Last day to save $500 for SANS San Diego 2013

@RISK: The Consensus Security Vulnerability Alert

Volume: IX, Issue: 7
February 11, 2010

SANS Newsletters Home

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Summary of Updates and Vulnerabilities in this Consensus
    • Platform Number of Updates and Vulnerabilities
    • - ------------------------ -------------------------------------
    • Windows
    • 9 (#4, #6, #9, #13)
    • Microsoft Office
    • 8 (#1, #5, #7)
    • Other Microsoft Products
    • 5 (#2, #3, #10)
    • Third Party Windows Apps
    • 8
    • Linux
    • 7
    • BSD
    • 1
    • Solaris
    • 1
    • Novell
    • 2
    • Cross Platform
    • 26 (#8, #11, #12)
    • Web Application - Cross Site Scripting
    • 5
    • Web Application - SQL Injection
    • 20
    • Web Application
    • 10

************************** Sponsored By Qualys **************************

How many security controls does it take to screw in a light bulb? Government agencies and industry experts recommend thousands of important controls to protect information, but which controls can make the biggest impact? How do audit groups know which controls make the biggest impact and should be the priorities of their assessments? A new initiative by leading US government and private sector groups was formed in 2009 to address these issues via the Top 20 Critical Controls. Join SANS instructor James Tarala and sponsor Qualys for an informative webcast on how to prioritize a security audit program using these automated controls.

https://www.sans.org/info/54698

**************************************************************************

TRAINING UPDATE

- -- SANS Phoenix, February 14 -February 20, 2010 6 courses and bonus evening presentations, including The Art of Incident Response and Advanced Forensic Techniques: Catching Hackers on the Wire

https://www.sans.org/phoenix-2010/index.php

- -- SANS 2010, Orlando, March 6 - March 15, 2010 38 courses and bonus evening presentations, including Software Security Street Fighting Style

https://www.sans.org/sans-2010/index.php

- -- SANS Northern Virginia Bootcamp 2010, April 6-13 Bonus evening presentations include Safe Surfing: How to Surf the Net Without Getting PWND

https://www.sans.org/reston-2010/index.php

- -- SANS Security West 2010, San Diego, May 7-15, 2010 23 courses. Bonus evening presentations include Killer Bee: Exploiting ZigBee and the Kinetic World

https://www.sans.org/security-west-2010/index.php

- -- SANSFIRE 2010, Baltimore, June 6-14, 2010 38 courses

https://www.sans.org/sansfire-2010/index.php

Looking for training in your own community?

https://sans.org/community/index.php

Save on On-Demand training (30 full courses) - See samples at

https://www.sans.org/ondemand/index.php

Plus, Oslo and Dublin all in the next 30 days. For a list of all upcoming events, on-line and live:

http://www.sans.org

*************************************************************************

Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Windows
Microsoft Office
Other Microsoft Products
Third Party Windows Apps
Linux
BSD
Solaris
Novell
Cross Platform
Web Application - Cross Site Scripting
Web Application - SQL Injection
Web Application

**************************** Sponsored Link: ****************************

1) Get real-world forensic techniques from industry-recognized experts at the 2010 European Community Digital Forensics & Incident Response Summit April 19-20 in London. http://www.sans.org/info/54699 *************************************************************************

PART I Critical Vulnerabilities

Critical Vulnerabilities Part I for this issue has been compiled by Rohan Kotian at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software
  • (2) CRITICAL: Microsoft Windows ShellExecute API URL Validation Vulnerability (MS10-007)
  • Affected:
    • Microsoft Windows 2000 Service Pack 4
    • Windows XP Service Pack 2 and Windows XP Service Pack 3
    • Windows XP Professional x64 Edition Service Pack 2
    • Windows Server 2003 Service Pack 2
    • Windows Server 2003 x64 Edition Service Pack 2
    • Windows Server 2003 with SP2 for Itanium-based Systems

  • Description: ShellExecute, a part of Windows Shell application programming interface (API) functions, is used to perform different operation on the given file. A vulnerability has been identified in ShellExecute API, which can exploited by attackers to execute binaries on the local client system. The specific flaw is caused by ShellExecute API incorrectly validating the data streams sent to the ShellExecute API function. An application like Web browser uses the ShellExecute API function and so an attacker can use a specially crafted web page to trigger this vulnerability and execute binaries of their choice. Some technical details for this vulnerability are available publicly.

  • Status: Vendor confirmed, updates available.

  • References:
  • (3) CRITICAL: Microsoft DirectShow Heap Overflow Vulnerability (MS10-013)
  • Affected:
    • Microsoft Windows 2000 Service Pack 4
    • Microsoft Windows 2000 Service Pack 4
    • Windows XP Service Pack 2 and Windows XP Service Pack 3
    • Windows XP Service Pack 2 and Windows XP Service Pack 3
    • Windows XP Professional x64 Edition Service Pack 2
    • Windows XP Professional x64 Edition Service Pack 2
    • Windows Server 2003 Service Pack 2
    • Windows Server 2003 Service Pack 2
    • Windows Server 2003 x64 Edition Service Pack 2
    • Windows Server 2003 x64 Edition Service Pack 2
    • Windows Server 2003 for Itanium-based Systems
    • Windows Server 2003 with SP2 for Itanium-based Systems
    • Windows Server 2003 with SP2 for Itanium-based Systems
    • Windows Vista, Windows Vista Service Pack 1 and Windows Vista Service Pack 2
    • Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition Service Pack 2 Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2
    • Windows 7 for 32-bit Systems
    • Windows 7 for x64-based Systems
    • Windows Server 2008 R2 for x64-based Systems
    • Windows Server 2008 R2 for Itanium-based Systems

  • Description: Microsoft DirectShow is an architecture for streaming media on Microsoft Windows platform and is used for capture and playback of multimedia streams. A heap overflow vulnerability has reported been in Microsoft DirectShow which can be triggered by a specially crafted .AVI file. The specific flaw is caused by an error in that way a certain type of video stream contained in .AVI file is decompressed. This might lead to heap overflow, memory corruption and potential remote code execution. Some technical details for the vulnerability are available publicly.

  • Status: Vendor confirmed, updates available.

  • References:
  • (4) CRITICAL: Microsoft SMB Client Multiple Vulnerabilities (MS10-006)
  • Affected:
    • Microsoft Windows 2000 Service Pack 4
    • Windows XP Service Pack 2 and Windows XP Service Pack 3
    • Windows XP Professional x64 Edition Service Pack 2
    • Windows Server 2003 Service Pack 2
    • Windows Server 2003 x64 Edition Service Pack 2
    • Windows Server 2003 with SP2 for Itanium-based Systems
    • Windows Vista and Windows Vista Service Pack 1
    • Windows Vista Service Pack 2
    • Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1
    • Windows Vista x64 Edition Service Pack 2
    • Windows Server 2008 for 32-bit Systems*
    • Windows Server 2008 for 32-bit Systems Service Pack 2*
    • Windows Server 2008 for x64-based Systems*
    • Windows Server 2008 for x64-based Systems Service Pack 2*
    • Windows Server 2008 for Itanium-based Systems
    • Windows Server 2008 for Itanium-based Systems Service Pack 2
    • Windows 7 for 32-bit Systems
    • Windows 7 for x64-based Systems
    • Windows Server 2008 R2 for x64-based Systems*
    • Windows Server 2008 R2 for Itanium-based Systems

  • Description: Microsoft Server Message Block (SMB) is a network file sharing protocol used in Microsoft Windows and multiple vulnerabilities have been identified in SMB Client. The first issue is caused by an error in Microsoft SMB client-side in the way it improperly handles race condition that might happen during the handling of SMB Negotiate responses. Successful exploitation of this vulnerability might lead to remote code execution on Windows 7 and Windows Server 2008 R2, but on Windows Vista and Windows Server 2008 it might lead to elevation of privilege. The second issue is caused by an error in Microsoft client implementation, in the way it improperly validates some fields in the SMB responses. Successful exploitation might lead to pool corruption and eventually to remote code execution. Full technical details for some of these vulnerabilities are publicly available.

  • Status: Vendor confirmed, updates available.

