@RISK: The Consensus Security Vulnerability Alert

Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)

• (1) CRITICAL: Multiple Mozilla Products Multiple Vulnerabilities
• (2) HIGH: Mozilla Firefox Code Execution Vulnerability
• (3) HIGH: NOS Microsystems getPlus Download Manager Input Validation Vulnerability
• (4) HIGH: Symantec Products Client Proxy Buffer Overflow Vulnerability
• (5) MODERATE: Google Picasa Integer Overflow Vulnerability
• (6) MODERATE: Symantec Products "SYMLTCOM.dll" Buffer Overflow Vulnerability
• (7) MODERATE: IBM Lotus Notes Buffer Overflow Vulnerability
• (8) MODERATE: EMC HomeBase Server Directory Traversal Vulnerability

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)

Third Party Windows Apps

• 10.9.1 - Hyleos ChemView ActiveX Control Multiple Buffer Overflow Vulnerabilities
• 10.9.2 - Rising Online Virus Scanner ActiveX Control "Scan()" Method Stack Buffer Overflow
• 10.9.3 - Multiple Symantec Products "SYMLTCOM.dll" ActiveX Stack Buffer Overflow
• 10.9.4 - Symantec Client Proxy ActiveX Control Buffer Overflow
• 10.9.5 - Easy FTP Server "Path" Parameter Buffer Overflow
• 10.9.6 - Chasys Media Player ".mid" File Processing Buffer Overflow

Linux

• 10.9.7 - Linux Kernel GRE Protocol Initialization Remote Denial of Service
• 10.9.8 - Linux Kernel Tunnels Initialization Remote Denial of Service
• 10.9.9 - Linux Kernel "azx_position_ok()" Local Denial of Service
• 10.9.10 - Linux Kernel RTO (Retransmission Timeouts) Remote Denial of Service
• 10.9.11 - Linux Kernel "ipv6_skip_exthdr()" Remote Denial of Service

Cross Platform

• 10.9.12 - DotNetNuke Role Expiration Security Bypass
• 10.9.13 - IBM Lotus Notes Unspecified Remote Buffer Overflow
• 10.9.14 - DigiDNA FileApp Remote Denial of Service
• 10.9.15 - Mozilla Firefox Unspecified Remote Code Execution
• 10.9.16 - Pidgin Multiple Denial of Service Vulnerabilities
• 10.9.17 - EMV Protocol PIN Verification Bypass
• 10.9.18 - Juniper Networks Juniper Installer Service Buffer Overflow
• 10.9.19 - httpdx "MKD" Command Directory Traversal
• 10.9.20 - OpenOffice VBA Macro Restrictions Remote Security Bypass
• 10.9.21 - gnome-screensaver Monitor Topology Security Bypass
• 10.9.22 - Intel BIOS System Management Mode Local Privilege Escalation
• 10.9.23 - gnome-screensaver Monitor Addition Lock Bypass
• 10.9.24 - Headlight Software FTP On The Go Remote Denial of Service
• 10.9.25 - xenugo myDB "DELE" FTP Command Remote Denial of Service
• 10.9.26 - MIT Kerberos KDC "handle_tgt_authdata()" Denial of Service
• 10.9.27 - Easy FTP Server Multiple Remote Buffer Overflow Vulnerabilities
• 10.9.28 - Pardus Sun Java Insecure Permissions Local Privilege Escalation
• 10.9.29 - Cisco Security Agent Management Center Directory Traversal
• 10.9.30 - Cisco Security Agent Unspecified Remote Denial of Service
• 10.9.31 - Mozilla Firefox CVE-2010-0159 Multiple Remote Memory Corruption Vulnerabilities
• 10.9.32 - Mozilla Firefox/Thunderbird/SeaMonkey HTML Parser Remote Code Execution
• 10.9.33 - Mozilla Firefox and SeaMonkey Web Workers Array Data Type Remote Memory Corruption
• 10.9.34 - Symantec AntiVirus and Symantec Endpoint Protection Scan Evasion
• 10.9.35 - Adobe Download Manager Unspecified Arbitrary File Download
• 10.9.36 - Asterisk Dialplan "$" Variable String Injection
• 10.9.37 - SystemTap Unspecified Security
• 10.9.38 - Samba "client/mount.cifs.c" Remote Denial of Service
• 10.9.39 - IBM WebSphere Commerce Local Information Disclosure
• 10.9.40 - IBM WebSphere Commerce Encryption Key Remote Security
• 10.9.41 - IBM WebSphere Service Registry and Repository Configuration Property Security Bypass
• 10.9.42 - Konversation Unicode IRC Message Remote Denial of Service
• 10.9.43 - Gretech GOM Player ".wav" File Remote Buffer Overflow
• 10.9.44 - Total Video Player ".wav" File Remote Denial of Service
• 10.9.45 - Total Video Player ".avi" File Remote Denial of Service
• 10.9.46 - Bournal Insecure Temporary File Creation
• 10.9.47 - Steppin" Stonez iFTPStorage Remote Denial of Service
• 10.9.48 - IBM WebSphere Portal Portlet Palette Search HTML Injection
• 10.9.49 - Todd Miller Sudo "sudoedit" Local Privilege Escalation
• 10.9.50 - Avast! Antivirus "aavmKer4.sys" Driver IOCTL Handling Local Privilege Escalation
• 10.9.51 - SavySoda WiFiFTP "APPE" Command Remote Denial of Service
• 10.9.52 - WordPress Trashed Posts Information Disclosure
• 10.9.53 - Mozilla Firefox Style Sheet Redirection Information Disclosure
• 10.9.54 - WebKit "file:///" Directory Listing Page Information Disclosure
• 10.9.55 - WebKit Popup Blocker Security Bypass

