@RISK: The Consensus Security Vulnerability Alert

Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys

• (1) HIGH: Google Chrome Multiple Security Vulnerabilities
• (2) HIGH: Winamp MIDI Timestamp Parsing Buffer Overflow Vulnerability

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)

Third Party Windows Apps

• 10.50.1 - J-Integra "SetIdentity()" Method ActiveX Control Buffer Overflow
• 10.50.2 - Image Viewer CP Pro/Gold ActiveX Control "Image2PDF()" Method Stack Buffer Overflow
• 10.50.3 - Kindle for PC Arbitrary Code Execution
• 10.50.4 - VideoCharge Studio ".vsc" File Remote Buffer Overflow
• 10.50.5 - Adobe Device Central DLL Loading Arbitrary Code Execution Vulnerabilities
• 10.50.6 - WebEx Meeting Manager WebexUCFObject ActiveX DLL Loading Arbitrary Code Execution
• 10.50.7 - Altova Diffdog 2011 "dwmapi.dll" DLL Loading Arbitrary Code Execution
• 10.50.8 - Intel Threading Building Blocks "tbbmalloc.dll" DLL Loading Arbitrary Code Execution
• 10.50.9 - Red Hat SPICE Plugin for Microsoft Internet Explorer Race Condition
• 10.50.10 - Winamp "in_midi" Plugin Unspecified Vulnerability

Linux

• 10.50.11 - Linux Kernel "pipe_fcntl()" Local Denial of Service

HP-UX

• 10.50.12 - HP-UX Threaded Processes Unspecified Remote Denial of Service

Cross Platform

• 10.50.13 - OpenJDK "IcedTea" plugin Unspecified Information Disclosure
• 10.50.14 - MIT Kerberos Checksum AD-SIGNEDPATH and AD-KDC-ISSUED Security Bypass
• 10.50.15 - PHP "getSymbol()" Function Denial of Service
• 10.50.16 - Awstats Configuration File Remote Arbitrary Command Execution
• 10.50.17 - MIT Kerberos 5 Key Distribution Center "KrbFastReq" Forgery Security Bypass
• 10.50.18 - HP Data Protector Manager Remote Denial of Service
• 10.50.19 - Sleipnir Clipboard Access Security Bypass
• 10.50.20 - ISC BIND Key Algorithm Rollover Security
• 10.50.21 - Perl CGI.pm Header Values Newline Handling Unspecified Vulnerability
• 10.50.22 - JBoss Enterprise Application Platform Multiple Remote Vulnerabilities
• 10.50.23 - ProFTPD Backdoor Unauthorized Access
• 10.50.24 - ClamAV Prior to 0.96.5 Multiple Vulnerabilities
• 10.50.25 - Cisco IPSec VPN Groupname Enumeration Weakness
• 10.50.26 - FontForge Bitmap Distribution Format (.BDF) Font File Stack-Based Buffer Overflow
• 10.50.27 - OpenSSL Ciphersuite Downgrade Security Weakness
• 10.50.28 - Multiple VMware products "vmware-mount" Local Privilege Escalation
• 10.50.29 - Google Chrome prior to 8.0.552.215 Multiple Security Vulnerabilities
• 10.50.30 - iFTPStorage FTP Server Directory Traversal
• 10.50.31 - Freefloat FTP Server "USER" Command Remote Buffer Overflow
• 10.50.32 - Perl IO::Socket::SSL "verify_mode" Security Bypass
• 10.50.33 - Altova DatabaseSpy 2011 "dwmapi.dll" DLL Loading Arbitrary Code Execution
• 10.50.34 - Freefloat FTP Server Directory Traversal
• 10.50.35 - NorduGrid Advanced Resource Connector "LD_LIBRARY_PATH" Local Privilege Escalation
• 10.50.36 - Python Libcloud Man In The Middle Issue
• 10.50.37 - GNU glibc "regcomp()" Stack Exhaustion Denial of Service

Web Application - Cross Site Scripting

• 10.50.38 - WordPress WPtouch Plugin "wptouch_settings" Parameter Cross-Site Scripting
• 10.50.39 - Alguest Multiple Cross-Site Scripting Vulnerabilities
• 10.50.40 - Contenido CMS Multiple Cross-Site Scripting Vulnerabilities
• 10.50.41 - Register Plus Redux "wp-login.php" Multiple Cross-Site Scripting Vulnerabilities
• 10.50.42 - Atlassian JIRA Multiple Cross-Site Scripting Vulnerabilities