  • References:
  • (5) CRITICAL: Microsoft Data Analyzer ActiveX Control Code Execution Vulnerability (MS10-008)
  • Affected:
    • Microsoft Windows 2000 Service Pack 4
    • Windows XP Service Pack 2 and Windows XP Service Pack 3
    • Windows XP Professional x64 Edition Service Pack 2
    • Windows Server 2003 Service Pack 2
    • Windows Server 2003 x64 Edition Service Pack 2
    • Windows Server 2003 with SP2 for Itanium-based Systems
    • Windows Vista, Windows Vista Service Pack 1, and Windows Vista Service Pack 2
    • Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition Service Pack 2
    • Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2**
    • Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2**
    • Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2
    • Windows 7 for 32-bit Systems
    • Windows 7 for x64-based Systems
    • Windows Server 2008 R2 for x64-based Systems**
    • Windows Server 2008 R2 for Itanium-based Systems

  • Description: Microsoft Data Analyzer ActiveX Control can be used to allow programmatic controls of Data Analyzer from COM based development applications. A vulnerability has been identified in Microsoft Data Analyzer ActiveX Control that may lead to corruption of the system state. A specially crafted web page, when accessed by Internet Explorer, can be used to trigger this vulnerability. Successful exploitation of this vulnerability might allow an attacker to execute arbitrary code in the context of the logged on user. The vendor has released an update that effectively disables the Microsoft ActiveX controls by setting a killbit to the Class Identifier (E0ECA9C3-D669-4EF4-8231-00724ED9288F). Some technical details for the vulnerability are publicly available.

  • Status: Vendor confirmed, updates available.

  • References:
  • (6) CRITICAL: Microsoft Windows TCP/IP Implementation Multiple Vulnerabilities (MS10-009)
  • Affected:
    • Windows Vista, Windows Vista Service Pack 1, and Windows Vista Service Pack 2
    • Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition Service Pack 2
    • Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2*
    • Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2*
    • Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2

  • Description: Multiple vulnerabilities have been identified in Microsoft's TCP/IP stack, a set of networking protocols used widely on the Internet. The first issue is a boundary error in the TCP/IP stack caused by the way it improperly processes specially crafted ICMPv6 Router Advertisement packets. The second issue is an error in TCP/IP stack caused by the way it improperly handles specially crafted Encapsulating Security Payloads (ESP) over UDP datagram fragments. The third issue is a boundary error in the TCP/IP stack caused by the way it improperly processes specially crafted ICMPv6 Route Information packets. The fourth issue is a denial of service vulnerability in the TCP/IP stack caused by improper handling of malformed TCP Selective Acknowledgement (SACK) values. Some technical details for some of the vulnerabilities are publicly available.

  • Status: Vendor confirmed, updates available.

  • References:
  • (7) HIGH: Microsoft Office "MSO.DLL" Buffer Overflow Vulnerability (MS10-003)
  • Affected:
    • Microsoft Office XP Service Pack 3
    • Microsoft Office 2004 for Mac

  • Description: Microsoft Office, especially Excel 9 (Office 2000) and Excel 10 (Office XP), has a buffer overflow vulnerability. A malformed Office file can be used to trigger this vulnerability. The specific flaw is a boundary error in "MSO.DLL" in the way it parses "OfficeArtSpgr" (recType 0xF003) containers, as it may lead to class pointers being interpreted incorrectly. Successful exploitation might allow an attacker to execute arbitrary code in the context of the logged on user. User interaction is needed to exploit this vulnerability since, in most configurations; users will be prompted before opening the potentially malicious Office files. Some technical details for the vulnerability are publicly available.

  • Status: Vendor confirmed, updates available.

  • References:
  • (8) HIGH: Oracle Database Multiple Vulnerabilities
  • Affected:
    • Oracle Oracle11g Standard Edition 11.1 6
    • Oracle Oracle11g Standard Edition 11.1 6
    • Oracle Oracle11g Standard Edition 11.1 .7
    • Oracle Oracle11g Standard Edition 11.2.0.1.0
    • Oracle Oracle11g Enterprise Edition 11.1 7
    • Oracle Oracle11g Enterprise Edition 11.1 6
    • Oracle Oracle11g Enterprise Edition 11.2.0.1.0

  • Description: Two vulnerabilities have been reported in Oracle Database, relational database management system developed by Oracle corporation. The first issue allows attackers to grant arbitrary Java permissions. The specific flaw is in PL/SQL package called DBMS_JVM_EXP_PERMS, which is used for importing and exporting Java permissions and is executable by PUBLIC. So an attacker can create their own policy table via a procedure IMPORT_JVM_PERMS within the package. The second issue can allow an attacker to carry out SQL Injection attacks. The specific flaw is in the two functions, SET_OUTPUT_TO_JAVA and SET_OUTPUT_TO_SQL, in DBMS_JAVA package since they take SQL statements as some parameters. Successful exploitation might allow an attacker to gain DBA user privileges. Full technical details for the vulnerabilities are available publicly.

  • Status: Vendor confirmed, no updates available.

  • References:
  • (9) MODERATE: Microsoft SMB Server Multiple Vulnerabilities (MS10-012)
  • Affected:
    • Microsoft Windows 2000 Service Pack 4
    • Windows XP Service Pack 2 and Windows XP Service Pack 3
    • Windows XP Professional x64 Edition Service Pack 2
    • Windows Server 2003 Service Pack 2
    • Windows Server 2003 x64 Edition Service Pack 2
    • Windows Server 2003 with SP2 for Itanium-based Systems
    • Windows Vista, Windows Vista Service Pack 1, and Windows Vista Service Pack 2
    • Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition Service Pack 2
    • Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2*
    • Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2*
    • Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2
    • Windows 7 for 32-bit Systems
    • Windows 7 for x64-based Systems
    • Windows Server 2008 R2 for x64-based Systems*
    • Windows Server 2008 R2 for Itanium-based Systems

  • Description: Microsoft Server Message Block (SMB) is a network file sharing protocol used in Microsoft Windows and multiple vulnerabilities have been identified in it. The first issue is a buffer overflow vulnerability caused by Microsoft SMB implementation inadequately validating malformed SMB requests that have overlong Pathname. The second issue is a denial of service vulnerability caused by Microsoft SMB improperly handling a race condition that occurs while parsing specially crafted SMB packets during the Negotiate phase. The third issue is a denial of service vulnerability caused by improper verification of the share and server name fields in SMB packets. The fourth issue is privilege escalation vulnerability caused by the lack of cryptographic entropy when the SMB server generates challenges during authentication. Technical details for some of the vulnerabilities are publicly available.

  • Status: Vendor confirmed, updates available.

  • References:
  • (10) MODERATE: Microsoft Paint Integer Overflow Vulnerability (MS10-005)
  • Affected:
    • Microsoft Windows 2000 Service Pack 4
    • Windows XP Service Pack 2 and Windows XP Service Pack 3
    • Windows XP Professional x64 Edition Service Pack 2
    • Windows Server 2003 Service Pack 2
    • Windows Server 2003 x64 Edition Service Pack 2
    • Windows Server 2003 with SP2 for Itanium-based Systems

  • Description: Microsoft Paint is a graphics painting program developed by Microsoft and included in all versions of Windows. An integer overflow vulnerability has been identified in Microsoft paint and a specially crafted JPEG image can be used to trigger this vulnerability. The specific flaw is an integer overflow error in the way Microsoft paint decodes malformed JPEG images. Successful exploitation might allow an attacker to execute arbitrary code in the context of the affected application. Technical details for the vulnerability are not available publicly.

  • Status: Vendors confirmed, updates available.

  • References:
  • (12) MODERATE: Novell NetStorage Code Execution Vulnerability
  • Affected:
    • Novell NetStorage
    • Novell NetWare 6.5 Support Pack 8
    • Novell Open Enterprise Server 2 (OES 2) Linux Support Pack 1
    • Novell Open Enterprise Server 2 (OES 2) Linux Support Pack 2

  • Description: Novell Netstorage acts as a bridge between the Internet and a company's protected Novell network. A remote code execution vulnerability has been identified in Novell Netstorage which is caused by an unspecified error. Authentication is not required to exploit this vulnerability. No technical details are provided for this vulnerability.

  • Status: Vendor confirmed, updates available.

  • References:
  • (13) LOW: Microsoft Windows Kerberos Denial of Service Vulnerability (MS10-014)
  • Affected:
    • Microsoft Windows 2000 Server Service Pack 4
    • Windows Server 2003 Service Pack 2
    • Windows Server 2003 x64 Edition Service Pack 2
    • Windows Server 2003 with SP2 for Itanium-based Systems
    • Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2*
    • Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2*

  • Description: Kerberos, a network authentication protocol, has been reported with a denial of service vulnerability in the Microsoft Windows implementations. The specific flaw is a NULL pointer dereference error caused by improper handling of Ticket-Granting-Ticket renewal requests that come from a client on a remote, non-Windows realm and in a mixed-mode Kerberos implementation. A specially crafted renewal requests can be used to trigger this vulnerability. Some technical details for this vulnerability are available publicly.