Web Application - Cross Site Scripting

• 10.9.56 - CMS Made Simple Local File Include and Cross-Site Scripting Vulnerabilities
• 10.9.57 - Basic-CMS "nav_id" Parameter Cross-Site Scripting
• 10.9.58 - Joomla MS Comment Component Security Bypass and Cross-Site Scripting Vulnerabilities
• 10.9.59 - Portrait Software Portrait Campaign Manager Multiple Cross-Site Scripting Vulnerabilities
• 10.9.60 - EziScript Google Page Rank Cross-Site Scripting
• 10.9.61 - Mozilla Firefox and SeaMonkey SVG Document Cross-Domain Scripting
• 10.9.62 - Mozilla Firefox and SeaMonkey "showModalDialog" method Cross- Domain Scripting
• 10.9.63 - Portwise SSL VPN "reloadFrame" Parameter Cross-Site Scripting
• 10.9.64 - Subex Nikira Fraud Management System GUI "message" Parameter Cross-Site Scripting
• 10.9.65 - OCS Inventory NG Multiple Cross-Site Scripting Vulnerabilities
• 10.9.66 - LiteSpeed Web Server Cross-Site Scripting and Request Forgery Vulnerabilities
• 10.9.67 - Social Web CMS "index.php" Cross-Site Scripting
• 10.9.68 - vBulletin 4.0.2 Multiple Cross-Site Scripting Vulnerabilities
• 10.9.69 - VideoSearchScript "index.php" Cross-Site Scripting
• 10.9.70 - Pulse CMS "view.php" Cross-Site Scripting
• 10.9.71 - WampServer "lang" Parameter Cross-Site Scripting

Web Application - SQL Injection

• 10.9.72 - Joomla! "com_recipe" Component Multiple SQL Injection Vulnerabilities
• 10.9.73 - SN Guest "index.php" SQL Injection
• 10.9.74 - Copperleaf Photolog Plugin for WordPress "cplphoto.php" SQL Injection
• 10.9.75 - Joomla "com_videos" Component "id" Parameter SQL Injection
• 10.9.76 - Joomla! "com_flashmagazinedeluxe" Component "mag_id" Parameter SQL Injection
• 10.9.77 - Mambo "com_acnews" Component "id" Parameter SQL Injection
• 10.9.78 - Pogodny CMS "id" Parameter SQL Injection
• 10.9.79 - Joomla! "com_acstartseite" Component SQL Injection
• 10.9.80 - Joomla! "com_acteammember" Component SQL Injection
• 10.9.81 - Cisco Management Center for Cisco Security Agents SQL Injection
• 10.9.82 - Newgen Software OmniDocs "ForceChangePassword.jsp" SQL Injection
• 10.9.83 - XlentProjects SphereCMS "archive.php" SQL Injection
• 10.9.84 - Amelia CMS "index.php" SQL Injection
• 10.9.85 - PHPKIT "include.php" SQL Injection
• 10.9.86 - Demo Auktionshaus "news.php" SQL Injection
• 10.9.87 - superengine cms "index.php" SQL Injection
• 10.9.88 - Article Friendly "Username" Field Login SQL Injection
• 10.9.89 - WSC CMS "Password" Field SQL Injection
• 10.9.90 - Softbiz Jobs "news_desc.php" SQL Injection
• 10.9.91 - Joomla! "com_sqlreport" Component SQL Injection
• 10.9.92 - Php Auktion Pro "news.php" SQL Injection

