6 Days Left to Save $400 on SANS Network Security 2014

@RISK: The Consensus Security Vulnerability Alert

Volume: IX, Issue: 6
February 4, 2010

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Platform Number of Updates and Vulnerabilities
    • -------------------------- -------------------------------------
    • Third Party Windows Apps
    • 3
    • Linux
    • 4
    • HP-UX
    • 1
    • BSD
    • 1
    • Solaris
    • 1
    • Cross Platform
    • 31 (#1, #2, #3, #4, #5, #6, #7, #8)
    • Web Application - Cross Site Scripting
    • 8
    • Web Application - SQL Injection
    • 14
    • Web Application
    • 12

********************* Sponsored By Lightwave Security ********************

Download our NEW Whitepaper: Continuous Compliance in the PCI World SecureAware® helps retailers create and oversee a corporate program of data security excellence and PCI compliance. Automated IT-GRC solutions are now used by leading organizations to integrate Governance, Risk Management, and Compliance for many regulatory mandates including PCI, SOX (COBIT), and HIPAA.

https://www.sans.org/info/54369

**************************************************************************

TRAINING UPDATE

- -- SANS Phoenix, February 14 - February 20, 2010

6 courses and bonus evening presentations, including The Art of Incident Response and Advanced Forensic Techniques: Catching Hackers on the Wire

https://www.sans.org/phoenix-2010/

- -- SANS 2010, Orlando, March 6 - March 15, 2010

38 courses and bonus evening presentations, including Software Security Street Fighting Style

https://www.sans.org/sans-2010/

- -- SANS Northern Virginia Bootcamp 2010, April 6-13

Bonus evening presentations include Safe Surfing: How to Surf the Net Without Getting PWND

https://www.sans.org/reston-2010/

- -- SANS Security West 2010, San Diego, May 7-15, 2010 23 courses. Bonus evening presentations include Killer Bee: Exploiting ZigBee and the Kinetic World

https://www.sans.org/security-west-2010/

- -- SANSFIRE 2010, Baltimore, June 6-14, 2010 38 courses

https://www.sans.org/sansfire-2010/

Looking for training in your own community?

https://sans.org/community/

Save on On-Demand training (30 full courses)

- See samples at https://www.sans.org/ondemand/

Plus Oslo and Dublin all in the next 60 days.

For a list of all upcoming events, on-line and live: http://www.sans.org

*************************************************************************

Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Third Party Windows Apps
Linux
HP-UX
BSD
Solaris
Cross Platform
Web Application - Cross Site Scripting
Web Application - SQL Injection
Web Application

**************************** Sponsored Link: ****************************

1) Check out the Spring 2010 WhatWorks Poster: Top 35 Secure Development Techniques

https://www.sans.org/info/54373

Download the NetWiness Whitepaper- NetWitness at Financial Services Companies

https://www.sans.org/info/54378

*************************************************************************

PART I Critical Vulnerabilities

Part I for this issue has been compiled by Rohan Kotian at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems.

Widely Deployed Software
  • (1) HIGH: Apple iPhone and Apple iPod Touch Multiple Vulnerabilities
  • Affected:
    • iPhone OS 3.1.3
    • iPhone OS 3.1.3 for iPod touch
  • Description: Apple iPhone and Apple iPod contain multiple vulnerabilities in their handling of certain inputs like audio files, image files, USB control message, FTP directory listings, and web page contents. The first issue is a buffer overflow error in the way the affected products handles mp4 audio files. The second issue is a buffer underflow error in the way ImageIO handles TIFF images. The third issue is a memory corruption vulnerability caused due to improper handling of certain USB control message. The fourth issue is caused by improper handling of FTP directory listings. The fifth issue is caused by Webkit improperly handling HTML 5 Media Element pointing to an external resource and eventually leading to requests sent to remote servers automatically. Successful exploitation in most cases might lead to remote code execution. Technical details for some of the vulnerabilities are publicly available.

  • Status: Vendors confirmed, updates available.

  • References:
  • (3) MODERATE: Apache mod_proxy Integer Overflow Vulnerability
  • Affected:
    • Apache 1.3.x
  • Description: Mod_proxy is a module for Apache, a multi-platform HTTP server, that implements proxy/cache and proxying capability for different protocols like FTP, SSL etc. An integer overflow vulnerability has been identified in the mod_proxy module of Apache. The specific flaw is an integer overflow error in the "ap_proxy_send_fb()" function in "src/modules/proxy/proxy_util.c". This vulnerability only exists on 64 bits systems when the server directly converts from type 'long' to type 'int'. Successful exploitation might allow an attacker to execute arbitrary code remotely. Full technical details for the vulnerability are publicly available via source code analysis and proof-of-concept.

  • Status: Vendor confirmed, updates available.