Web Application - SQL Injection

• 10.50.43 - DynPG CMS Local File Include and SQL Injection Vulnerabilities
• 10.50.44 - PHP-Nuke Search Module SQL Injection
• 10.50.45 - GateSoft Docusafe "ECO.asp" SQL Injection
• 10.50.46 - Techno Dreams FAQ Manager Package

Web Application

• 10.50.47 - BugTracker.NET SQL Injection and Cross-Site Scripting Vulnerabilities
• 10.50.48 - Drupal Services Module "node.save" Security Bypass
• 10.50.49 - Palm WebOS Contacts Application HTML Injection
• 10.50.50 - WordPress Comment Rating Plugin Cross Site Request Forgery

PART I Critical Vulnerabilities

Part I for this issue has been compiled by Josh Bronson at TippingPoint, a division of HP, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/risk/#process

Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 50, 2010

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com) This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 10634 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

• 10.50.1 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: J-Integra "SetIdentity()" Method ActiveX Control Buffer Overflow
• Description: J-Integra is an application that allows users to interface between Microsoft and Java applications. J-Integra is exposed to a buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. J-Integra version 2.11 is affected.
• Ref: http://www.securityfocus.com/bid/45142

• 10.50.2 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: Image Viewer CP Pro/Gold ActiveX Control "Image2PDF()" Method Stack Buffer Overflow
• Description: Image Viewer SDK applications are image viewer applications. Image Viewer CP Pro SDK and Gold SDK are exposed to a buffer overflow issue because the applications fail to perform adequate boundary checks on user-supplied data. Image Viewer CP Pro SDK ActiveX 8.0 and Image Viewer CP Gold SDK ActiveX 6.0 are affected.
• Ref: http://www.securityfocus.com/bid/45155

• 10.50.3 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: Kindle for PC Arbitrary Code Execution
• Description: Kindle for PC is a free application for reading Kindle books. Kindle for PC is exposed to an issue that lets attackers execute arbitrary code. The issue arises because the application searches for the "wintab32.dll" Dynamic Link Library file in the current working directory. Kindle for PC version 1.3.0 Build 30884 is affected.
• Ref: http://blogs.technet.com/b/srd/archive/2010/08/23/more-information-about-dll-pre
  loading-remote-attack-vector.aspx

• 10.50.4 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: VideoCharge Studio ".vsc" File Remote Buffer Overflow
• Description: VideoCharge Studio is a video editing application available for Microsoft Windows. VideoCharge Studio is exposed to a buffer overflow issue because it fails to bounds check user-supplied data before copying it into an insufficiently sized buffer. VideoCharge Studio versions 2.9.5.643 and earlier are affected.
• Ref: http://www.securityfocus.com/bid/45183

• 10.50.5 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: Adobe Device Central DLL Loading Arbitrary Code Execution Vulnerabilities
• Description: Adobe Device Central is an application that allows users to view media content on devices. Adobe Illustrator is exposed to multiple issues that let attackers execute arbitrary code. The issues arise because the application searches for the "libfs32.dll" and "amt_cdb.dll" Dynamic Link Library files in the current working directory. Successful exploits will compromise the application in the context of the currently logged-in user.
• Ref: http://www.coresecurity.com/content/adobe-device-central-cs4-ibfs32-dll-hijackin
  g-exploit-10-5

• 10.50.6 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: WebEx Meeting Manager WebexUCFObject ActiveX DLL Loading Arbitrary Code Execution
• Description: WebEx is file sharing and conferencing software for Microsoft Windows. WebEx Meeting Manager WebexUCFObject ActiveX control "atucfobj.dll" is exposed to an issue that lets attackers execute arbitrary code. The issue arises because the application searches for the "wbxtrace.dll" Dynamic Link Library file in the current working directory. WebEx Meeting Manager WebexUCFObject ActiveX Control "atucfobj.dll" version 20.2009.2706.1025 is affected.
• Ref: http://blog.metasploit.com/2010/08/exploiting-dll-hijacking-flaws.html