Web Application

• 10.9.93 - Symantec IM Manager Console HTML Injection
• 10.9.94 - Joomla! "com_otzivi" Component "controller" Parameter Local File Include
• 10.9.95 - Joomla! Core Design Scriptegrator Component Local File Include
• 10.9.96 - Izumi "src/page.php" Multiple Remote and Local File Include Vulnerabilities
• 10.9.97 - Joomlaku Testimonialku Component for Joomla! Multiple HTML Injection Vulnerabilities
• 10.9.98 - WordPress "wp-admin/admin.php" Module Configuration Security Bypass
• 10.9.99 - ZeusCMS "page" Parameter Local File Include
• 10.9.100 - JoomlaWorks AllVideos Joomla! Component Directory Traversal
• 10.9.101 - Joomla! "com_hdvideoshare" Component "secid" Parameter SQL Injection
• 10.9.102 - Drupal Realname User Reference Widget Module Information Disclosure
• 10.9.103 - Joomla! Webamoeba Ticket System Component HTML Injection
• 10.9.104 - Joomla! "com_rwcards" Component "controller" Parameter Local File Include
• 10.9.105 - Drupal Advanced Help Injection and Export Module HTML Injection
• 10.9.106 - Drupal iTweak Upload Module HTML Injection
• 10.9.107 - Drupal Content Distribution Module Security Bypass Vulnerabilities
• 10.9.108 - OSClass Multiple Input Validation Vulnerabilities
• 10.9.109 - New-CMS Multiple Local File Include and HTML Injection Vulnerabilities
• 10.9.110 - Core Joomla Community Polls Component "controller" Parameter Local File Include
• 10.9.111 - Infragistics NetAdvantage for Web Client Directory Traversal
• 10.9.112 - phpBugTracker "filename" Parameter Remote File Disclosure
• 10.9.113 - Kusaba X Report Function HTML Injection
• 10.9.114 - Galerie Dezign-Box Multiple Input Validation Vulnerabilities
• 10.9.115 - Bournal ccrypt Utility Local Information Disclosure
• 10.9.116 - Ac4p Gallery Multiple Remote Vulnerabilities
• 10.9.117 - TYPO3 Core Multiple Remote Security Vulnerabilities
• 10.9.118 - WorkSimple "uploader.php" Remote File Upload Vulnerability

Network Device

• 10.9.119 - Huawei HG510 Multiple Cross-Site Request Forgery Vulnerabilities
• 10.9.120 - Cisco ASA Appliance TCP Connection Exhaustion Denial of Service
• 10.9.121 - Cisco ASA 5500 NTLM Protocol Authentication Bypass
• 10.9.122 - Cisco ASA 5500 IKE Message Denial of Service
• 10.9.123 - Cisco Firewall Services Module SCCP Inspection Remote Denial of Service
• 10.9.124 - Cisco ASA 5500 Series SIP Traffic (CVE-2010-0150) Denial of Service
• 10.9.125 - Cisco ASA 5500 Crafted TCP Segment Denial of Service
• 10.9.126 - Cisco ASA 5500 WebVPN DTLS Packet Denial of Service
• 10.9.127 - Cisco ASA 5500 Series SIP Traffic (CVE-2010-0569) Denial of Service

PART I Critical Vulnerabilities

PART I Critical Vulnerabilities Part I for this issue has been compiled by Rohan Kotian at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 9, 2010

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com) Week 09, 2010 This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 8057 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely. ______________________________________________________________________