  • References:
  • (4) MODERATE: Multiple Hitachi Products Buffer Overflow Vulnerability
  • Affected:
    • Cosminexus Version 8
    • Cosminexus Version 7
    • Cosminexus Version 6.x
    • Cosminexus Version 5
    • Cosminexus Version 4
    • uCosminexus Navigation Platform(*2)
    • uCosminexus Navigation Platform - User License(*2)
    • uCosminexus Navigation Platform - Authoring License(*2)
    • uCosminexus Navigation Developer(*2)
    • Electronic Form Workflow Set(*2)
    • Electronic Form Workflow - Professional Set(*2)
    • Electronic Form Workflow - Developer Set(*2)
    • Electronic Form Workflow - Standard Set(*2)
    • Electronic Form Workflow - Professional Library Set(*2)
    • Electronic Form Workflow - Developer Client Set(*2)
    • uCosminexus Collaboration - Server(*2)
    • Groupmax Collaboration - Server(*2)
    • uCosminexus/OpenTP1 Web Front-end Set(*2)
    • Cosminexus/OpenTP1 Web Front-end Set(*2)
    • uCosminexus Portal Framework Entry Set(*3)
    • Cosminexus/OpenTP1 Web Front-end Set
    • Electronic Form Workflow 7.x
    • Groupmax Collaboration - Server
    • Hitachi Developer's Kit for Java
    • Hitachi Electronic Form Workflow 6.x
    • Hitachi Processing Kit for XML
  • Description: A buffer overflow vulnerability reportedly exists in various multiple products of Hitachi, a large Japanese multinational company specializing in high technology. Cosminexus, Processing Kit for XML, Hitachi's Developer Kit for Java are some of the products reported to be vulnerable to this vulnerability. The flaw is caused by boundary error when Java applications processes malicious image files and a specially crafted image file can be used to trigger it. Successful exploitation might lead to remote code execution or a denial-of service condition. Technical details are not available for this vulnerability.

  • Status: Vendors confirmed, updates available.

  • References:
  • (5) MODERATE: yaSSL Certificate handling Buffer Overflow Vulnerability
  • Affected:
    • yaSSL Library 1.x
  • Description: yaSSL is a dual licensing Secure Sockets Layer (SSL) library used by programmers to build security functionality into their applications. A suffer overflow vulnerability has been reported in yaSSL library caused by an error in the way it processes SSL certificates. A specially crafted SSL certificate can be used to trigger this vulnerability. Successful exploitation might allow an attacker to execute arbitrary code in the context of the affected application. Full technical details for the vulnerability are publicly available via source code analysis and public proof-of-concepts.

  • Status: Vendors confirmed, updates available.

  • References:
  • (7) MODERATE: Ingres Database Buffer Overflow Vulnerability
  • Affected:
    • Ingres Database 9.3 and prior
  • Description: Ingres Database, a popular enterprise database engine, contains a heap overflow vulnerability. The issue is caused by an error in the Ingres Database Server in the way it processes data packets sent to the "iidbms" port. Successful exploitation might allow an attacker to execute arbitrary code with the privileges of the affected application. Technical details for the vulnerability are publicly available via public proof-of-concept.

  • Status: Vendor confirmed, no updates available.

  • References:
  • (8) LOW: IRCD-Hybrid and ircd-ratbox Integer Underflow Vulnerability
  • Affected:
    • ircd-ratbox 2.2.x
    • ircd-ratbox 2.0 rc7
    • ircd-ratbox 2.0 rc6
    • ircd-hybrid 7.x
  • Description: A couple of Internet Relay Chat Daemons (ircd) such as IRCD-Hybrid and ircd-ratbox, are vulnerable to integer underflow vulnerability. The specific flaw is caused by an integer underflow error while processing "LINKS" command. A specially crafted LINKS command can be used to trigger this vulnerability. Successful exploitation might allow an attacker to execute arbitrary code in the context of the affected application. Some technical details for the vulnerability are publicly available.

  • Status: Vendor confirmed, updates available.

  • References:
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 6, 2010

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 7930 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely. ______________________________________________________________________


  • 10.6.1 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Vermillion FTP Daemon "Port" Command Buffer Overflow
  • Description: Vermillion FTP Daemon is an FTP server for Windows. The application is exposed to a buffer overflow issue when issuing a "PORT" command with an overly large string as an argument. Vermillion FTP Daemon version 1.31 is affected.
  • Ref: http://www.global-evolution.info/news/files/vftpd/vftpd.txt

  • 10.6.2 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Corel Paint Shop Pro Photo X2 "FPX" File Heap Buffer Overflow
  • Description: Corel Paint Shop Pro Photo X2 is an image editor for Microsoft Windows. The application is exposed to a heap-based buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input. This issue occurs when the application fails to handle malformed "FPX" files. Paint Shop Pro Photo X2 Ultimate version 12.50 is affected.
  • Ref: http://www.securityfocus.com/archive/1/509299

  • 10.6.3 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: 360.cn Qihoo 360 Security Guard "bregdrv.sys" Edit Registry Local Privilege Escalation
  • Description: 360.cn Qihoo 360 Security Guard is a security application for Microsoft Windows. The application is exposed to a local privilege escalation issue in the "bregdrv.sys" kernel mode driver. User-supplied input is passed to the driver via the user mode "bregdll.dll" dynamic link library, allowing attackers to access kernel level functions. Qihoo 360 Security Guard version 6.1.5.1009 is affected.
  • Ref: http://www.securityfocus.com/archive/1/509308

  • 10.6.4 - CVE: CVE-2009-4013, CVE-2009-4014, CVE-2009-4015
  • Platform: Linux
  • Title: Debian Lintian Multiple Local Vulnerabilities
  • Description: Lintian is a tool for analyzing Debian packages for bugs and policy violations. Lintian is exposed to multiple local issues. A directory traversal issue occurs because the application fails to properly sanitize control field names and values before using them in certain operations; a directory traversal issue that occurs because the application fails to sanitize control files. Multiple format string issues affect several check scripts and the "Lintian: Schedule" module. An arbitrary command execution issue which occurs because the application fails to sanitize filenames when passing them to certain commands.
  • Ref: http://www.securityfocus.com/bid/37975