• 10.50.7 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: Altova Diffdog 2011 "dwmapi.dll" DLL Loading Arbitrary Code Execution
• Description: Altova Diffdog 2011 is a file comparison and merging application. Altova Diffdog 2011 is exposed to an issue that lets attackers execute arbitrary code. The issue arises because the application searches for the "dwmapi.dll" Dynamic Link Library file in the current working directory. The issue can be exploited by placing both a specially crafted library file and a file that is associated with the vulnerable application in an attacker-controlled location.
• Ref: http://blog.metasploit.com/2010/08/exploiting-dll-hijacking-flaws.html

• 10.50.8 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: Intel Threading Building Blocks "tbbmalloc.dll" DLL Loading Arbitrary Code Execution
• Description: Intel Threading Building Blocks is a C++ template library for creating threaded applications. Intel Threading Building Blocks is exposed to an issue that lets attackers execute arbitrary code. The issue arises because the "tbb.dll" library searches for the "tbbmalloc.dll" Dynamic Link Library file in the current working directory.
• Ref: http://blog.metasploit.com/2010/08/exploiting-dll-hijacking-flaws.html

• 10.50.9 - CVE: CVE-2010-2793
• Platform: Third Party Windows Apps
• Title: Red Hat SPICE Plugin for Microsoft Internet Explorer Race Condition
• Description: qspice client is a remote desktop application for Linux based systems. Red Hat SPICE is exposed to a race condition issue that occurs when the Plugin for Internet Explorer and the SPICE client are communicating.
• Ref: http://www.securityfocus.com/bid/45213

• 10.50.10 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: Winamp "in_midi" Plugin Unspecified Vulnerability
• Description: NullSoft Winamp is a media player application. The application is exposed to an unspecified security issue that affects the "in_midi" plugin. Winamp versions prior to 5.601 are affected.
• Ref: http://www.kryptoslogic.com/advisories/2010/kryptoslogic-winamp-midi.txt

• 10.50.11 - CVE: CVE-2010-4256
• Platform: Linux
• Title: Linux Kernel "pipe_fcntl()" Local Denial of Service
• Description: The Linux kernel is exposed to a local denial of service issue because it fails to check the file type before operating on it. The problem occurs in the "pipe_fcntl()" function of the "fs/pipe.c" source file and is triggered when the function operates on a file which is not a pipe. Linux kernel version 2.6.35-rc1 is affected.
• Ref: http://comments.gmane.org/gmane.comp.security.oss.general/3863

• 10.50.12 - CVE: CVE-2010-4108
• Platform: HP-UX
• Title: HP-UX Threaded Processes Unspecified Remote Denial of Service
• Description: HP-UX is exposed to a remote denial of service issue. HP-UX B.11.11, B.11.23 and B.11.31 running threaded processes are affected.
• Ref: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02586517

• 10.50.13 - CVE: CVE-2010-3860
• Platform: Cross Platform
• Title: OpenJDK "IcedTea" plugin Unspecified Information Disclosure
• Description: OpenJDK (Open Java Development Kit) is an open source implementation of the Java programming language for multiple operating systems. The OpenJDK "IcedTea" plugin is exposed to a remote unspecified information disclosure issue. OpenJDK 6 is affected.
• Ref: http://bugs.gentoo.org/show_bug.cgi?id=346799

• 10.50.14 - CVE: CVE-2010-4020
• Platform: Cross Platform
• Title: MIT Kerberos Checksum AD-SIGNEDPATH and AD-KDC-ISSUED Security Bypass
• Description: MIT Kerberos is a suite of applications and libraries designed to implement the Kerberos network authentication protocol. MIT Kerberos is exposed to a remote security bypass issue because "krb5" incorrectly accepts certain unkeyed checksums. Kerberos versions 5 1.8.x are affected.
• Ref: http://www.securityfocus.com/archive/1/514953

• 10.50.15 - CVE: CVE-2010-4409
• Platform: Cross Platform
• Title: PHP "getSymbol()" Function Denial of Service
• Description: PHP is a general purpose scripting language that is suited for web development. PHP is exposed to a denial of service issue because it fails to perform adequate boundary checks on user-supplied data. The issue occurs in the "getSymbol()" function due to an integer overflow error. PHP versions prior to 5.3.3 revision 305571 are affected.
• Ref: http://svn.php.net/viewvc?view=revision&revision=305571