• 10.9.1 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: Hyleos ChemView ActiveX Control Multiple Buffer Overflow Vulnerabilities
• Description: Hyleos ChemView is a free ActiveX control used to visualize chemical structures from MDL or MOL files. ChemView is exposed to multiple buffer overflow issues because it fails to perform adequate boundary checks on user-supplied data. These issues affect the "filename" parameter of the "SaveasMilFile()" and "ReadMolFile()" methods of HyleoCheView.ocx. Hyleos ChemView version 1.9.5.1 is affected.
• Ref: http://support.microsoft.com/kb/240797

• 10.9.2 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: Rising Online Virus Scanner ActiveX Control "Scan()" Method Stack Buffer Overflow
• Description: Rising Online Virus Scanner is an ActiveX control that scans for malicious files. Rising Online Virus Scanner ActiveX control is exposed to a buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. Rising Online Virus Scanner version 22.0.5 is affected.
• Ref: http://support.microsoft.com/kb/240797

• 10.9.3 - CVE: CVE-2010-0107
• Platform: Third Party Windows Apps
• Title: Multiple Symantec Products "SYMLTCOM.dll" ActiveX Stack Buffer Overflow
• Description: Multiple Symantec products are exposed to a buffer overflow issue because the applications utilize an ActiveX control that fails to adequately validate user-supplied input. Specifically, this issue affects the "SYMLTCOM.dll" ActiveX control. This issue affects the following products: Norton 360 1.0 and 2.0, Norton Internet Security 2006 through 2008, Norton AntiVirus 2006 through 2008, Norton SystemWorks 2006 through 2008, Norton Confidential 2006 through 2008 and Symantec Client Security 3.0.x and 3.1.x.
• Ref: http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fi
  d=security_advisory&pvid=security_advisory&year=2010&suid=20100217_0
  1

• 10.9.4 - CVE: CVE-2010-0108
• Platform: Third Party Windows Apps
• Title: Symantec Client Proxy ActiveX Control Buffer Overflow
• Description: The Symantec Client Proxy is an ActiveX control included with some Symantec products. The ActiveX control is exposed to a buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. This issue affects the control provided by the file "CLIproxy.dll". The following Symantec products are affected: Symantec AntiVirus 10.0.x and 10.1.x prior to 10.1 MR9, Symantec AntiVirus 10.2.x prior to 10.2, MR4 and Symantec Client Security 3.0.x and 3.1.x prior to 3.1 MR9.
• Ref: http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fi
  d=security_advisory&pvid=security_advisory&year=2010&suid=20100217_0
  2

• 10.9.5 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: Easy FTP Server "Path" Parameter Buffer Overflow
• Description: Easy FTP Server is an FTP server for Windows. The application is exposed to a buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. The issue affects the "path" parameter of the "list.html" script. Easy FTP Server version 1.7.0.2 is affected.
• Ref: http://www.securityfocus.com/bid/38321

• 10.9.6 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: Chasys Media Player ".mid" File Processing Buffer Overflow
• Description: Chasys Media Player is a media player that supports multiple file formats. The application is exposed to a buffer overflow issue because it fails to perform adequate checks on user-supplied input. Specifically, this issue occurs when the application parses malformed ".mid" files. Chasys Media Player version 1.1 is affected.
• Ref: http://www.securityfocus.com/bid/38346

• 10.9.7 - CVE: Not Available
• Platform: Linux
• Title: Linux Kernel GRE Protocol Initialization Remote Denial of Service
• Description: The Linux kernel is exposed to a remote denial of service issue affecting the GRE (Generic Routing Encapsulation) implementation. Specifically, if the GRE protocol receive hook is called immediately after protocol addition, the kernel may generate an oops. This issue affects the "ipgre_init()" and "ipgre_fini()" functions in the "net/ipv4/ip_gre.c" source file.
• Ref: http://xorl.wordpress.com/2010/02/21/linux-kernel-tunnels-race-condition/

• 10.9.8 - CVE: Not Available
• Platform: Linux
• Title: Linux Kernel Tunnels Initialization Remote Denial of Service
• Description: The Linux kernel is exposed to a remote denial of service issue affecting the "tunnels" implementation. Specifically, if the affected receive hook is called immediately after protocol addition, the kernel may generate an oops.
• Ref: http://patchwork.ozlabs.org/patch/45554/