  • 10.6.5 - CVE: Not Available
  • Platform: Linux
  • Title: Battery Life Toolkit "bltk_sudo" Local Privilege Escalation
  • Description: Battery Life Toolkit (BLTK) is a set of Linux utilities used to measure power performance and battery life of desktop and laptop computers. BLTK is exposed to a local privilege escalation issue. Specifically, the "/usr/lib/bltk/bin/bltk_sudo" program may be used to launch arbitrary applications with superuser privileges. BLTK version 1.0.9 is affected.
  • Ref: http://www.securityfocus.com/bid/37996

  • 10.6.6 - CVE: Not Available
  • Platform: Linux
  • Title: Linux Kernel 64bit Personality Handling Local Denial of Service
  • Description: The Linux kernel is exposed to a local denial of service issue when setting the personality of a process. This issue occurs in the "load_elf_binary()" function of the "fs/binfmt_elf.c" source file. Specifically, the function calls the "SET_PERSONALITY()" function without checking to see if the ELF interpreter is available.
  • Ref: http://marc.info/?l=linux-mm&m=126466407724382&w=4

  • 10.6.7 - CVE: Not Available
  • Platform: Linux
  • Title: Linux Kernel KVM "pit_ioport_read()" Local Denial of Service
  • Description: The Linux kernel is exposed to a local denial of service issue that affects the Kernel based Virtual Machine (KVM). Specifically, this issue is triggered when the vulnerable code tries to read a write-only value. This issue affects the "pit_ioport_read()" function in the "arch/x86/kvm/i8254.c" source file.
  • Ref: https://bugzilla.redhat.com/show_bug.cgi?id=560887

  • 10.6.8 - CVE: CVE-2009-4184
  • Platform: HP-UX
  • Title: HP Enterprise Cluster Master Toolkit Privilege Escalation
  • Description: HP Enterprise Cluster Master Toolkit (ECMT) is a set of example scripts and package configuration files for creating HP Serviceguard packages for several database and software products. HP Enterprise Cluster Master Toolkit is exposed to a privilege escalation issue. HP ECMT version B.05.00 running on HP-UX B.11.23 and B.11.31 is affected.
  • Ref: http://www.securityfocus.com/bid/38035

  • 10.6.9 - CVE: Not Available
  • Platform: BSD
  • Title: OpenBSD "ptrace()" Local Denial of Service
  • Description: OpenBSD is exposed to a local denial of service issue. Specifically, when the "ptrace()" function is called on an ancestor process, a loop may be created in the process tree. This may in turn cause the kernel to enter into an infinite loop. Successful exploits will cause a denial of service. OpenBSD versions 4.5 and 4.6 are affected.
  • Ref: http://www.securityfocus.com/bid/38039

  • 10.6.10 - CVE: Not Available
  • Platform: Solaris
  • Title: Sun Solaris "CODE_GET_VERSION IOCTL" Local Denial of Service
  • Description: Sun Solaris is exposed to a local denial of service issue that occurs due to a NULL pointer dereference when handling "UCODE_GET_VERSION" IOCTL requests. Local attackers can exploit the issue to cause kernel panic resulting in denial of service. Sun Solaris 10 and OpenSolaris for x86 platforms are affected.
  • Ref: http://trapkit.de/advisories/TKADV2010-001.txt

  • 10.6.11 - CVE: Not Available
  • Platform: Cross Platform
  • Title: IBM DB2 "REPEAT()" Heap Buffer Overflow
  • Description: IBM DB2 is a database application available for multiple platforms. DB2 is exposed to a heap-based buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. The vulnerability is triggered when handling a crafted SQL statement that uses the "REPEAT()" function. Attackers can exploit this issue to execute arbitrary code with elevated privileges or crash the affected application. IBM DB2 version 9.7 is affected.
  • Ref: http://intevydis.blogspot.com/2010/01/ibm-db2-97-heap-overflow.html

  • 10.6.12 - CVE: CVE-2009-4016
  • Platform: Cross Platform
  • Title: IRCD-Hybrid and ircd-ratbox "LINKS" Command Remote Integer Underflow
  • Description: IRCD-Hybrid and ircd-ratbox are IRC chat servers available for Unix, Linux, and other Unix-like operating systems. The applications are exposed to an integer underflow issue because they fail to perform adequate boundary checks on users-supplied data. The vulnerability occurs when the applications handle malformed "LINKS" commands. IRCD-Hybrid versions 7.2.2 and ircd-ratbox 2.2.8 are affected. Ref: http://trac.oftc.net/projects/oftc-hybrid/browser/tags/oftc-hybrid-1.6.8/RELNOTES

  • 10.6.13 - CVE: CVE-2010-0300
  • Platform: Cross Platform
  • Title: ircd-ratbox "HELP" Command Denial of Service
  • Description: The "ircd-ratbox" daemon is an IRC server available for various platforms, including Windows and UNIX. The daemon is exposed to a denial of service issue because it fails to handle "HELP" commands properly. ircd-ratbox version 2.2.8 is affected.
  • Ref: http://www.securityfocus.com/bid/37979

  • 10.6.14 - CVE: CVE-2009-4183
  • Platform: Cross Platform
  • Title: HP OpenView Storage Data Protector Unspecified Remote Unauthorized Access
  • Description: HP OpenView Network Node Manager is a network management application. HP OpenView Storage Data Protector is exposed to an unauthorized access vulnerability that stems from an unspecified design error. Local attackers can exploit this issue to gain unauthorized access to the affected application. HP OpenView Storage Data Protector versions 6.00 and 6.10 are affected.
  • Ref: http://www.openview.hp.com/products/nnm/