• 10.50.16 - CVE: Not Available
• Platform: Cross Platform
• Title: Awstats Configuration File Remote Arbitrary Command Execution
• Description: AWstats is an application that provides statistics on server traffic. Awstats is exposed to an arbitrary command execution issue due to a failure in the application to properly handle "" when specifying a configuration file directory. Awstats version 7.0 is affected.
• Ref: http://awstats.sourceforge.net/docs/awstats_changelog.txt

• 10.50.17 - CVE: CVE-2010-4021
• Platform: Cross Platform
• Title: MIT Kerberos 5 Key Distribution Center "KrbFastReq" Forgery Security Bypass
• Description: MIT Kerberos is a suite of applications and libraries designed to implement the Kerberos network authentication protocol. MIT Kerberos is exposed to a remote security bypass issue because of a "KrbFastReq" forgery issue. Kerberos version 5 1.7 is affected.
• Ref: http://www.securityfocus.com/archive/1/514953

• 10.50.18 - CVE: Not Available
• Platform: Cross Platform
• Title: HP Data Protector Manager Remote Denial of Service
• Description: HP Data Protector is a backup and recovery solution. HP Data Protector Manager is used to remotely manage the backup solution. HP Data Protector Manager is exposed to a remote denial of service issue. Specifically, an access violation error occurs in the "MSVCR71.dll" module when processing specially crafted requests. HP Data Protector Manager version A.06.11 is affected.
• Ref: http://www.securityfocus.com/bid/45128

• 10.50.19 - CVE: CVE-2010-3919,CVE-2010-3918
• Platform: Cross Platform
• Title: Sleipnir Clipboard Access Security Bypass
• Description: Sleipnir is a web browser. The application is exposed to a security bypass issue because it fails to properly restrict access to the clipboard. Sleipnir versions 2.9.6 and earlier are affected.
• Ref: http://www.securityfocus.com/bid/45132

• 10.50.20 - CVE: CVE-2010-3614, CVE-2010-3613, CVE-2010-3615
• Platform: Cross Platform
• Title: ISC BIND Key Algorithm Rollover Security
• Description: ISC BIND (Berkley Internet Domain Name) is an implementation of DNS protocols. ISC BIND is exposed to a security issue that affects the integrity security property of the application. Specifically, this issue occurs because "named", when acting as a DNSSEC validator, fails to determine properly if an NS RRset is insecure. BIND version 9.4.0 to 9.4-ESV-R3, 9.6.0 to 9.6.2-P2 and 9.7.0 to 9.7.2-P2 are affected.
• Ref: https://www.isc.org/software/bind/advisories/cve-2010-3614

• 10.50.21 - CVE: CVE-2010-2761
• Platform: Cross Platform
• Title: Perl CGI.pm Header Values Newline Handling Unspecified Vulnerability
• Description: Perl is a general purpose scripting language. CGI.pm is a Perl5 CGI Library. Perl CGI.pm is exposed to an unspecified security issue related to the handling of newlines embedded in header values.
• Ref: http://perl5.git.perl.org/perl.git/commit/84601d63a7e34958da47dad1e61e27cb3bd467
  d1

• 10.50.22 - CVE: CVE-2010-3878,CVE-2010-3862,CVE-2010-3708
• Platform: Cross Platform
• Title: JBoss Enterprise Application Platform Multiple Remote Vulnerabilities
• Description: The JBoss Enterprise Application Platform is a tool for developing Web 2.0 applications on a pure Java platform. The application is exposed to multiple remote issues because it fails to properly sanitize user-supplied input. JBoss Enterprise Application Platform version 4.3.0 is affected.
• Ref: http://www.securityfocus.com/bid/45148

• 10.50.23 - CVE: Not Available
• Platform: Cross Platform
• Title: ProFTPD Backdoor Unauthorized Access
• Description: ProFTPD is an FTP server implementation that is available for UNIX and Linux platforms. ProFTPD is exposed to an unauthorized access issue that occurs when malicious attackers replace the official application (hosted on its main distribution servers and certain mirrors) with an application that contains a backdoor.
• Ref: http://sourceforge.net/mailarchive/message.php?msg_name=alpine.DEB.2.00.10120115
  42220.12930%40familiar.castaglia.org