• 10.9.9 - CVE: Not Available
• Platform: Linux
• Title: Linux Kernel "azx_position_ok()" Local Denial of Service
• Description: The Linux kernel is exposed to a local denial of service issue caused by a divide-by-zero error. This issue affects the "azx_position_ok()" function in the "sound/pci/hda/hda_intel.c" source file. To be vulnerable, the kernel must be compiled with the "hda-intel" driver. Linux kernel versions prior to the 2.6.33-rc8 are affected.
• Ref: http://nctritech.net/bugreport.txt

• 10.9.10 - CVE: Not Available
• Platform: Linux
• Title: Linux Kernel RTO (Retransmission Timeouts) Remote Denial of Service
• Description: The Linux kernel is exposed to a remote denial of service issue affecting retransmission timeouts calculations following a three-way handshake. This issue occurs in the "tcp_rcv_state_process()" function of the "net/ipv4/tcp_input.c" source file.
• Ref: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=5988
  56407d4e20ebb4de01a91a93d89325924d43

• 10.9.11 - CVE: CVE-2005-4886
• Platform: Linux
• Title: Linux Kernel "ipv6_skip_exthdr()" Remote Denial of Service
• Description: The Linux kernel is exposed to a remote denial of service issue because the SELinux hooks call the "ipv6_skip_exthdr()" function with an incorrect "len" parameter. Linux kernel versions prior to 2.6.12 are affected.
• Ref: http://rhn.redhat.com/errata/RHSA-2005-514.html

• 10.9.12 - CVE: Not Available
• Platform: Cross Platform
• Title: DotNetNuke Role Expiration Security Bypass
• Description: DotNetNuke is a .NET-based content manager. DotNetNuke supports multiple portals within a web site. Users may have different permissions on different portals. DotNetNuke is exposed to a security bypass issue because it fails to properly expire credentials when users move between portals. DotNetNuke versions prior to 5.2.3 are affected.
• Ref: http://www.dotnetnuke.com/News/SecurityPolicy/Securitybulletinno32/tabid/1507/De
  fault.aspx

• 10.9.13 - CVE: Not Available
• Platform: Cross Platform
• Title: IBM Lotus Notes Unspecified Remote Buffer Overflow
• Description: IBM Lotus Notes is a tool for email, calendar, scheduling and collaboration tasks. Lotus Notes is exposed to a buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. Successful exploits could allow attackers to execute arbitrary code in the context of the user running the application.
• Ref: https://forum.immunityinc.com/board/thread/1161/vulndisco-9-0/

• 10.9.14 - CVE: Not Available
• Platform: Cross Platform
• Title: DigiDNA FileApp Remote Denial of Service
• Description: DigiDNA FileApp is a file browser available for the Apple iPhone and iPod touch. The application is exposed to a remote denial of service issue because it ails to handle crafted TCP packets. DigiDNA FileApp version 1.7 is affected.
• Ref: http://www.securityfocus.com/bid/38297

• 10.9.15 - CVE: Not Available
• Platform: Cross Platform
• Title: Mozilla Firefox Unspecified Remote Code Execution
• Description: Mozilla Firefox is a browser available for various platforms. Mozilla Firefox is exposed to a remote code execution issue. Successful exploits may allow an attacker to execute arbitrary code in the context of the user running the affected application or to obtain sensitive information.
• Ref: http://intevydis.blogspot.com/2010/02/new-versions-of-dbjit-and-vulndisco.html

• 10.9.16 - CVE: CVE-2010-0277, CVE-2010-0420, CVE-2010-0423
• Platform: Cross Platform
• Title: Pidgin Multiple Denial of Service Vulnerabilities
• Description: Pidgin is a multi platform instant messaging client that supports multiple messaging protocols. Libpurple is a library used to provide instant messaging functionality. The application is exposed to multiple denial of service issues. Pidgin versions 2.6.6 and earlier are affected.
• Ref: http://rhn.redhat.com/errata/RHSA-2010-0115.html

• 10.9.17 - CVE: Not Available
• Platform: Cross Platform
• Title: EMV Protocol PIN Verification Bypass
• Description: The EMV protocol, commonly known as "Chip and PIN", is a protocol that describes transactions between chip enabled smartcards, point-of-sale terminals, and financial institutions. EMV is in use by a wide range of banks and credit card companies. The EMV protocol is exposed to a security bypass issue because of a design flaw. This issue affects the "PIN verification" stage of the protocol, in which the PIN entered on the card reader terminal is verified against the smartcard.
• Ref: http://www.cl.cam.ac.uk/research/security/banking/nopin/