  • Status: Vendor confirmed, updates available.

  • References:
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 7, 2010

-- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com) Week 07, 2010 This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 7982 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely. ______________________________________________________________________

  • 10.7.1 - CVE: CVE-2010-0233
  • Platform: Windows
  • Title: Microsoft Windows Double Free Memory Corruption Local Privilege Escalation
  • Description: Microsoft Windows is prone to a local privilege escalation vulnerability that occurs in the kernel. Specifically, the kernel fails to correctly reset a pointer when freeing memory, causing a double free condition.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS10-015.mspx
  • 10.7.2 - CVE: CVE-2010-0020
  • Platform: Windows
  • Title: Microsoft Windows SMB Pathname Remote Buffer Overflow
  • Description: Server Message Block (SMB) is an application layer network protocol. It provides shared access to resources such as files, printers and ports on a network. Microsoft Windows is exposed to a remote code execution issue because the SMB implementation fails to perform boundary checks on user-supplied data. Specifically, the issue arises when the software handles a specially crafted "pathname" in an SMB request.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS10-012.mspx
  • 10.7.3 - CVE: CVE-2010-0022
  • Platform: Windows
  • Title: Microsoft Windows SMB Null Pointer Remote Denial of Service
  • Description: Server Message Block (SMB) is an application layer network protocol. It provides shared access to resources such as files, printers and ports on a network. Microsoft Windows is exposed to a remote denial of service issue when handling a NULL pointer. Specifically, the issue arises when the software handles a specially crafted SMB packet containing malformed "share" and "servername" fields.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS10-012.mspx
  • 10.7.4 - CVE: CVE-2010-0021
  • Platform: Windows
  • Title: Microsoft Windows SMB Memory Corruption Remote Denial of Service
  • Description: Server Message Block (SMB) is an application layer network protocol that provides shared access to resources such as files, printers, and ports on a network. Microsoft Windows is exposed to a remote denial of service issue when handling specially crafted SMB packets.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS10-012.mspx
  • 10.7.5 - CVE: CVE-2010-0240
  • Platform: Windows
  • Title: Microsoft Windows Header MDL Fragmentation Remote Code Execution
  • Description: TCP/IP is the set of network protocols used for the Internet. The Microsoft Windows implementation of TCP/IP is exposed to a remote code execution issue because the TCP/IP stack fails to properly handle specially crafted Encapsulating Security Payload data. This issue affects computers with a custom network driver installed that splits the UDP header into multiple MDLs.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS10-009.mspx
  • 10.7.6 - CVE: CVE-2010-0242
  • Platform: Windows
  • Title: Microsoft Windows TCP/IP Selective Acknowledgement Remote Denial of Service
  • Description: TCP/IP is the set of network protocols used for the Internet. The Microsoft Windows implementation of TCP/IP is exposed to a remote denial of service issue because the TCP/IP stack fails to properly handle specially crafted TCP packets with a malformed selective acknowledgment value.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS10-009.mspx
  • 10.7.7 - CVE: CVE-2010-0231
  • Platform: Windows
  • Title: Microsoft Windows SMB NTLM Authentication Unauthorized Access
  • Description: Server Message Block (SMB) is an application layer network protocol that provides shared access to resources such as files, printers and ports on a network. The NTLM authentication routines of SMB are exposed to an unauthorized access issue. Specifically, this issue arises because of a lack of entropy used in the NTLM challenge created by a server. Successful attacks may allow the attacker to gain access to network resources and carry out other attacks.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS10-012.mspx
  • 10.7.8 - CVE: CVE-2010-0023
  • Platform: Windows
  • Title: Microsoft Windows Client/Server Run-time Subsystem Local Privilege Escalation
  • Description: The Microsoft Windows Client/Server Run-time Subsystem (CSRSS) is a Windows component used to manage user processes. CSRSS is exposed to a local privilege escalation issue. Specifically, it may fail to terminate some user processes when the user logs out. An attacker could exploit this issue by running a malicious process and then signing out. If a second user subsequently logs in, the attacker's process may execute arbitrary code with the privileges of the second user.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS10-011.mspx
  • 10.7.9 - CVE: CVE-2010-0035
  • Platform: Windows
  • Title: Microsoft Windows Kerberos "Ticket-Granting-Ticket" Remote Denial of Service
  • Description: Microsoft Windows contains support for authentication using the Kerberos protocol, which is used to authenticate users in an Active Directory domain. Windows is exposed to a remote denial of service issue that occurs when handling crafted "Ticket-Granting-Ticket" renewal requests by a client on a remote server. The server must be a non-Windows realm in a mixed-mode Kerberos implementation.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS10-014.mspx
  • 10.7.10 - CVE: CVE-2010-0252
  • Platform: Microsoft Office
  • Title: Microsoft Data Analyzer "max3activex.dll" ActiveX Control Remote Code Execution
  • Description: The Microsoft Data Analyzer is an ActiveX control for data analysis. The control is included in Microsoft Excel. Data Analyzer is exposed to a remote code execution issue that occurs when the control is instantiated in Internet Explorer.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS10-008.mspx
  • 10.7.11 - CVE: CVE-2010-0243
  • Platform: Microsoft Office
  • Title: Microsoft Office "OfficeArtSpgr" Container Pointer Overwrite Remote Code Execution
  • Description: Microsoft Office is prone to a remote code execution vulnerability. The issue occurs in the "MSO.DLL" library file when affected applications parse a crafted Office file. Specifically, this issue is triggered when processing crafted "OfficeArtSpgr" containers. This can cause a class pointer to be interpreted incorrectly and in turn allow arbitrary code to run.
  • Ref: http://www.coresecurity.com/content/excel-buffer-overflow
  • 10.7.12 - CVE: CVE-2010-0029
  • Platform: Microsoft Office
  • Title: Microsoft PowerPoint File Path Handling Remote Code Execution
  • Description: Microsoft PowerPoint is a presentation application. PowerPoint is exposed to a remote code execution issue because it fails to properly perform boundary checks on user-supplied data. A stack-based buffer overflow can be triggered when PowerPoint opens a specially crafted file containing malformed file path data.
  • Ref: http://www.securityfocus.com/archive/1/509466
  • 10.7.13 - CVE: CVE-2010-0030
  • Platform: Microsoft Office
  • Title: Microsoft PowerPoint "LinkedSlideAtom" Heap Overflow Remote Code Execution
  • Description: Microsoft PowerPoint is a presentation application. PowerPoint is exposed to a remote code execution issue because it fails to properly perform boundary checks on user-supplied data. A heap-based buffer overflow error can be triggered when PowerPoint opens a specially crafted file containing malformed "LinkedSlideAtom" data.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS10-004.mspx
  • 10.7.14 - CVE: CVE-2010-0031
  • Platform: Microsoft Office
  • Title: Microsoft PowerPoint "OEPlaceholderAtom" Record Invalid Index Remote Code Execution
  • Description: Microsoft PowerPoint is a presentation application. PowerPoint is exposed to a remote code execution vulnerability because it fails to properly perform boundary checks on user-supplied data. An invalid array indexing error can be triggered when PowerPoint opens a specially crafted file containing a malformed "OEPlaceholderAtom" record with "placementId" index data.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS10-004.mspx
  • 10.7.15 - CVE: CVE-2010-0032
  • Platform: Microsoft Office
  • Title: Microsoft PowerPoint "OEPlaceholderAtom" Record Corrupt Memory Remote Code Execution
  • Description: Microsoft PowerPoint is a presentation application. PowerPoint is exposed to a remote code execution issue because it fails to properly validate user-supplied data. When PowerPoint opens a specially crafted file containing malformed "OEPlaceholderAtom" record data, a use-after-free error can occur and memory can become corrupted.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS10-004.mspx
  • 10.7.16 - CVE: CVE-2010-0033
  • Platform: Microsoft Office
  • Title: Microsoft PowerPoint Viewer TextBytesAtom Record Stack Overflow Remote Code Execution