  • 10.6.15 - CVE: CVE-2010-0139, CVE-2010-0140, CVE-2010-0141,CVE-2010-0142
  • Platform: Cross Platform
  • Title: Cisco Unified MeetingPlace Multiple Vulnerabilities
  • Description: Cisco Unified MeetingPlace is an application for holding online meetings. MeetingPlace is exposed to multiple security issues. An SQL injection issue allows an unauthorized user to create, delete, or alter any of the information contained in the database. An input validation issue occurs when handling specially crafted URLs to the internal interface. A vulnerability in the MeetingTime authentication sequence may allow an attacker to obtain sensitive information, including the user database. A privilege escalation issue in the MeetingTime authentication sequence may allow an attacker to elevate their privileges to that of an admin.
  • Ref: http://www.cisco.com/warp/public/707/cisco-sa-20100127-mp.shtml

  • 10.6.16 - CVE: CVE-2010-0010
  • Platform: Cross Platform
  • Title: Apache 1.3 mod_proxy HTTP Chunked Encoding Integer Overflow Vulnerability
  • Description: The Apache mod_proxy module implements an HTTP proxy and cache for the Apache web server. The module is exposed to a remote integer overflow issue because it fails to properly handle type conversions on 64 bit platforms when processing chunk encoded HTTP responses. This vulnerability is caused by an error in the "ap_proxy_send_fb()" function in the "modules/proxy/proxy_util.c" source file. Apache version 1.3.41 on 64-bit platforms is affected.
  • Ref: http://site.pi3.com.pl/adv/mod_proxy.txt

  • 10.6.17 - CVE: Not Available
  • Platform: Cross Platform
  • Title: sudosh3 "replay.c" Multiple Buffer Overflow Vulnerabilities
  • Description: The "sudosh3" utility provides a rootshell where all activities are logged. The application is exposed to multiple buffer overflow issues because it fails to bounds check user-supplied data before copying it into an insufficiently sized buffer. Specifically, these issues occur in the "replay.c" source file and can be triggered by crafted replay files. sudosh3 version 3.2.0 is affected.
  • Ref: http://lists.debian.org/debian-devel/2010/01/msg00317.html

  • 10.6.18 - CVE: CVE-2010-0442
  • Platform: Cross Platform
  • Title: PostgreSQL "bitsubstr" Buffer Overflow
  • Description: PostgreSQL is an open source relational database suite. PostgreSQL is exposed to a buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. The issue occurs when handling a specially crafted bit substring. PostgreSQL version 8.0.23 is affected. Ref: http://intevydis.blogspot.com/2010/01/postgresql-8023-bitsubstr-overflow.html

  • 10.6.19 - CVE: CVE-2009-3297
  • Platform: Cross Platform
  • Title: FUSE "fusermount" Race Condition
  • Description: The FUSE (Filesystem in Userspace) project is an open source Linux kernel module designed to allow users to create and run filesystems from userspace, without superuser privileges. FUSE is exposed to a race condition issue due to improper permissions given to the "fusermount" program.
  • Ref: https://bugzilla.redhat.com/show_bug.cgi?id=532940

  • 10.6.20 - CVE: Not Available
  • Platform: Cross Platform
  • Title: GNU Mailman Unspecified Privilege Escalation
  • Description: Mailman is a mailing list manager. Mailman is exposed to an unspecified privilege escalation issue. Local attackers may exploit this issue to obtain elevated privileges and compromise a computer. Mailman versions 2.0.2 and 2.0.4 are affected.
  • Ref: http://www.securityfocus.com/bid/37984

  • 10.6.21 - CVE: CVE-2010-0304
  • Platform: Cross Platform
  • Title: Wireshark Dissector LWRES Multiple Buffer Overflow Vulnerabilities
  • Description: Wireshark (formerly Ethereal) is an application for analyzing network traffic. Wireshark is exposed to multiple buffer overflow issues that arise when handling data associated with the LWRES dissector. Wireshark versions 0.9.0 through 1.2.5 are affected.
  • Ref: http://www.wireshark.org/security/wnpa-sec-2010-02.html

  • 10.6.22 - CVE: CVE-2009-3035
  • Platform: Cross Platform
  • Title: Symantec Altiris Notification Server Static Encryption Key Unauthorized Access
  • Description: Symantec Altiris Notification Server is software for deploying and managing servers and other hardware from a centralized location. Symantec Altiris Notification Server is exposed to an unauthorized access vulnerability because the application's web console stores static encryption keys. Ref: http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20100128_00

  • 10.6.23 - CVE: CVE-2009-4998
  • Platform: Cross Platform
  • Title: ZABBIX "node_process_command()" Remote Command Execution
  • Description: ZABBIX is an IT monitoring system available for multiple operating platforms. ZABBIX is exposed to an issue that attackers can leverage to execute arbitrary commands. This issue affects the "node_process_command()" function in the "trapper/nodecommand.c" source code file, and occurs because the application fails to properly validate connections containing "Command" data before executing user-specified shell commands. ZABBIX versions prior to 1.6.8 are affected.
  • Ref: https://support.zabbix.com/browse/ZBX-1030

  • 10.6.24 - CVE: CVE-2009-3297
  • Platform: Cross Platform
  • Title: Samba "mount.cifs" Utility Local Privilege Escalation
  • Description: Samba is a freely available file and printer sharing application maintained and developed by the Samba Development Team. Samba allows users to share files and printers between operating systems on UNIX and Windows platforms. Samba is exposed to a local privilege escalation issue in the "mount.cifs" utility. Specifically, when the application is installed as a setuid program, a race condition occurs when verifying user permissions.
  • Ref: http://www.securityfocus.com/bid/37992