• 10.50.24 - CVE: CVE-2010-4261, CVE-2010-4260, CVE-2010-4479
• Platform: Cross Platform
• Title: ClamAV Prior to 0.96.5 Multiple Vulnerabilities
• Description: ClamAV is a multiplatform toolkit used for scanning email messages for viruses. ClamAV is exposed to multiple security issues. Attackers may exploit these issues to cause denial of service or, potentially, execute arbitrary code in the context of the application. ClamAV versions prior to 0.96.5 are affected.
• Ref: http://git.clamav.net/gitweb?p=clamav-devel.git;a=commitdiff;h=019f1955194360600
  ecf0644959ceca6734c2d7b

• 10.50.25 - CVE: Not Available
• Platform: Cross Platform
• Title: Cisco IPSec VPN Groupname Enumeration Weakness
• Description: Cisco VPN 3000 concentrator products provide Virtual Private Network services to remote users. Cisco IPSec VPN is exposed to a remote groupname enumeration weakness. Specifically, the device will reply when it receives an Internet Key Exchange message with a valid group name.
• Ref: http://www.cisco.com/en/US/products/products_security_response09186a0080b5992c.h
  tml

• 10.50.26 - CVE: Not Available
• Platform: Cross Platform
• Title: FontForge Bitmap Distribution Format (.BDF) Font File Stack-Based Buffer Overflow
• Description: FontForge is an outline font editor application. The application is exposed to a stack-based buffer overflow issue because it fails to properly bounds check user-supplied data before copying it into an insufficiently sized buffer. This issue occurs when the application processes a Bitmap Distribution Format (.BDF) font file that contains a specially crafted "CHARSET_REGISTRY" header. FontForge version 0.0.20100501-2 is affected.
• Ref: https://bugzilla.redhat.com/show_bug.cgi?id=659359

• 10.50.27 - CVE: CVE-2010-4180, CVE-2010-4252
• Platform: Cross Platform
• Title: OpenSSL Ciphersuite Downgrade Security Weakness
• Description: OpenSSL is an open source cryptography library. OpenSSL is exposed to a security weakness that may allow attackers to downgrade the ciphersuite. Specifically, this issue is due to old workaround code included in the server that may allow attackers to modify the stored session cache ciphersuite. Releases prior to OpenSSL 1.0.0c are affected.
• Ref: http://www.securityfocus.com/bid/45164

• 10.50.28 - CVE: CVE-2010-4295, CVE-2010-4296, CVE-2010-4297
• Platform: Cross Platform
• Title: Multiple VMware products "vmware-mount" Local Privilege Escalation
• Description: Multiple VMware products are prone to a local privilege escalation issue that affects "vmware-mount". This issue occurs when handling temporary files. The following versions are affected: VMWare Workstation versions 7.x for Linux, VMWare Player versions 3.1.x for Linux, VMWare Server versions 2.0.2 for Linux and VMWare Fusion versions 3.1.x for Mac OS/X.
• Ref: http://www.vmware.com/security/advisories/VMSA-2010-0018.html

• 10.50.29 - CVE: Not Available
• Platform: Cross Platform
• Title: Google Chrome prior to 8.0.552.215 Multiple Security Vulnerabilities
• Description: Google Chrome is a web browser for multiple platforms. Google Chrome is exposed to multiple issues. Attackers can exploit these issues to execute arbitrary code in the context of the browser, cause denial of service conditions, gain access to sensitive information, and bypass intended security restrictions. Other attacks are also possible. Chrome versions prior to 8.0.552.215 are affected.
• Ref: http://googlechromereleases.blogspot.com/2010/12/stable-beta-channel-updates.htm
  l

• 10.50.30 - CVE: Not Available
• Platform: Cross Platform
• Title: iFTPStorage FTP Server Directory Traversal
• Description: iFTPStorage is an FTP Server available for the Apple iPhone and iPod touch. The application is exposed to a directory traversal issue because it fails to sufficiently sanitize directory-traversal strings from user-supplied commands. iFTPStorage version 1.3 is affected.
• Ref: http://www.securityfocus.com/bid/45178

• 10.50.31 - CVE: Not Available
• Platform: Cross Platform
• Title: Freefloat FTP Server "USER" Command Remote Buffer Overflow
• Description: Freefloat FTP Server is an FTP server application available for Microsoft Windows platforms. The application is exposed to a remote buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data.
• Ref: http://www.securityfocus.com/bid/45181