  • Description: Microsoft PowerPoint is a presentation application. PowerPoint Viewer lets users view presentations created in PowerPoint 97 and later versions. PowerPoint Viewer is exposed to a remote code execution issue because it fails to properly perform boundary checks on user-supplied data. A stack-based buffer overflow can be triggered when PowerPoint Viewer opens a specially crafted file containing malformed "TextBytesAtom" record data.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS10-004.mspx
  • 10.7.17 - CVE: CVE-2010-0034
  • Platform: Microsoft Office
  • Title: Microsoft PowerPoint Viewer TextCharsAtom Record Stack Overflow Remote Code Execution
  • Description: Microsoft PowerPoint is a presentation application. PowerPoint Viewer lets users view presentations created in PowerPoint 97 and later versions. PowerPoint Viewer is exposed to a remote code execution issue because it fails to properly perform boundary checks on user-supplied data. A stack-based buffer overflow can be triggered when PowerPoint Viewer opens a specially crafted file containing malformed "TextCharsAtom" record data.
  • Ref: http://dvlabs.tippingpoint.com/advisory/TPTI-10-02
  • 10.7.18 - CVE: CVE-2010-0255
  • Platform: Other Microsoft Products
  • Title: Microsoft Internet Explorer Dynamic Object Tag Information Disclosure
  • Description: Microsoft Internet Explorer is a Web browser. Internet Explorer is exposed to an information disclosure issue because the browser allows attackers to gain access to content contained in the "index.dat" file through a dynamic object.
  • Ref: http://www.securityfocus.com/archive/1/509345
  • 10.7.19 - CVE: CVE-2010-0255
  • Platform: Other Microsoft Products
  • Title: Microsoft Internet Explorer URLMON Sniffing Cross-Domain Information Disclosure
  • Description: Microsoft Internet Explorer is a Web browser. The browser is exposed to a cross-domain information disclosure issue because it fails to properly enforce the same-origin policy. This issue occurs because the browser fails to prevent local content from being rendered as HTML.
  • Ref: http://www.securityfocus.com/archive/1/509345
  • 10.7.20 - CVE: CVE-2010-0028
  • Platform: Other Microsoft Products
  • Title: Microsoft Paint JPEG Image Processing Integer Overflow
  • Description: Microsoft Paint is a graphics application available for Microsoft Windows. Paint is exposed to a remote integer overflow issue that occurs when decoding JPEG image files. An attacker can exploit this issue by enticing an unsuspecting victim to open a specially crafted JPEG file.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS10-005.mspx
  • 10.7.21 - CVE: CVE-2010-0250
  • Platform: Other Microsoft Products
  • Title: Microsoft DirectX DirectShow AVI File Parsing Remote Code Execution
  • Description: Microsoft DirectX is a multimedia API for Microsoft Windows. DirectShow is a component of DirectX used for streaming media. The DirectShow component is exposed to a remote code execution vulnerability. Specifically, a heap-based buffer overflow occurs when processing a specially crafted AVI file.
  • Ref: http://www.zerodayinitiative.com/advisories/ZDI-10-015/
  • 10.7.22 - CVE: CVE-2010-0026
  • Platform: Other Microsoft Products
  • Title: Microsoft Hyper-V Local Denial of Service
  • Description: Microsoft Hyper-V is a hypervisor-based technology used to provide a virtualization platform. Microsoft Hyper-V is exposed to a local denial of service issue that occurs because the software fails to properly validate a specific sequence of machine instructions inside a guest virtual machine.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS10-010.mspx
  • 10.7.23 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: AOL 9.5 "waol.exe" vCard (.vcf) File Heap Buffer Overflow
  • Description: AOL 9.5 is used by subscribers of AOL's network service. The application is exposed to a heap-based buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input. This issue occurs when the "waol.exe" binary handles malformed vCard (.vcf) files.
  • Ref: http://www.securityfocus.com/archive/1/509344
  • 10.7.24 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: DigitalAmp ".mp3" File Buffer Overflow
  • Description: DigitalAmp is a multimedia player available for Microsoft Windows. DigitalAmp is exposed to a buffer overflow issue because it fails to perform adequate checks on user-supplied input. Specifically, this issue occurs when opening a specially crafted ".mp3" file. DigitalAmp version 3.1 is affected.
  • Ref: http://www-01.ibm.com/support/docview.wss?uid=swg21417839
  • 10.7.25 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: FoxMediaTools FoxPlayer ".m3u" File Buffer Overflow
  • Description: FoxMediaTools FoxPlayer is a multimedia player available for Microsoft Windows. The application is exposed to a buffer overflow issue because it fails to perform adequate checks on user-supplied input. Specifically, this issue occurs when opening a specially crafted ".m3u" file. FoxPlayer version 1.7.0 is affected.
  • Ref: http://www.securityfocus.com/bid/38127
  • 10.7.26 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: httpdx "USER" Command Remote Format String
  • Description: The "httpdx" program is an HTTP/FTP server for Microsoft Windows. The application is exposed to a remote format string issue because it fails to properly sanitize user-supplied input before passing it as the format specifier to a formatted printing function. Specifically the issue occurs when the FTP server processes the "USER" command. httpdx version 1.5.2 is affected.
  • Ref: http://www.securityfocus.com/bid/38135
  • 10.7.27 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Google Desktop Gadget ActiveX Control Unspecified Security
  • Description: Google Desktop Gadgets are applications that allow users to customize their desktops. The Google Desktop Gadget ActiveX control is exposed to an unspecified security issue. Attackers may exploit this issue by enticing an unsuspecting victim to view a malicious webpage. Google Desktop Gadget version 5.8 is affected.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS10-008.mspx
  • 10.7.28 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Facebook Photo Updater ActiveX Control Unspecified Security
  • Description: Facebook Photo Updater is an application that allows users to update their Facebook photos. Facebook Photo Updater ActiveX control is exposed to an unspecified security issue. Attackers may exploit this issue by enticing an unsuspecting victim to view a malicious webpage. Facebook Photo Updater version 5.5.8 is affected.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS10-008.mspx
  • 10.7.29 - CVE: CVE-2009-3735
  • Platform: Third Party Windows Apps
  • Title: PandaActiveScan Installer ActiveX Control Unspecified Security
  • Description: PandaActiveScan Installer is an application that scans ActiveX controls before installing them. PandaActiveScan Installer ActiveX control is exposed to an unspecified security issue. Attackers may exploit this issue by enticing an unsuspecting victim to view a malicious webpage. PandaActiveScan Installer version 2.0 is affected.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS10-008.mspx
  • 10.7.30 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: UltraISO 9.3.6.2750 CCD and IMG File Buffer Overflow
  • Description: UltraISO is an application for handling CD/DVD images. It is available for Microsoft Windows. UltraISO is exposed to a remote buffer overflow issue because it fails to adequately bounds check user-supplied data before copying it to an insufficiently sized memory buffer. Specifically, this issue occurs when the application handles crafted CCD or IMG files. UltraISO version 9.3.6.2750 is affected.
  • Ref: http://www.securityfocus.com/bid/38163
  • 10.7.31 - CVE: Not Available
  • Platform: Linux
  • Title: Linux Kernel "drivers/connector/connector.c" Local Denial of Service
  • Description: The Linux kernel is exposed to a local denial of service issue because of a design error. Specifically, local users may send unlimited "NETLINK_CONNECTOR" messages to the kernel, possibly consuming excessive amounts of memory. This issue affects the "drivers/connector/connector.c" source file.
  • Ref: http://permalink.gmane.org/gmane.comp.security.oss.general/2546
  • 10.7.32 - CVE: CVE-2010-0309
  • Platform: Linux
  • Title: Linux Kernel KVM "/dev/port" Device Local Denial of Service
  • Description: The Linux kernel is exposed to a local denial of service issue that affects the "pit_ioport_read()" function in the "arch/x86/kvm/i8254.c" file and occurs when attempting to read from the "/dev/port" device in a KVM guest.
  • Ref: https://bugzilla.redhat.com/show_bug.cgi?id=560887
  • 10.7.33 - CVE: CVE-2010-0411
  • Platform: Linux
  • Title: SystemTap "__get_argv()" and "__get_compat_argv()" Local Memory Corruption Vulnerabilities
  • Description: SystemTap is a data collection utility for analyzing a running Linux kernel. SystemTap is exposed to multiple local memory corruption issues that stem from logical errors in the "__get_argv()" and "__get_compat_argv()" functions of the "tapset/aux_syscalls.stp" source file. SystemTap version 1.1 is affected.
  • Ref: https://bugzilla.redhat.com/show_bug.cgi?id=559719
  • 10.7.34 - CVE: CVE-2010-0415
  • Platform: Linux
  • Title: Linux Kernel "do_pages_move()" Local Information Disclosure