  • 10.6.25 - CVE: CVE-2010-0227
  • Platform: Cross Platform
  • Title: Libpurple MSN Protocol "slp.c" Remote Denial of Service
  • Description: Libpurple is a library used to provide instant messaging functionality. It is used by the Pidgin and Adium IM clients. Libpurple is exposed to a remote denial of service issue that stems from a memory corruption issue. This issue occurs in the "slp.c" source file of the MSN protocol plug-in.
  • Ref: http://www.securityfocus.com/bid/37993

  • 10.6.26 - CVE: CVE-2010-0386
  • Platform: Cross Platform
  • Title: Sun Java System Application Server HTTP TRACE Information Disclosure
  • Description: Sun Java System Application Server is an enterprise application server. The application is exposed to a remote information disclosure issue because HTTP TRACE functionality is enabled by default. HTTP TRACE requests can echo HTTP header content back to the client that is making the request.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-200942-1

  • 10.6.27 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Hitachi Multiple Products Image File Parsing Buffer Overflow
  • Description: Multiple Hitachi products, including Cosminexus, Processing Kit for XML, and Hitachi Developer's Kit for Java, are exposed to a buffer overflow issue because the software fails to bounds check user-supplied data before copying it into an insufficiently sized buffer. Specifically, the issue occurs when processing crafted image files belonging to unspecified formats. Ref: http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS09-019/index.html

  • 10.6.28 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Ingres Database Heap Buffer Overflow
  • Description: Ingres Database is a database application available for multiple platforms. Ingres Database is exposed to a heap-based buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. The vulnerability is triggered when the "iidbms" process handles an excessive amount of data. Ingres Database version 9.3 is affected.
  • Ref: http://intevydis.blogspot.com/2010/01/ingres-93-heap-overflow.html

  • 10.6.29 - CVE: Not Available
  • Platform: Cross Platform
  • Title: SQLite "SQLITE_SECURE_DELETE" Local Information Disclosure
  • Description: SQLite is an in-process SQL database engine. The software is exposed to an information disclosure issue because it leaves traces of data on disk following deletion from the database. This issue can occur when applications built with SQLite fail to enable "SQLITE_SECURE_DELETE" at compile time, which will overwrite data on disk with zeros. Exploiting this issue may allow a local attacker to obtain sensitive information that may lead to further attacks.
  • Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=566326

  • 10.6.30 - CVE: Not Available
  • Platform: Cross Platform
  • Title: ejabberd "client2server" Message Remote Denial of Service
  • Description: The "ejabberd" application is a fault tolerant technology for large scale instant messaging. The application is exposed to a denial of service issue that occurs when handling an excessive number of "client2server" messages, causing the queue on the server to overload. An attacker can exploit this issue to crash the affected application, denying service to legitimate users. ejabberd versions prior to 2.1.3 are affected.
  • Ref: http://www.securityfocus.com/bid/38003

  • 10.6.31 - CVE: CVE-2010-0303
  • Platform: Cross Platform
  • Title: Hybserv2 ":help" Command Denial of Service
  • Description: Hybserv2 is an IRC services application for use with IRCD Hybrid and other IRC servers. Hybserv2 is exposed to a denial of service issue because it fails to handle ":help" commands properly. Specifically, the application will crash when processing a help command containing only a tab character. This issue affects the "helpserv.c" source file. Hybserv2 version 1.9.4 is affected.
  • Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=550389

  • 10.6.32 - CVE: CVE-2010-0185
  • Platform: Cross Platform
  • Title: Adobe ColdFusion Solr Service Information Disclosure
  • Description: Adobe ColdFusion is an application for developing websites. It is available for various operating systems. ColdFusion is exposed to an information disclosure issue because it fails to restrict access to sensitive information. Specifically, attackers may exploit this issue to access collections created by the "Solr Service". ColdFusion version 9.0 is affected.
  • Ref: http://www.adobe.com/support/security/bulletins/apsb10-04.html

  • 10.6.33 - CVE: Not Available
  • Platform: Cross Platform
  • Title: bitfolge snif Remote File Disclosure
  • Description: snif (simple and nice index file) is a script for managing website download directories. The application is exposed to a file disclosure issue because it fails to properly sanitize user-supplied input passed to the "download" parameter of the "snif.php" script. An attacker can append "%00" to the name of a file supplied through the affected parameter to obtain its contents. snif version 1.5.2 is affected.
  • Ref: http://www.securityfocus.com/bid/38014

  • 10.6.34 - CVE: Not Available
  • Platform: Cross Platform
  • Title: IBM DB2 "kuddb2" Remote Denial of Service
  • Description: IBM DB2 is a database application available for multiple platforms. DB2 is exposed to a remote denial of service issue that arises when the Tivoli Monitoring agent "kuddb2" handles specially crafted data over TCP port 6014. IBM DB2 version 9.7 is affected.
  • Ref: http://intevydis.blogspot.com/2010/01/ibm-db2-97-kuddb2-dos.html

  • 10.6.35 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Oracle Times Ten In-Memory Database Remote Denial of Service
  • Description: Oracle Times Ten In-Memory Database provides real time data management. It is available for multiple platforms. Oracle Times Ten In-Memory Database is exposed to a remote denial of service issue. Specifically, this issue arises when the "timestend" process handles a specially crafted GET request over TCP port 17000. Oracle Times Ten In-Memory Database version 7.0.5 is affected. Ref: http://intevydis.blogspot.com/2010/02/oracle-timesten-705-timestend-dos.html