• 10.9.18 - CVE: Not Available
• Platform: Cross Platform
• Title: Juniper Networks Juniper Installer Service Buffer Overflow
• Description: Juniper Installer Service is an application that allows users to install Juniper IVE OS client components, such as Network Connect and Host Checker, without requiring administrative privileges. Juniper Installer Service is exposed to a buffer overflow issue because it fails to sufficiently validate user-supplied data. In particular, the issue is exposed when the application processes input to the "DSSETUPSERVICE_CMD_UNINSTALL" command.
• Ref: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=850

• 10.9.19 - CVE: Not Available
• Platform: Cross Platform
• Title: httpdx "MKD" Command Directory Traversal
• Description: httpdx is a HTTP and FTP server application for Microsoft Windows. The application is exposed to a directory traversal issue because it fails to sufficiently sanitize directory traversal strings (..) passed to the 'MKD' command. httpdx version 1.5 is affected.
• Ref: http://www.securityfocus.com/bid/38242

• 10.9.20 - CVE: CVE-2010-0136
• Platform: Cross Platform
• Title: OpenOffice VBA Macro Restrictions Remote Security Bypass
• Description: OpenOffice is a collection of office tools. It is available for multiple platforms. OpenOffice is exposed to a remote security bypass issue because it fails to properly enforce security restrictions on the behavior of VBA (Visual Basic for Applications) macro code.
• Ref: http://www.debian.org/security/2010/dsa-1995

• 10.9.21 - CVE: CVE-2010-0422
• Platform: Cross Platform
• Title: gnome-screensaver Monitor Topology Security Bypass
• Description: The "gnome-screensaver" is included with the Gnome Window Manager. The screensaver's desktop locking feature is designed to prevent users without valid credentials from accessing the desktop. The screensaver is exposed to an issue that allows an attacker who has physical console access to bypass the user's locked screen. gnome-screensaver versions prior to 2.28.3 are affected.
• Ref: http://ftp.gnome.org/pub/GNOME/sources/gnome-screensaver/2.28/gnome-screensaver-
  2.28.3.news

• 10.9.22 - CVE: Not Available
• Platform: Cross Platform
• Title: Intel BIOS System Management Mode Local Privilege Escalation
• Description: Intel BIOS is exposed to a local privilege escalation issue. Under certain circumstances, applications that run with Ring 0 privileges can change code running in System Management Mode (SMM). Modifying software that runs in SMM will allow attackers to compromise affected computers.
• Ref: http://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00022&langua
  geid=en-fr

• 10.9.23 - CVE: CVE-2010-0285
• Platform: Cross Platform
• Title: gnome-screensaver Monitor Addition Lock Bypass
• Description: The "gnome-screensaver" is included with the Gnome Window Manager. The screensaver's desktop locking feature is designed to prevent users without valid credentials from accessing the desktop. The application is exposed to an issue that allows an attacker who has physical console access to bypass the user's locked screen. This issue occurs when a second monitor is added to a locked computer. gnome-screensaver versions prior to 2.28.3 are affected.
• Ref: http://git.gnome.org/browse/gnome-screensaver/commit/?id=2f597ea9f1f363277fd4dfc
  109fa41bbc6225aca

• 10.9.24 - CVE: Not Available
• Platform: Cross Platform
• Title: Headlight Software FTP On The Go Remote Denial of Service
• Description: FTP On The Go is an FTP client for the Apple iPhone and iPod touch. FTP On The Go is exposed to a remote denial of service issue that occurs when processing specially crafted HTTP packets. FTP On The Go version 2.1.2 is affected.
• Ref: http://www.securityfocus.com/bid/38256

• 10.9.25 - CVE: Not Available
• Platform: Cross Platform
• Title: xenugo myDB "DELE" FTP Command Remote Denial of Service
• Description: xenugo myDB is a database application with a built in FTP server. It is available for the Apple iPhone. The application is exposed to a remote denial of service issue because the application fails to handle specially crafted FTP commands. Specifically, this issue occurs when an overly large string is passed to the "DELE" FTP command.
• Ref: http://www.securityfocus.com/bid/38259