  • Description: The Linux kernel is exposed to a local information disclosure issue because kernel memory may be read in user space via the "node" value in the "do_pages_move()" function of the "mm/migrate.c" source file. This issue occurs because node tests in "node_state()" and "node_isset()" functions fail to explicitly test node ranges. Linux kernel versions 2.6.18 and earlier are affected.
  • Ref: http://comments.gmane.org/gmane.comp.security.oss.general/2566
  • 10.7.35 - CVE: CVE-2010-0297, CVE-2010-0298, CVE-2010-0306,CVE-2010-0309
  • Platform: Linux
  • Title: Linux Kernel KVM Multiple Privilege Escalation and Denial of Service Vulnerabilities
  • Description: The Linux kernel is exposed to multiple security issues in the Kernel based Virtual Machine (KVM): 1) A privilege escalation occurs in the x86 emulator implementation because it fails to check the current privilege level and the I/O privilege level. 2) A denial of service issue occurs in the Programmable Interval Timer emulation because it fails to validate the internal data structure "pit_state" when used in the "pit_ioport_read()" function. 3) A privilege escalation issue occurs in the USB pass through handling code. Linux kernel versions prior to 2.6.32-rc4 are affected.
  • Ref: http://www.securityfocus.com/bid/38158
  • 10.7.36 - CVE: Not Available
  • Platform: Linux
  • Title: Linux Kernel ptrace Race Condition Local Privilege Escalation
  • Description: The Linux kernel is exposed to a local privilege escalation issue because of a race condition. The issue occurs during a brief time window when a traced process is sent a SIGCONT by an antagonist, and the process needs to sleep to be traced. If "ptrace" is called during this time with PTRACE_SYSCALL, "ptrace" returns an error value of -ESRCH.
  • Ref: http://patchwork.kernel.org/patch/77861/
  • 10.7.37 - CVE: Not Available
  • Platform: Linux
  • Title: Linux Kernel PI Futex Invalid Pointer Dereference Local Denial of Service
  • Description: The Linux kernel is exposed to a local denial of service issue that stems from an invalid pointer dereference. Specifically, if a Priority Inheritance futex NULL pointer is reacquired, an invalid state on unlock can trigger a dereference error. This issue affects the "wake_futex_pi()" function in the "kernel/futex.c" source file. Linux kernel version 2.6.17 is affected.
  • Ref: https://bugzilla.redhat.com/show_bug.cgi?id=563091
  • 10.7.38 - CVE: Not Available
  • Platform: BSD
  • Title: NetBSD "azalia(4)" and "hdaudio(4)" Kernel Local Denial of Service Vulnerabilities
  • Description: The NetBSD kernel is prone to multiple local denial of service issues because it fails to properly verify user-supplied input. These issues affect the "azalia_query_devinfo()" function of the "azalia(4)" driver and the "hdaudio_afg_set_port()" function of the "hdaudio(4)" driver. Ref: http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2010-003.txt.asc
  • 10.7.39 - CVE: Not Available
  • Platform: Solaris
  • Title: Oracle OpenSolaris Insecure Default Configuration kclient(1M)) and CIFS Security
  • Description: OpenSolaris is exposed to a security issue caused by an insecure default configuration. This issue occurs when either the Kerberos client utility (kclient(1M)) or the CIFS configuration utility (smbad(1M)) joins a Windows Active Directory domain. OpenSolaris versions snv_77 through snv_131 for smbadm(1M) and OpenSolaris snv_91 through snv_131 for klient(1m) are affected.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-275790-1
  • 10.7.40 - CVE: Not Available
  • Platform: Novell
  • Title: Novell NetStorage Unspecified Remote Code Execution
  • Description: Novell NetStorage is a network access server. Novell NetStorage is exposed to an unspecified remote code execution issue. An unauthenticated attacker can leverage this issue to execute arbitrary code within the context of the vulnerable application. Novell NetWare 6.5 Support Pack 8, Novell Open Enterprise Server 2, Linux Support Pack 1, Novell Open Enterprise Server 2 and Linux Support Pack 2 are affected.
  • Ref: http://www.novell.com/support/viewContent.do?externalId=7005282
  • 10.7.41 - CVE: Not Available
  • Platform: Novell
  • Title: Novell eDirectory eMBox SOAP Request Denial of Service
  • Description: Novell eDirectory is a directory service that is used to centrally manage computer resources on a network. eMBox is a service that is installed on the server as part of eDirectory. eDirectory is exposed to a denial of service issue when eMBox handles specially crafted SOAP requests. eDirectory versions prior to 8.8 SP5 Patch 3 are affected.
  • Ref: http://www.novell.com/support/viewContent.do?externalId=3426981
  • 10.7.42 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Trend Micro URL Filtering Engine Buffer Overflow
  • Description: Trend Micro OfficeScan is an integrated enterprise-level security product that protects against viruses, spyware, worms, and blended threats. OfficeScan URL filtering engine (TMUFE) is exposed to a buffer overflow issue because the application fails to properly bounds check user-supplied data when parsing URIs before copying the data into an insufficiently sized memory buffer. OfficeScan 8.0 Service Pack 1, OfficeScan 8.0 Service Pack 1 with Patch 1, OfficeScan 8.0 Service Pack 1 with Patch 2, OfficeScan 8.0 Service Pack 1 with Patch 3.1, and OfficeScan 8.0 Service Pack 1 with Patch 4 are affected. Ref: http://www.trendmicro.com/ftp/documentation/readme/OSCE_80_Win_SP1_Patch_5_en_readme.txt
  • 10.7.43 - CVE: Not Available
  • Platform: Cross Platform
  • Title: IBM Cognos Express Hardcoded Credentials Security Bypass
  • Description: IBM Cognos Express is a business intelligence and planning solution. The application is exposed to a security bypass issue that exists in the Tomcat Manager due to hardcoded credentials. IBM Cognos Express version 9.0 is affected.
  • Ref: http://www-01.ibm.com/support/docview.wss?uid=swg21419179
  • 10.7.44 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Gnome GMIME_UUENCODE_LEN() Macro Buffer Overflow
  • Description: Gnome GMime is a C/C++ library. The GMime library is exposed to a buffer overflow issue because the "GMIME_UUENCODE_LEN()" macro fails to perform adequate boundary checks on user-supplied data. The macro incorrectly calculates the maximum number of output bytes generated by a "uuencode" operation. Gnome GMime versions prior to 2.4.15 are affected. Ref: http://ftp.gnome.org/pub/GNOME/sources/gmime/2.4/gmime-2.4.15.changes
  • 10.7.45 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Interspire Knowledge Manager 5.1.3 and Prior Multiple Remote Vulnerabilities
  • Description: Interspire Knowledge Manager is a knowledge management application. The application is exposed to multiple remote issues. A cross-site scripting issue affects the "sp" parameter of the "admin/de/colormenu.php" script, an information disclosure issue that affects the "admin/de/dialog/media_manager.php" script. Multiple SQL injection issues affect various unspecified scripts and parameters. Interspire Knowledge Manager versions 5.1.3 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/38090
  • 10.7.46 - CVE: CVE-2010-0292, CVE-2010-0293, CVE-2010-0294
  • Platform: Cross Platform
  • Title: Chrony 1.23 and Prior Multiple Remote Denial of Service Vulnerabilities
  • Description: Chrony is an application used to synchronize date and time information. Chrony contains both a client (chronyc) and a server (chronyd). The Chrony server is exposed to multiple remote denial of service issues: The "chronyd" server replies to all "cmdmon" packets from unauthorized hosts, fails to limit memory used to maintain information about client hosts, and fails to limit the rate at which messages are logged. Chrony versions prior to 1.23.1 and 1.24 are affected.
  • Ref: http://chrony.tuxfamily.org/News.html
  • 10.7.47 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Ipswitch IMail Server Multiple Local Privilege Escalation Vulnerabilities
  • Description: Ipswitch IMail Server is an email server that serves clients their mail via a web interface. The application is exposed to multiple local privilege escalation issues: By default, the application allows an "Internet Guest Account" to have "Full Control" to the "Ipswitch/IMail" registry key and The IMail password is encrypted with a weak encryption scheme in the "IMail.dll" dynamic link library. IMail Server version 11.01 is affected. Ref: http://archives.neohapsis.com/archives/fulldisclosure/2010-02/0076.html
  • 10.7.48 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Samba Symlink Directory Traversal
  • Description: Samba is a freely available file and printer sharing application maintained and developed by the Samba Development Team. Samba allows users to share files and printers between operating systems on UNIX and Windows platforms. The application is exposed to a directory traversal issue because it fails to sufficiently sanitize user-supplied input. Ref: http://archives.neohapsis.com/archives/fulldisclosure/2010-02/0100.html
  • 10.7.49 - CVE: CVE-2009-3995, CVE-2009-3996
  • Platform: Cross Platform
  • Title: libmikmod Multiple Buffer Overflow Vulnerabilities