• 10.50.32 - CVE: Not Available
• Platform: Cross Platform
• Title: Perl IO::Socket::SSL "verify_mode" Security Bypass
• Description: IO::Socket::SSL is a module for Perl that provides SSL support. The module is exposed to a security bypass issue. Specifically, if "verify_mode" is set to anything but "VERIFY_NONE" and no valid "ca_path" or "ca_file" is provided, IO::Socket::SSL silently falls back to "VERIFY_NONE" verification mode. IO::Socket::SSL versions prior to 1.35 are affected.
• Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=606058

• 10.50.33 - CVE: Not Available
• Platform: Cross Platform
• Title: Altova DatabaseSpy 2011 "dwmapi.dll" DLL Loading Arbitrary Code Execution
• Description: Altova DatabaseSpy is a multiple database query, design, and database comparison tool. Altova DatabaseSpy 2011 is exposed to an issue that lets attackers execute arbitrary code. The issue arises because the application searches for the "dwmapi.dll" Dynamic Link Library file in the current working directory. Successful exploits will compromise the application in the context of the currently logged-in user.
• Ref: http://blogs.technet.com/b/msrc/archive/2010/08/21/microsoft-security-advisory-2
  269637-released.aspx

• 10.50.34 - CVE: Not Available
• Platform: Cross Platform
• Title: Freefloat FTP Server Directory Traversal
• Description: Freefloat FTP Server is an FTP server for Microsoft Windows. The application is exposed to a directory traversal issue because it fails to sufficiently sanitize directory traversal strings from user-supplied input.
• Ref: http://www.securityfocus.com/bid/45218

• 10.50.35 - CVE: CVE-2010-3372
• Platform: Cross Platform
• Title: NorduGrid Advanced Resource Connector "LD_LIBRARY_PATH" Local Privilege Escalation
• Description: The NorduGrid Advanced Resource Connector (ARC) is an application that uses grid technologies to enable the sharing and federation of computing and storage resources distributed across different administrative and application domains. The NorduGrid Advanced Resource Connector is exposed to a local privilege escalation issue because it fails to properly set the "LD_LIBRARY_PATH" environment variable. NorduGrid Advanced Resource Connector versions prior to 0.8.3 are affected.
• Ref: http://osdir.com/ml/debian-bugs-dist/2010-12/msg01521.html

• 10.50.36 - CVE: Not Available
• Platform: Cross Platform
• Title: Python Libcloud Man In The Middle Issue
• Description: Python is a programming language available for multiple platforms. Python is exposed to a man-in-the-middle issue because the library fails to verify the SSL validity of the remote destination.
• Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598463

• 10.50.37 - CVE: CVE-2010-4052,CVE-2010-4051
• Platform: Cross Platform
• Title: GNU glibc "regcomp()" Stack Exhaustion Denial of Service
• Description: GNU glibc is exposed to a denial of service issue due to stack exhaustion. Specifically, this issue occurs when the "regcomp()" function processes specially crafted recursive regular expressions.
• Ref: http://www.kb.cert.org/vuls/id/912279

• 10.50.38 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: WordPress WPtouch Plugin "wptouch_settings" Parameter Cross-Site Scripting
• Description: WPtouch is a plugin for Wordpress. The WPtouch plugin is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "wptouch_settings" parameter of the "wp-content/plugins/wptouch/include/adsense-new.php" script. WPtouch version 1.9.20 is affected.
• Ref: http://www.htbridge.ch/advisory/xss_in_wptouch_wordpress_plugin.html

• 10.50.39 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: Alguest Multiple Cross-Site Scripting Vulnerabilities
• Description: Alguest is a guestbook system. The application is exposed to multiple cross-site scripting issues because it fails to sanitize user-supplied input to the following parameters of the "index.php" script: "nome", "messaggio" and "link". Alguest version 1.1c-patched is affected.
• Ref: http://www.securityfocus.com/bid/45140

• 10.50.40 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: Contenido CMS Multiple Cross-Site Scripting Vulnerabilities
• Description: Contenido CMS is a PHP-based content manger. The application is exposed to multiple cross-site scripting issues because it fails to sanitize user-supplied input. Contenido CMS version 4.8.12 is affected.
• Ref: http://www.htbridge.ch/advisory/xss_vulnerability_in_contenido_cms.html