  • 10.6.36 - CVE: Not Available
  • Platform: Cross Platform
  • Title: C++ Sockets Library HTTP Headers Remote Denial of Service
  • Description: C++ Sockets Library is a cross platform open source class library that implements a number of protocols, including TCP, UDP, ICMP, and HTTP/HTTPS. The library is exposed to a remote denial of service issue. The issue stems from an error when processing certain HTTP requests. Specifically, the library fails to properly handle HTTP requests with a large number of headers or overly long header lines. C++ Sockets Library versions prior to 2.3.9 are affected.
  • Ref: http://www.securityfocus.com/bid/38021

  • 10.6.37 - CVE: CVE-2010-0295
  • Platform: Cross Platform
  • Title: lighttpd Slow Request Handling Remote Denial of Service
  • Description: lighttpd is an open source web server application. The server is exposed to a denial of service issue when handling certain requests. Specifically, when processing slow network requests at a rate of one byte per second, the application can hang due to memory exhaustion. Remote attackers can exploit this issue to cause the application to hang, denying service to legitimate users. Ref: http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2010_01.txt

  • 10.6.38 - CVE: CVE-2008-7247
  • Platform: Cross Platform
  • Title: MySQL "sql/sql_table.cc" CREATE TABLE Security Bypass
  • Description: MySQL is an open source SQL database application available for multiple operating platforms. MySQL is exposed to a security bypass issue because it allows attackers to bypass certain checks when creating a table with certain "DATA DIRECTORY" and "INDEX DIRECTORY"17 options that are within the MySQL home data directory. This issue occurs when the data home directory contains a symbolic link to a different filesystem.
  • Ref: http://bugs.mysql.com/bug.php?id=39277

  • 10.6.39 - CVE: CVE-2010-0441
  • Platform: Cross Platform
  • Title: Asterisk T.38 "FaxMaxDatagram" Remote Denial of Service
  • Description: Asterisk is a private branch exchange (PBX) application available for Linux, BSD, and Mac OS X platforms. Asterisk is exposed to a remote denial of service issue because it fails to handle a specially crafted "FaxMaxDatagram" field in a fax message when performing a T.38 negotiation over SIP.
  • Ref: http://seclists.org/fulldisclosure/2010/Feb/20

  • 10.6.40 - CVE: CVE-2010-0443
  • Platform: Cross Platform
  • Title: HP OpenVMS RMS Patch Kit Privilege Escalation
  • Description: OpenVMS is a mainframe like operating system originally developed by Digital. It is maintained and distributed by HP. OpenVMS Record Management Services (RMS) is exposed to a privilege escalation issue that occurs in certain RMS patch kits for OpenVMS running on Alpha platforms. OpenVMS running on ALPHA platforms with the following RMS patch kits are vulnerable: VMS83A_RMS-V1000 and VMS83A_UPDATE-V1100. Ref: http://www13.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02001423&admit=109447627+1265221108698+28353475

  • 10.6.41 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Citrix XenServer Authentication Bypass
  • Description: Citrix XenServer is a virtualization solution. The application is exposed to an authentication bypass issue. Specifically, an attacker can exploit this issue to execute a subset of Xen API (XAPI) calls without proper authentication. Successful exploits may lead to other attacks. Citrix XenServer versions 5.0 and 5.5 are affected.
  • Ref: http://support.citrix.com/article/CTX123456

  • 10.6.42 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: HP System Management Homepage "servercert" Parameter Cross-Site Scripting
  • Description: HP System Management Homepage, also known as Systems Insight Manager, is a web-based application for managing individual ProLiant and Integrity servers. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input to the "servercert" parameter.
  • Ref: http://www.securityfocus.com/archive/1/509195

  • 10.6.43 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: SAP BusinessObjects URI Redirection and Cross-Site Scripting Vulnerabilities
  • Description: BusinessObjects is suite of applications and tools used to connect people, information, and businesses across business networks. The software is exposed to multiple input validation issues. Attackers can exploit these issues to execute arbitrary script or HTML code, steal cookie-based authentication credentials, and conduct phishing attacks. Other attacks may also be possible. Ref: http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr09-02

  • 10.6.44 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Discuz! "tid" Parameter Cross-Site Scripting
  • Description: Discuz! is web-based forum software implemented in PHP. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "tid" parameter of the "viewthread.php" script. Discuz! version 6.0.0 is affected.
  • Ref: http://www.securityfocus.com/bid/37982

  • 10.6.45 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: CommonSpot Server "utilities/longproc.cfm" Cross-Site Scripting
  • Description: CommonSpot Server is a content server implemented in ColdFusion. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "url" parameter of the "utilities/longproc.cfm" script. Ref: http://archives.neohapsis.com/archives/fulldisclosure/2010-01/0601.html

  • 10.6.46 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: XAMPP Multiple Cross-Site Scripting Vulnerabilities
  • Description: XAMPP is a package bundle containing the Apache web server, MySQL, PHP, Perl, FTP server, and phpMyAdmin. The application is exposed to multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied data to the "TEXT[global-showcode]" parameter of the "showcode.php" script and the "xamppsecurity.php" script. XAMPP versions 1.6.8 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/37997