  • Description: libmikmod is a sound library used for playing audio files. libmikmod is exposed to multiple security issues. Three vulnerabilities occur in the "load_it.c" file when parsing instrument definitions in Impulse Tracker files, and a vulnerability occurs in the "load_ult.c" file when parsing Ultratracker files. Specifically the issue occurs when parsing a file with more than UF_MAXCHAN (64) channels. libmikmod version 3.1.12 is affected.
  • Ref: http://secunia.com/secunia_research/2009-55/
  • 10.7.50 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Oracle 11gR2 Remote Command Execution
  • Description: Oracle Database is prone to a remote command execution vulnerability. The issue occurs because of improper privileges for the "DBMS_JAVA", "DBMS_JAVA_TEST" and "DBMS_JVM_EXP_PERMS" packages. Specifically, an attacker with access to these packages can leverage the "DBMS_JAVA.SET_OUTPUT_TO_JAVA" procedure to escalate their privileges to those of a fully privileged DBA user. Oracle Database 11gR2 is affected. Ref: http://www.h-online.com/security/news/item/Vulnerability-in-Oracle-11gR2-allows-system-privileges-for-all-Update-923143.html
  • 10.7.51 - CVE: Not Available
  • Platform: Cross Platform
  • Title: uplusware UplusFtp Multiple Remote Buffer Overflow Vulnerabilities
  • Description: UplusFtp is an FTP server application. UplusFtp is exposed to multiple remote buffer overflow issues because it fails to perform adequate boundary checks on user-supplied data. The following FTP commands are vulnerable: "APPE", "DELE", "LIST", "MKD", "NLST" and "CWD". UplusFtp version 1.7.0.12 is affected.
  • Ref: http://www.securityfocus.com/bid/38105
  • 10.7.52 - CVE: CVE-2010-0368, CVE-2010-0369
  • Platform: Cross Platform
  • Title: LANDesk Management Gateway Multiple Security Vulnerabilities
  • Description: LANDesk Management Gateway is an appliance for managing remote users and computers. LANDesk Management Gateway is exposed to multiple remote issues: 1) a cross-site request-forgery issue that allows an attacker to perform unauthorized actions via the "delBackupName" POST parameter to the "gsb/datetime.php" script, and 2) a cross-site scripting issue that affects the same script and parameter.
  • Ref: http://www.securityfocus.com/archive/1/509377
  • 10.7.53 - CVE: Not Available
  • Platform: Cross Platform
  • Title: IBM WebSphere Application Server "Requires SSL" Option Security Bypass
  • Description: IBM WebSphere Application Server (WAS) is a web application server available for various operating systems. WAS is exposed to a security bypass issue because it fails to properly detect the "Requires SSL" option for Single Sign-On (SSO). WAS versions 7.0 through 7.0.0.8 are affected.
  • Ref: http://www-01.ibm.com/support/docview.wss?uid=swg21417839
  • 10.7.54 - CVE: Not Available
  • Platform: Cross Platform
  • Title: CounterPath X-Lite ".wav" File Buffer Overflow
  • Description: X-Lite is a SIP softphone for Microsoft Windows and Mac OS X operating systems. The application is exposed to a heap-based buffer overflow issue because it fails to perform adequate checks on user-supplied input. Specifically, this issue occurs when opening a specially crafted ".wav" file. X-Lite version 3.0 is affected.
  • Ref: http://www.securityfocus.com/bid/38130
  • 10.7.55 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Mozilla Firefox and SeaMonkey Remote Denial of Service
  • Description: Mozilla Firefox and Sea Monkey are web applications available for multiple platforms. Mozilla Firefox and SeaMonkey are exposed to a remote denial of service issue. The issue affects Firefox version 3.6.7 and SeaMonkey version 2.0.1.
  • Ref: http://www.securityfocus.com/bid/38132
  • 10.7.56 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Apple Safari Remote Denial of Service
  • Description: Apple Safari is a web browser. Apple Safari is exposed to a remote denial of service issue. Successful exploits may allow an attacker to crash the affected browser, resulting in a denial of service condition. Safari version 4.0.4 is affected.
  • Ref: http://www.securityfocus.com/bid/38133
  • 10.7.57 - CVE: Not Available
  • Platform: Cross Platform
  • Title: JDownloader "JDExternInterface.java" Remote Code Execution
  • Description: JDownloader is an open-source application for downloading files; it is implemented in Java. JDownloader is exposed to an issue that lets remote attackers execute arbitrary code. This issue occurs in the "JDExternInterface.java" source file. Specifically, the default context allows the application to execute code without proper security restrictions. JDownloader versions prior to 0.9.334 are affected.
  • Ref: http://www.securityfocus.com/bid/38143
  • 10.7.58 - CVE: Not Available
  • Platform: Cross Platform
  • Title: GeFest Web Home Server Remote Directory Traversal
  • Description: Gefest Web Home Server is a web server implemented in Java. The application is exposed to a remote directory traversal issue because it fails to sufficiently sanitize user-supplied input. Attackers may read files that are outside of the web root directory. Gefest Web Home Server version 1.0 is affected.
  • Ref: http://www.securityfocus.com/archive/1/509426
  • 10.7.59 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Mongoose Space String Remote File Disclosure
  • Description: Mongoose is an HTTP server. The application is exposed to a file disclosure issue because it fails to properly sanitize user-supplied input. Specifically, an attacker can obtain the source code of a file by providing a "%20%20%20" string at the end of the filename in an HTTP request. Mongoose version 2.8 is affected.
  • Ref: http://www.securityfocus.com/archive/1/509433
  • 10.7.60 - CVE: CVE-2010-0414
  • Platform: Cross Platform
  • Title: gnome-screensaver Monitor Removal Lock Bypass
  • Description: The "gnome-screensaver" screensaver is included with the Gnome Window Manager. The screensaver's desktop locking feature is designed to prevent users without valid credentials from accessing the desktop. The screensaver is exposed to an issue that allows an attacker who has physical console access to bypass the user's locked screen. This issue occurs when the "unlock" dialog box is on a monitor that is removed. gnome-screensaver version 2.28 is affected.
  • Ref: https://bugzilla.redhat.com/show_bug.cgi?id=562217
  • 10.7.61 - CVE: CVE-2010-0444
  • Platform: Cross Platform
  • Title: HP Operations Agent Unauthorized Access
  • Description: HP Operations Manager is an application for managing IT infrastructure. It is available for a number of platforms. HP Operations Agent is exposed to an unauthorized access issue. Remote attackers can exploit this issue to completely compromise affected computers. HP Operations Agent versions 8.51, 8.52, 8.53, and 8.60 running on Solaris 10 are affected.
  • Ref: http://www.securityfocus.com/bid/38150
  • 10.7.62 - CVE: Not Available
  • Platform: Cross Platform
  • Title: DECT Standard Cypher (DSC) Encryption Bypass
  • Description: Digital Enhanced Cordless Telecommunications (DECT) is a standard for cordless telephones that provides a way to encrypt transmissions between a wireless device and a base station. The DECT Standard Cypher (DSC) is an algorithm used by DECT to encrypt data. The DSC is exposed to a key recovery attack. Attackers can exploit this issue to overcome the DSC encryption algorithm and then read encrypted data sent from a wireless device to the base station.
  • Ref: http://www.dect.org/news.aspx?id=52
  • 10.7.63 - CVE: Not Available
  • Platform: Cross Platform
  • Title: ModSecurity Security Bypass And Denial of Service Vulnerabilities
  • Description: ModSecurity is an Apache module that provides firewall protection for web applications. ModSecurity is exposed to a security bypass issue and a denial of service issue due to unspecified errors. An attacker can exploit these issues to bypass certain security detection mechanisms and cause denial of service conditions. ModSecurity versions prior to 2.5.12 are affected.
  • Ref: http://www.securityfocus.com/bid/38156
  • 10.7.64 - CVE: CVE-2010-0417
  • Platform: Cross Platform
  • Title: Helix Player RuleBook Structure Heap Buffer Overflow
  • Description: Helix Player is a media player available for Linux, BSD, and Solaris. The application is exposed to a heap-based buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input. Specifically, this issue is triggered when processing crafted "RuleBook" structures.
  • Ref: https://bugzilla.redhat.com/show_bug.cgi?id=561860
  • 10.7.65 - CVE: CVE-2010-0416
  • Platform: Cross Platform
  • Title: Helix Player Encoded URI Processing Buffer Overflow
  • Description: Helix Player is a media player available for Linux, BSD, and Solaris. The application is exposed to a buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input. Specifically, the application assumes that "%" characters in URIs are always followed by exactly two additional characters.
  • Ref: https://bugzilla.redhat.com/show_bug.cgi?id=561856
  • 10.7.66 - CVE: Not Available
  • Platform: Cross Platform
  • Title: cURL/libcURL CURLOPT_ENCODING Option Buffer Overflow