• 10.50.41 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: Register Plus Redux "wp-login.php" Multiple Cross-Site Scripting Vulnerabilities
• Description: Register Plus Redux is a plugin for WordPress. WordPress is a web-based publishing application. The application is exposed to multiple cross-site scripting issues because it fails to sanitize user-supplied input. Register Plus Redux version 3.6.1 is affected.
• Ref: http://www.securityfocus.com/archive/1/514999

• 10.50.42 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: Atlassian JIRA Multiple Cross-Site Scripting Vulnerabilities
• Description: Atlassian JIRA is a web-based bug tracking application. The application is exposed to multiple cross-site scripting issues because it fails to sanitize user-supplied input passed via URL query strings. Atlassian JIRA versions prior to 4.2.1 are affected.
• Ref: http://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2010-12-06#J
  IRASecurityAdvisory2010-12-06-xssfix

• 10.50.43 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: DynPG CMS Local File Include and SQL Injection Vulnerabilities
• Description: DynPG CMS is a PHP-based content manager. The application is exposed to multiple issues. An attacker can exploit the local file include issue using directory traversal strings to view and execute arbitrary local files within the context of the web server process. DynPG CMS version 4.2.0 is affected.
• Ref: http://www.dynpg.org/cms-freeware.php?read_article=225

• 10.50.44 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: PHP-Nuke Search Module SQL Injection
• Description: PHP-Nuke is a content manager. The Search module is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "sid" parameter before using it in an SQL query. PHP-Nuke Search module versions 8.1.0.3.5b and earlier are affected.
• Ref: http://www.securityfocus.com/bid/45165

• 10.50.45 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: GateSoft Docusafe "ECO.asp" SQL Injection
• Description: GateSoft Docusafe is an ASP-based Product Document Management (PDM) system. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "ECO_ID" parameter of the "ECO.asp"script before using it in an SQL query. GateSoft Docusafe version 4.1.0 is affected.
• Ref: http://www.securityfocus.com/bid/45182

• 10.50.46 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Techno Dreams FAQ Manager Package
• Description: Techno Dreams FAQ Manager Package is an ASP-based web application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "order" parameter of the "faqlist.asp" script before using it in an SQL query. Techno Dreams FAQ Manager Package version 1.0 is affected.
• Ref: http://www.securityfocus.com/bid/45202

• 10.50.47 - CVE: CVE-2010-3267,CVE-2010-3266
• Platform: Web Application
• Title: BugTracker.NET SQL Injection and Cross-Site Scripting Vulnerabilities
• Description: BugTracker.NET is a web-based bug or issue tracker implemented in ASP. The application is exposed to multiple issues because it fails to sufficiently sanitize user-supplied input. BugTracker.NET version v3.4.4 is affected.
• Ref: http://www.coresecurity.com/content/multiple-vulnerabilities-in-bugtracker

• 10.50.48 - CVE: Not Available
• Platform: Web Application
• Title: Drupal Services Module "node.save" Security Bypass
• Description: Services is a module for the Drupal content manager that provides an API for exposing Drupal functions, allowing clients to call server methods and obtain data for local processing. The module is exposed to a security bypass issue because it fails to properly restrict access to sensitive features. Services versions prior to 6.x-2.3 are affected.
• Ref: http://drupal.org/node/986798

• 10.50.49 - CVE: Not Available
• Platform: Web Application
• Title: Palm WebOS Contacts Application HTML Injection
• Description: Palm WebOS is a smartphone platform based on Linux. The application is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input to the "Company" field in the Contacts application. Palm WebOS versions prior to 2.0 beta are affected.
• Ref: http://www.darkreading.com/vulnerability-management/167901026/security/applicati
  on-security/228300479/researchers-uncover-holes-in-webos-smartphones.html

• 10.50.50 - CVE: Not Available
• Platform: Web Application
• Title: WordPress Comment Rating Plugin Cross Site Request Forgery
• Description: Comment Rating is a comments plugin for WordPress. Comment Rating is exposed to a cross-site request forgery issue because the application does not properly validate user-supplied requests. Comment Rating versions prior to 2.9.21 are affected.
• Ref: http://wordpress.org/extend/plugins/comment-rating/changelog/

(c) 2010. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge by the SANS Institute to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization. For a free subscription or to update a current subscription, visit http://portal.sans.org/