Site Scripting Issue
• Description: PHP Easy Shopping Cart is a shopping-cart application. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied data to the "name" parameter of the "subitems.php" script. PHP Easy Shopping Cart version 3.1R is affected.
• Ref: http://www.securityfocus.com/bid/44142

• 10.43.47 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: PDshopPro "search.asp" Cross-Site Scripting Issue
• Description: PDshopPro is an ASP-based web application. PDshopPro is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input to the "shop/search.asp" script.
• Ref: http://www.securityfocus.com/bid/44210

• 10.43.48 - CVE: CVE-2010-2367
• Platform: Web Application - Cross Site Scripting
• Title: AD-EDIT2 Multiple Cross-Site Scripting Issues
• Description: AD-EDIT2 is a content management system. The application is exposed to multiple cross-site scripting issues because it fails to properly sanitize user-supplied input to the "q" parameter of the "commons/search.cgi" script and "admin/search.cgi" script. AD-EDIT2 version 3.0.8 is affected.
• Ref: http://www.securityfocus.com/bid/43718

• 10.43.49 - CVE: CVE-2009-2114
• Platform: Web Application - Cross Site Scripting
• Title: SkyBlueCanvas "admin.php" Multiple Cross-Site Scripting Vulnerabilities
• Description: SkyBlueCanvas is a PHP-based content management application. The application is exposed to multiple cross-site scripting issues because it fails to properly sanitize user-supplied input. SkyBlueCanvas version 1.1 r237 is affected.
• Ref: http://www.securityfocus.com/archive/1/504302

• 10.43.50 - CVE: CVE-2009-2152,CVE-2009-2151
• Platform: Web Application - SQL Injection
• Title: AdaptWeb Local File Include and SQL Injection Vulnerabilities
• Description: AdaptWeb is a PHP-based web application. The application is exposed to multiple input validation issues. 1) A local file include issue that affects the "newlang" parameter of the "index.php" script. 2) An SQL injection issue that affects the "CodigoDisciplina" parameter of the "a_index.php" script. AdaptWeb version 0.9.2 is affected.
• Ref: http://www.securityfocus.com/bid/44139/references

• 10.43.51 - CVE: CVE-2009-3082
• Platform: Web Application - SQL Injection
• Title: Silurus System "wcategory.php" SQL Injection Issue
• Description: Silurus System is a PHP-based classifieds script. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "wcategory.php" script before using it in an SQL query. Silurus System version 1.0 is affected.
• Ref: http://www.securityfocus.com/bid/44221

• 10.43.52 - CVE: CVE-2009-3117
• Platform: Web Application - SQL Injection
• Title: Silurus System "category.php" SQL Injection Issue
• Description: Silurus System is a PHP-based classifieds script. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "category.php" script before using it in an SQL query. Silurus System version 1.0 is affected.
• Ref: http://www.securityfocus.com/bid/44222

• 10.43.53 - CVE: CVE-2009-4816
• Platform: Web Application
• Title: The Uploader "download_checker.php" Directory Traversal
• Description: The Uploader is a PHP-based application. The application is exposed to a directory traversal issue because it fails to sufficiently sanitize user-supplied input to the "filename" parameter of the "api/download_checker.php" script. The Uploader version 2.0 is affec ted.
• Ref: http://www.securityfocus.com/bid/44121

• 10.43.54 - CVE: Not Available
• Platform: Web Application
• Title: KCFinder Project Arbitrary File Upload
• Description: KCFinder web file manager is a PHP-based application. The application is exposed to an issue that lets attackers upload arbitrary files because it fails to adequately sanitize file extensions before uploading files to the web server through the "browse.php" script. KCFinder web file manager version 2.2 is affected.
• Ref: http://www.securityfocus.com/bid/44127

• 10.43.55 - CVE: CVE-2009-2148
• Platform: Web Application
• Title: Campus Virtual-LMS Cross-Site Scripting and SQL Injection Vulnerabilities
• Description: Campus Virtual-LMS is a PHP-based learning management system. The application is exposed to multiple input validation issues because it fails to sufficiently sanitize user-supplied data.
• Ref: http://www.securityfocus.com/bid/44133

• 10.43.56 - CVE: CVE-2009-4546
• Platform: Web Application
• Title: Logoshows BBS Administrator Cookie Authentication Bypass
• Description: Logoshows BBS is a web-based bulletin board system. The application is exposed to an authentication bypass issue because it fails to adequately verify user-supplied input used for cookie-based authentication. Logoshows BBS version 2.0 is affected.
• Ref: http://www.securityfocus.com/bid/44145

• 10.43.57 - CVE: Not Available
• Platform: Network Device
• Title: NETGEAR CG3100D Remote Security Bypass and Privilege Escalation Vulnerabilities
• Description: The NETGEAR 3100D Residential Gateway is a wireless router. The NETGEAR 3100D Residential Gateway is exposed to the following remote issues. 1) A security bypass issue because the application allows users to bypass the authentication mechanism by using a blank password. 2) A privilege escalation issue because the application does not control access to certain files. NETGEAR CG3100D firmware version 5.5.2 is affected.
• Ref: http://seclists.org/fulldisclosure/2010/Oct/197

• 10.43.58 - CVE: CVE-2010-0223,CVE-2010-0222,CVE-2010-0221
• Platform: Network Device
• Title: Kingston DataTraveler USB Flash Drives Access Control Security Bypass
• Description: Kingston DataTraveler drives are hardware encrypted portable flash drives. The devices are exposed to a local security bypass issue caused by an error in the access control mechanism.
• Ref: http://www.syss.de/fileadmin/ressources/040_veroeffentlichungen/dokumente/SySS_C
  racks_Kingston_USB_Flash_Drive.pdf

(c) 2010. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge by the SANS Institute to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization. For a free subscription or to update a current subscription, visit http://portal.sans.org/