  • Description: cURL is a utility for transferring files with URL syntax over a number of protocols. As a shared library, libcURL provides this functionality to applications. cURL/libcURL is exposed to a buffer overflow issue because the software fails to perform adequate boundary checks on user-supplied data. This issue occurs when downloading compressed files over HTTP and automatically decompressing the file with the "CURLOPT_ENCODING" option. cURL/libcURL versions prior to 7.20.0 are affected.
  • Ref: http://curl.haxx.se/docs/adv_20100209.html
  • 10.7.67 - CVE: CVE-2009-4274
  • Platform: Cross Platform
  • Title: Netpbm XPM File Remote Stack Buffer Overflow
  • Description: Netbpm is a set of utilities for manipulating images. The application is exposed to a remote stack-based buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input. This issue occurs when handling a specially crafted content header contained in an XPM file. Netpbm versions prior to 10.47.07 are affected.
  • Ref: http://permalink.gmane.org/gmane.comp.security.oss.general/2582
  • 10.7.68 - CVE: CVE-2010-0363
  • Platform: Web Application - Cross Site Scripting
  • Title: Zeus Web Server Unspecified Cross-Site Scripting
  • Description: Zeus Web Server is an HTTP server. The application is exposed to an unspecified cross-site scripting issue because it fails to sanitize user-supplied input. This issue occurs when SSL is enabled for the administration server. Zeus Web Server versions prior to 4.3r5 are affected.
  • Ref: http://support.zeus.com/zws/media/docs/4.3/RELEASE_NOTES
  • 10.7.69 - CVE: CVE-2009-4185
  • Platform: Web Application - Cross Site Scripting
  • Title: HP System Management Homepage Unspecified Cross-Site Scripting
  • Description: HP System Management Homepage is a web-based application used to predict, diagnose, and respond to potential and actual system failures for a single server. The application is prone to an unspecified cross-site scripting vulnerability because it fails to sanitize user-supplied input. HP System Management Homepage versions prior to 6.0 on Windows and Linux platforms are affected. Ref: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02000727
  • 10.7.70 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: KnowGate hipergate Multiple Cross-Site Scripting Vulnerabilities
  • Description: KnowGate hipergate is a web-based CRM and groupware application suite. The application is exposed to multiple cross-site scripting issues because it fails to properly sanitize user-supplied input to the "title" parameter in the following scripts: "common/errmsg.jsp" and "common/pwd_errmsg.jsp". KnowGate hipergate version 4.0.12 is affected.
  • Ref: http://www.securityfocus.com/bid/38094
  • 10.7.71 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Data 1 Systems UltraBB "view_post.php" Cross-Site Scripting
  • Description: Data 1 Systems UltraBB is a PHP-based forum application. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "post_id" parameter of the "view_post.php" script. Data 1 Systems UltraBB version 1.17 is affected.
  • Ref: http://www.securityfocus.com/bid/38097
  • 10.7.72 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: VideoDB "login.php" Cross-Site Scripting
  • Description: VideoDB is database application for managing personal video collections. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "error" parameter of the "login.php" script. VideoDB version 3.0.3 is affected.
  • Ref: http://www.securityfocus.com/bid/38155
  • 10.7.73 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Red Cow RealAdmin "detail.php" SQL Injection
  • Description: Red Cow RealAdmin is a content manager implemented in PHP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied input to the "id" parameter of the "detail.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/38059
  • 10.7.74 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Red Cow myBusinessAdmin "content.php" SQL Injection
  • Description: Red Cow myBusinessAdmin is a content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied input to the "id" parameter of the "content.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/38068
  • 10.7.75 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Red Cow CityAdmin "links.php" SQL Injection
  • Description: Red Cow CityAdmin is a content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied input to the "id" parameter of the "links.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/38072
  • 10.7.76 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Eicrasoft Car Rental Script Multiple SQL Injection Vulnerabilities
  • Description: Eicrasoft Car Rental Script is a web-based application. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied input to the "username" and "password" parameters of the "index.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/38079
  • 10.7.77 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: ManageEngine OpUtils "Login.do" SQL Injection
  • Description: ManageEngine OpUtils is a web-based application for managing networks. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied input to the "login.do" script before using it in an SQL query. ManageEngine OpUtils version 5 is affected.
  • Ref: http://www.securityfocus.com/bid/38082
  • 10.7.78 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: MYRE Classifieds "links.php" SQL Injection
  • Description: MYRE Classifieds is a web-based classifieds forum implemented in PHP. The application is exposed to a SQL injection issue because it fails to sufficiently sanitize user-supplied input to the "cat" parameter of the "links.php" script.
  • Ref: http://www.securityfocus.com/bid/38105
  • 10.7.79 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: dlili "links_showcat.php" SQL Injection
  • Description: The "dlili" program is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied input to the "id" parameter of the "links_showcat.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/38118
  • 10.7.80 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: ASCET Interactive Huski Retail Multiple SQL Injection Vulnerabilities
  • Description: ASCET Interactive Huski Retail is a content manager. The application is exposed to multiple SQL injection vulnerabilities because it fails to sufficiently sanitize user-supplied input to the "categoryID and productID" parameters of the "index.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/38129
  • 10.7.81 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: OCS Inventory NG Cross-Site Scripting and SQL Injection Vulnerabilities
  • Description: OCS Inventory NG is an application for managing computing assets. The application is exposed to these input validation issues: 1) an SQL injection issue that affects the "c" parameter in the "index.php" script, and 2) multiple SQL injection issues and a cross-site scripting issue that affects an unspecified parameter in the "index.php" script. OCS Inventory NG version 1.02.1 is affected.
  • Ref: http://www.securityfocus.com/bid/38131
  • 10.7.82 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: OpenBB Multiple SQL Injection Vulnerabilities
  • Description: OpenBB is a web-based application implemented in PHP. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied input to the "FID" parameter of the "board.php" and "read.php" scripts before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/38134
  • 10.7.83 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Joomla! "com_photoblog" Component "blog" Parameter SQL Injection
  • Description: The "com_photoblog" component is a photo gallery application for the Joomla! content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "blog" parameter of the "com_photoblog" component before using it an SQL query.
  • Ref: http://www.securityfocus.com/bid/38136
  • 10.7.84 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Joomla! "com_productbook" Component "id" Parameter SQL Injection
  • Description: The "com_productbook" application is a PHP-based component for the Joomla! content manager. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/38137
  • 10.7.85 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Baal Systems "adminlogin.php" Multiple SQL Injection Vulnerabilities
  • Description: Baal Systems Portal Software is a PHP-based portal application. The application is exposed to multiple SQL injection issues because it fails to adequately sanitize user-supplied input to the "Username" and "Password" fields of the "adminlogin.php" script. Baal System version 3.8 is affected.
  • Ref: http://www.securityfocus.com/bid/38139
  • 10.7.86 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Exponent CMS "id" Parameter SQL Injection
  • Description: Exponent CMS is a content manager implemented in PHP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. This issue affects the "id" parameter of the "index.php" script when the "module" parameter is set to "articlemodule" and the "action" parameter is set to "view_article". Exponent CMS version 0.96.3 is affected.
  • Ref: http://www.securityfocus.com/bid/38142
  • 10.7.87 - CVE: CVE-2010-0438
  • Platform: Web Application - SQL Injection
  • Title: OTRS Core System Multiple Unspecified SQL Injection Vulnerabilities