  • 10.6.47 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Comtrend CT-507 IT ADSL Router "scvrtsrv.cmd" Cross-Site Scripting
  • Description: Comtrend CT-507 IT is an ADSL router device that includes an embedded web server and web-based administration interface. The device's web interface is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "srvName" parameter of the "scvrtsrv.cmd" script.
  • Ref: http://www.securityfocus.com/bid/38004

  • 10.6.48 - CVE: CVE-2010-0440
  • Platform: Web Application - Cross Site Scripting
  • Title: Cisco Secure Desktop "translation" Cross-Site Scripting
  • Description: Cisco Secure Desktop is an application that validates and protects the security of SSL VPN clients. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "translation" CGI application. Cisco Secure Desktop versions prior to 3.5 are affected.
  • Ref: http://tools.cisco.com/security/center/viewAlert.x?alertId=19843

  • 10.6.49 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: WebCalendar Multiple Cross-Site Scripting Vulnerabilities
  • Description: WebCalendar is a PHP-based application. The application is exposed to multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied data to the "tab" parameter of the "users.php" script. The "day.php", "week.php" and "month.php" scripts are also affected. WebCalendar version 1.2.0 is affected.
  • Ref: http://www.securityfocus.com/bid/38053

  • 10.6.50 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: NovaBoard "forums" Parameter SQL Injection
  • Description: NovaBoard is a messaging application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "forums" parameter of the "index.php" script before using it in an SQL query. NovaBoard version 1.1.2 is affected.
  • Ref: http://www.securityfocus.com/bid/37988

  • 10.6.51 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: jVideoDirect Component for Joomla! "v" Parameter SQL Injection
  • Description: jVideoDirect is a component for the Joomla! content manager. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "v" parameter before using it in an SQL query. A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
  • Ref: http://www.securityfocus.com/bid/37990

  • 10.6.52 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: XAMPP Multiple SQL Injection Vulnerabilities
  • Description: XAMPP is a package bundle containing the Apache web server, MySQL, PHP, Perl, FTP server, and phpMyAdmin. XAMPP is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data. A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. XAMPP versions 1.6.8 and earlier are affected.
  • Ref: http://websecurity.com.ua/3257/

  • 10.6.53 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: OCS Inventory NG Server "login" Parameter SQL Injection
  • Description: OCS Inventory NG is an application for managing computing assets. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "login" parameter of the "header.php" script before using it in an SQL query. OCS Inventory NG Server version 1.3b3 is affected.
  • Ref: http://www.securityfocus.com/bid/38005

  • 10.6.54 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Joomla! "com_rsgallery2" Component "catid" Parameter SQL Injection
  • Description: The "com_rsgallery2" application is a PHP-based component for the Joomla! content manager. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "catid" parameter before using it in an SQL query. A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
  • Ref: http://www.securityfocus.com/bid/38009

  • 10.6.55 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Joomla! "com_simplefaq" Component "catid" Parameter SQL Injection
  • Description: The "com_simplefaq" application is a PHP-based component for the Joomla! content manager. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "catid" parameter before using it in an SQL query. A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
  • Ref: http://www.securityfocus.com/bid/38015

  • 10.6.56 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Joomla! "com_dms" Component "category_id" Parameter SQL Injection
  • Description: The "com_dms" application is a PHP-based component for the Joomla! content manager. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "category_id" parameter before using it in an SQL query. A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
  • Ref: http://www.securityfocus.com/bid/38017

  • 10.6.57 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Evernew Free Joke Script "id" Parameter SQL Injection
  • Description: Free Joke Script is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "viewjokes.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/38020

  • 10.6.58 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Joomla! "com_yelp" Component "cid" Parameter SQL Injection
  • Description: The "com_yelp" application is a PHP-based component for the Joomla! content manager. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "cid" parameter before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/38022

  • 10.6.59 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Joomla! Documents Seller Component "category_id" Parameter SQL Injection
  • Description: Documents Seller is a PHP-based component for the Joomla! content manager. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "category_id" parameter of "com_dms" before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/38024/references

  • 10.6.60 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Joomla! "com_job" Component "id_job" Parameter SQL Injection
  • Description: The "com_job" component is a PHP-based application for the Joomla! content manager. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id_job" parameter before using it an SQL query.
  • Ref: http://www.securityfocus.com/bid/38031

  • 10.6.61 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Joomla! JE Quiz Component "eid" Parameter SQL Injection
  • Description: JE Quiz is a PHP-based component for the Joomla! content manager. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "eid" parameter of "com_jequizmanagement" before using it in an SQL query. JE Quiz version 1.b01 is affected.
  • Ref: http://www.securityfocus.com/bid/38032

  • 10.6.62 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Joomla! "com_gambling" Component "gamblingEvent" Parameter SQL Injection
  • Description: The "com_gambling" application is a PHP-based component for the Joomla! content manager. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "gamblingEvent" parameter before using it in an SQL query.
  • Ref: http://www.securityfocus.com/archive/1/509292

  • 10.6.63 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Joomla! JEvents Search Plug-in "eventsearch.php" SQL Injection
  • Description: The JEvents search plugin is a PHP-based component for the Joomla! content manager. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data in the "plgSearchEventsearch::onSearch()" function of the "eventsearch.php" file before using it in an SQL query. JEvents search plug-in versions prior to 1.5.3b are affected.
  • Ref: http://www.jevents.net/forum/viewtopic.php?f=17&t=3910#p15526

  • 10.6.64 - CVE: Not Available
  • Platform: Web Application
  • Title: Drupal Author Contact Module "block" HTML Injection
  • Description: Author Contact is a PHP-based component for the Drupal content manager. The module is exposed to an HTML injection issue because it fails to properly sanitize parts of provided blocks. Author Contact versions 5.x-1.2 (and prior) and 6.x-1.2 (and prior) are affected.
  • Ref: http://drupal.org/node/697156