• 10.9.26 - CVE: CVE-2010-0283
• Platform: Cross Platform
• Title: MIT Kerberos KDC "handle_tgt_authdata()" Denial of Service
• Description: MIT Kerberos is a suite of applications and libraries designed to implement the Kerberos network authentication protocol. MIT Kerberos is exposed to a remote denial of service issue because of an input validation error. This issue affects the KDC (Key Distribution Center) service. MIT Kerberos versions 5 1.7 and 1.7.1 are affected.
• Ref: http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-001.txt

• 10.9.27 - CVE: Not Available
• Platform: Cross Platform
• Title: Easy FTP Server Multiple Remote Buffer Overflow Vulnerabilities
• Description: Easy FTP Server is an FTP server application. The application is exposed to multiple remote buffer overflow issues because it fails to perform adequate boundary checks on user-supplied data. The FTP commands "MKD" and "DELE" are vulnerable. To exploit any of these issues, an attacker must have authenticated access to the affected application. Easy FTP Server version 1.7.0.2 is affected.
• Ref: http://www.securityfocus.com/bid/38262

• 10.9.28 - CVE: Not Available
• Platform: Cross Platform
• Title: Pardus Sun Java Insecure Permissions Local Privilege Escalation
• Description: The Sun Java package of Pardus is exposed to a local privilege escalation issue. Specifically the issue occurs because "package.py", the post install script of Sun Java package, creates the "/opt/sun-jdk/jre/.systemPrefs" directory with default 0777 permissions. This may allow an attacker to replace arbitrary Sun java binaries.
• Ref: http://bugs.pardus.org.tr/show_bug.cgi?id=12209

• 10.9.29 - CVE: CVE-2010-0146
• Platform: Cross Platform
• Title: Cisco Security Agent Management Center Directory Traversal
• Description: Cisco Security Agent is a software agent used to protect server and desktop computers. Cisco Security Agent is exposed to a directory traversal issue because the application fails to sufficiently sanitize user-supplied input. The issue affects the Management console included in the affected application.
• Ref: http://www.cisco.com/warp/public/707/cisco-sa-20100217-csa.shtml

• 10.9.30 - CVE: CVE-2010-0148
• Platform: Cross Platform
• Title: Cisco Security Agent Unspecified Remote Denial of Service
• Description: Cisco Security Agent is a software agent used to protect server and desktop computers. The application is exposed to a denial of service issue because it fails to handle an unspecified sequence of crafted TCP packets. Cisco Security Agent version 5.2 for Windows and Linux is affected.
• Ref: http://www.cisco.com/warp/public/707/cisco-sa-20100217-csa.shtml

• 10.9.31 - CVE: CVE-2010-0159
• Platform: Cross Platform
• Title: Mozilla Firefox CVE-2010-0159 Multiple Remote Memory Corruption Vulnerabilities
• Description: Mozilla Firefox is a browser. SeaMonkey is a suite of applications that includes a browser and an email client. Thunderbird is an email client. All three applications are available for multiple platforms. The applications are exposed to multiple remote memory corruption issues that stem from unspecified errors.
• Ref: http://www.mozilla.org/security/announce/2010/mfsa2010-01.html

• 10.9.32 - CVE: CVE-2009-1571
• Platform: Cross Platform
• Title: Mozilla Firefox/Thunderbird/SeaMonkey HTML Parser Remote Code Execution
• Description: Mozilla Firefox is a browser. SeaMonkey is a suite of applications that includes a browser and an email client. Thunderbird is an email client. All three applications are available for multiple platforms. The applications are exposed to a remote code execution issue caused by a use-after-free condition in the HTML parser.
• Ref: http://www.mozilla.org/security/announce/2010/mfsa2010-03.html

• 10.9.33 - CVE: CVE-2010-0160
• Platform: Cross Platform
• Title: Mozilla Firefox and SeaMonkey Web Workers Array Data Type Remote Memory Corruption
• Description: Mozilla Firefox and Sea Monkey are web applications available for multiple platforms. Mozilla Firefox and SeaMonkey are exposed to a remote memory corruption issue that exists in the implementation of Web Workers. Specifically this issue occurs when handling an array data type while processing posted messages.
• Ref: http://rhn.redhat.com/errata/RHSA-2010-0112.html