  • Description: OTRS (Open Ticket Request System) is a Perl-based application for managing support tickets. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to unspecified parameters before using it in SQL queries. OTRS versions 2.4.x, 2.3.x, 2.2.x, and 2.1.x are affected.
  • Ref: http://otrs.org/advisory/OSA-2010-01-en/
  • 10.7.88 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Aflam Online "index.php" SQL Injection
  • Description: Aflam Online is a web application implemented in PHP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied input to the "id" parameter of the "index.php" script before using it in an SQL query. Aflam Online version 1.0 is affected.
  • Ref: http://packetstormsecurity.org/1002-exploits/aflam-sql.txt
  • 10.7.89 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Digital Arakan Infotech Mailing List System "admloginchk.asp" Multiple SQL Injection Vulnerabilities
  • Description: Digital Arakan Infotech Mailing List System is an ASP-based application for managing mailing lists. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "adm_login" and "adm_password" parameters of the "admloginchk.asp" script. Mailing List System version 2.0 is affected.
  • Ref: http://www.securityfocus.com/bid/38151
  • 10.7.90 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Zen Time Tracking Multiple SQL Injection Vulnerabilities
  • Description: Zen Time Tracking is a web-based application for tracking time. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied input to the "username" and "Password" parameters of the "userlogin.php" and "managerlogin.php" scripts before using it in an SQL query. Zen Time Tracking version 2.2 is affected.
  • Ref: http://www.securityfocus.com/bid/38153
  • 10.7.91 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Testa OTMS "index.php" Multiple SQL Injection Vulnerabilities
  • Description: Testa OTMS is a web application. Testa OTMS is exposed to multiple SQL injection issues because it fails to properly sanitize user-supplied input before using it in SQL queries. Specifically, the application fails to sanitize user-supplied input to the "uname" and "pass" parameters of the "index.php" and "admin/index.php" scripts. Testa OTMS version 1.7 is affected.
  • Ref: http://www.securityfocus.com/bid/38153
  • 10.7.92 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: vBulletin Adsense Component "viewpage.php" SQL Injection
  • Description: vBulletin is a content manager implemented in PHP. Adsense is a component for vBulletin. vBulletin Adsense component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "viewpage.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/38167
  • 10.7.93 - CVE: Not Available
  • Platform: Web Application
  • Title: Drupal Menu Breadcrumb Module HTML Injection
  • Description: Menu Breadcumb is a PHP-based component for the Drupal content manager. The module is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Menu Breadcrumb versions prior to 6.x-1.3 are affected.
  • Ref: http://drupal.org/node/703652
  • 10.7.94 - CVE: Not Available
  • Platform: Web Application
  • Title: Drupal ODF Import Module Content Importing HTML Injection
  • Description: ODF Import is a PHP-based component for the Drupal content manager. The module is exposed to an HTML injection issue because it fails to properly validate invalid content formats. ODF Import versions 6.x-1.0 and earlier are affected.
  • Ref: http://drupal.org/node/703628
  • 10.7.95 - CVE: Not Available
  • Platform: Web Application
  • Title: Drupal Signwriter Module Arbitrary Command Execution
  • Description: Signwriter is a module for the Drupal content manager. The extension is exposed to an issue that lets attackers execute arbitrary PHP commands because it passes user-supplied data to the "preg_replace()" PHP function in an unsafe manner. Signwriter versions prior to 5.x-1.6 and 6.x-2.0-beta2 are affected.
  • Ref: http://drupal.org/node/703882
  • 10.7.96 - CVE: CVE-2010-0394
  • Platform: Web Application
  • Title: Trac Git Plugin Remote Command Injection
  • Description: Trac Git Plugin adds Git version control to the Trac issue tracker. The application is exposed to a remote command injection issue because it fails to adequately sanitize user-supplied input data. Attackers can exploit this issue to execute arbitrary commands within the context of the affected application.
  • Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=567039
  • 10.7.97 - CVE: Not Available
  • Platform: Web Application
  • Title: Interspire Knowledge Manager "admin/remote.php" PHP Code Injection
  • Description: Interspire Knowledge Manager is a PHP-based knowledge-management application. Knowledge Manager is exposed to an issue that lets attackers inject arbitrary PHP code. The issue occurs because the application fails to sanitize the version number of the "admin/remote.php" script before including it in a PHP file. Knowledge Manager version 5.1.3 is affected.
  • Ref: http://seclists.org/fulldisclosure/2010/Feb/57
  • 10.7.98 - CVE: Not Available
  • Platform: Web Application
  • Title: KnowGate hipergate Multiple Input Validation Vulnerabilities
  • Description: KnowGate hipergate is a Java-based content manager. Since it fails to sufficiently sanitize user-supplied input, the application is prone to the following issues: HTML injection issues can be triggered when adding a New Campaign; cross-site scripting vulnerabilities affect the following parameters: "hipergate/common/errmsg.jsp": "title", "desc", and "resume" parameters, and SQL injection vulnerabilities affect the "hipergate/admin/sql.htm" file. hipergate version 4.0.12 is affected.
  • Ref: http://www.securityfocus.com/bid/38091
  • 10.7.99 - CVE: Not Available
  • Platform: Web Application
  • Title: evalSMSI Multiple Input Validation Vulnerabilities
  • Description: evalSMSI is a PHP-based application for evaluating an information security management system (ISMS). The application is exposed to multiple issues: 1) an authentication bypass issue that occurs because the application fails to adequately restrict access to the "ajax.php" script, 2) a SQL injection issue that occurs because the application fails to sufficiently sanitize user-supplied input to the "query" parameter of the "ajax.php" script before using it in an SQL query, and 3) an HTML injection issue occurs because the application fails to adequately sanitize user-supplied input. evalSMSI versions prior to 2.2.00 are affected.
  • Ref: http://www.securityfocus.com/archive/1/509370
  • 10.7.100 - CVE: Not Available
  • Platform: Web Application
  • Title: ASCET Interactive Huski CMS "i" Parameter Local File Include
  • Description: ASCET Interactive Huski CMS is a PHP-based content manager. The application is exposed to a local file include issue because it fails to sufficiently sanitize user-supplied input to the "i" parameter of the "size.php" script.
  • Ref: http://www.securityfocus.com/archive/1/509383
  • 10.7.101 - CVE: Not Available
  • Platform: Web Application
  • Title: odlican.net CMS "upload.php" Arbitrary File Upload
  • Description: odlican.net CMS is a PHP-based content management system. The application is exposed to an issue that lets attackers upload arbitrary files because it fails to adequately sanitize file extensions before uploading files to the web server through the "upload.php" script. odlican.net CMS version 1.51 is affected.
  • Ref: http://www.securityfocus.com/bid/38128
  • 10.7.102 - CVE: Not Available
  • Platform: Web Application
  • Title: osTicket Cross-Site Scripting and SQL Injection Vulnerabilities
  • Description: osTicket is a PHP-based application for customer support. The application is exposed to multiple input validation issues: 1) an SQL injection issue that affects the "input" parameter in the "ajax.php" script, and 2) multiple cross-site scripting issues that affect the "api" and "f" parameters in the "ajax.php" script. osTicket version 1.6 RC5 is affected.
  • Ref: http://osticket.com/forums/project.php?issueid=176

(c) 2010. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge by the SANS Institute to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.

It is clear that a great deal of time is spent in creating and maintaining these courses. Content is well presented, relevant and accurate. Delivery is meaningful and energetic.
-Sue Farrand, Edgewater Technology Associates

SANS Pen Test Hackfest 2013 - Washington

Latest Whitepapers

Building and Maintaining a "Certifiable" Workforce
By Robert J. Mavretich

How Can You Build and Leverage SNORT IDS Metrics to Reduce Risk?
By Tim Proffitt

Daisy Chain Authentication
By Courtney Imbert

Latest Tweets

NEW #SANS Survey: Security Analytics & Intelligence 2nd [...]
October 1, 2013 - 6:30 PM

Tips on how to convince your boss to let you train online wi [...]
October 1, 2013 - 6:23 PM

#2 Tip on how 2 convince your boss 2 let u train online: Fle [...]
October 1, 2013 - 3:00 PM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"The perfect balance of theory and hands-on experience."
- James D. Perry II, University of Tennessee

"SANS is far more in-depth than other training I have attended."
- Frank Rajnai, Sears Canada Inc

"Expertise of the trainer is impressive, real life situations explained, very good manuals. Best training ever!"
- Jerry Robles de Medina, Godo CU