  • 10.6.65 - CVE: Not Available
  • Platform: Web Application
  • Title: Drupal Feedback 2 Module User Agent String HTML Injection
  • Description: Feedback 2 is a PHP-based component for the Drupal content manager. The module is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input. Specifically, the module fails to sanitize User Agent data received via the "Browscap" module. This issue can be exploited when Feedback 2 is used in conjunction with the "Browscap" module. Feedback 2 versions prior to 5.x-2.1 and 6.x-2.1 are affected.
  • Ref: http://drupal.org/node/690856

  • 10.6.66 - CVE: Not Available
  • Platform: Web Application
  • Title: Joomla! "com_ccnewsletter" Component Directory Traversal
  • Description: The "com_ccnewsletter" component is a PHP-based application for the Joomla! content manager. The application is exposed to a directory traversal issue because it fails to sufficiently sanitize user-supplied input to the "controller" parameter of the "com_ccnewsletter" component.
  • Ref: http://www.securityfocus.com/bid/37987

  • 10.6.67 - CVE: Not Available
  • Platform: Web Application
  • Title: XAMPP "showcode.php" Local File Include
  • Description: XAMPP is a package bundle containing the Apache web server, MySQL, PHP, Perl, FTP server, and phpMyAdmin. The application is exposed to a local file include issue because it fails to sufficiently sanitize user-supplied input to the "file" parameter of the "showcode.php" script. XAMPP versions 1.6.8 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/37999

  • 10.6.68 - CVE: Not Available
  • Platform: Web Application
  • Title: Maian Greetings Arbitrary File Upload
  • Description: Maian Greetings is a PHP-based ecard application. The application is exposed to an issue that lets attackers upload arbitrary files because it fails to adequately sanitize file extensions before uploading files to the web server through the "index.php" script. Maian Greetings version 2.1 is affected.
  • Ref: http://www.securityfocus.com/bid/38008

  • 10.6.69 - CVE: Not Available
  • Platform: Web Application
  • Title: Xerox WorkCentre PJL Daemon Buffer Overflow
  • Description: Xerox WorkCentre is a web capable printer and photocopier. Xerox WorkCentre is exposed to a buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. The vulnerability affects the PJL daemon when handling excessive amounts of data. Attackers can exploit this issue to execute arbitrary code with the privileges of the application or crash the affected application. Xerox WorkCentre version 4150 is affected.
  • Ref: http://www.securityfocus.com/archive/1/509275

  • 10.6.70 - CVE: Not Available
  • Platform: Web Application
  • Title: Joomla! "com_jeeventcalendar" Component "event_id" Parameter SQL Injection
  • Description: The "com_jeeventcalendar" application is a PHP-based component for the Joomla! content manager. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "event_id" parameter before using it in an SQL query. A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
  • Ref: http://www.securityfocus.com/bid/38012

  • 10.6.71 - CVE: Not Available
  • Platform: Web Application
  • Title: MoinMoin Unspecified Security
  • Description: MoinMoin is a freely available, open source wiki written in Python. It is available for UNIX and Linux platforms. MoinMoin is exposed to an unspecified security issue. MoinMoin versions 1.5.0 through 1.9.1 are affected.
  • Ref: http://moinmo.in/SecurityFixes

  • 10.6.72 - CVE: Not Available
  • Platform: Web Application
  • Title: Drupal MP3 Player MP3 Filename HTML Injection
  • Description: MP3 Player is a PHP-based component for the Drupal content manager. The module is exposed to an HTML injection issue because it fails to properly sanitize MP3 filenames. To exploit this issue, an attacker must be able to create nodes. MP3 Player version 6.x-1.0 is affected.
  • Ref: http://seclists.org/fulldisclosure/2010/Feb/1

  • 10.6.73 - CVE: Not Available
  • Platform: Web Application
  • Title: TYPO3 T3Blog HTML Forms Cross-Site Scripting and SQL Injection Vulnerabilities
  • Description: T3Blog is a PHP-based blog component for TYPO3. The application is exposed to multiple cross-site scripting and SQL injection issues because it fails to sanitize user-supplied input to HTML forms. TYPO3 T3Blog versions 0.6.2 and earlier are affected. Ref: http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-002/

  • 10.6.74 - CVE: Not Available
  • Platform: Web Application
  • Title: Joomla! AutartiTarot Component Directory Traversal
  • Description: The AutartiTarot component is a PHP-based application for the Joomla! content manager. The application is exposed to a directory traversal issue because it fails to sufficiently sanitize user-supplied input to the "controller" parameter of the "com_autartitarot" component. Remote attackers may use a specially crafted request with directory traversal sequences ('../') to retrieve arbitrary files from the affected system in the context of the application.
  • Ref: http://www.securityfocus.com/bid/38034

  • 10.6.75 - CVE: CVE-2010-0464
  • Platform: Web Application
  • Title: RoundCube Webmail DNS prefetching Domain Name Information Disclosure
  • Description: RoundCube Webmail is a web-based IMAP client implemented in PHP. RoundCube Webmail is exposed to an information disclosure issue because the browser used by the application performs DNS prefetching on domain names contained in email messages. An attacker can exploit this issue by sending an email containing embedded links.
  • Ref: http://trac.roundcube.net/ticket/1486449

(c) 2010. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge by the SANS Institute to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.