• 10.9.34 - CVE: CVE-2010-0106
• Platform: Cross Platform
• Title: Symantec AntiVirus and Symantec Endpoint Protection Scan Evasion
• Description: Symantec AntiVirus and Symantec Endpoint Protection are security applications. The applications are exposed to an issue that may allow an attacker to bypass on-demand scans. Specifically, if Symantec Tamper protection is disabled, the attacker may be able to bypass scanning by having another entity deny read access to Symantec AntiVirus or Symantec Enterprise Protection.
• Ref: http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fi
  d=security_advisory&pvid=security_advisory&year=2010&suid=20100217_0
  0

• 10.9.35 - CVE: CVE-2010-0189
• Platform: Cross Platform
• Title: Adobe Download Manager Unspecified Arbitrary File Download
• Description: Adobe Download Manager is used for downloading and installing various Adobe products, including Reader and Acrobat. Download Manager is exposed to an issue that can allow attackers to download and execute arbitrary files.
• Ref: http://www.adobe.com/support/security/bulletins/apsb10-08.html

• 10.9.36 - CVE: Not Available
• Platform: Cross Platform
• Title: Asterisk Dialplan "$" Variable String Injection
• Description: Asterisk is an open source PBX application available for multiple operating platforms. Asterisk is exposed to a string injection issue that occurs because the application allows wildcard characters in the "$" channel variable in a dialplan. Attackers can exploit this issue to execute unintended calls. This may lead to further attacks.
• Ref: http://downloads.asterisk.org/pub/security/AST-2010-002.html

• 10.9.37 - CVE: CVE-2010-0412
• Platform: Cross Platform
• Title: SystemTap Unspecified Security
• Description: SystemTap is a data collection utility for analyzing a running Linux kernel. SystemTap is exposed to an unspecified issue. SystemTap version 1.1 is affected.
• Ref: http://www.securityfocus.com/bid/38316

• 10.9.38 - CVE: CVE-2010-0547
• Platform: Cross Platform
• Title: Samba "client/mount.cifs.c" Remote Denial of Service
• Description: Samba is a freely available file and printer sharing application maintained and developed by the Samba Development Team. Samba is exposed to a remote denial of service issue because it fails to validate the device name and mount point strings in the "client/mount.cifs.c" source file. Samba versions 3.4.5 and earlier are affected.
• Ref: http://git.samba.org/?p=samba.git;a=commit;h=a065c177dfc8f968775593ba00dffafeebb
  2e054

• 10.9.39 - CVE: CVE-2009-2752
• Platform: Cross Platform
• Title: IBM WebSphere Commerce Local Information Disclosure
• Description: IBM WebSphere Commerce is an ecommerce application. The application is exposed to a local information disclosure issue because it fails to properly encrypt data in the local database. The problem stems from an error in the encryption scheme. IBM WebSphere Commerce version 7.0 is affected.
• Ref: http://www-01.ibm.com/support/docview.wss?uid=swg21418445

• 10.9.40 - CVE: CVE-2009-2751
• Platform: Cross Platform
• Title: IBM WebSphere Commerce Encryption Key Remote Security
• Description: IBM WebSphere Commerce is an ecommerce application. The application is exposed to an unspecified security issue involving encryption keys. This issue occurs because the application uses the same cryptographic key for session attributes and merchant data encryption.
• Ref: http://www.securityfocus.com/bid/38327

• 10.9.41 - CVE: CVE-2009-2750
• Platform: Cross Platform
• Title: IBM WebSphere Service Registry and Repository Configuration Property Security Bypass
• Description: IBM WebSphere Service Registry and Repository (WSRR) is a web-based service registry and repository. WSRR is exposed to a security bypass issue that stems from an error related to a configuration property. WSRR version V6.3.0 is affected.
• Ref: http://www-01.ibm.com/support/docview.wss?uid=swg24025456

• 10.9.42 - CVE: Not Available
• Platform: Cross Platform
• Title: Konversation Unicode IRC Message Remote Denial of Service
• Description: Konversation is an IRC client application. The application is exposed to a denial of service issue that occurs while handling invalid Unicode characters in an IRC message when interacting with D-Bus. Konversation versions prior to 1.2.3 are affected.
• Ref: http://bugs.kde.org/show_bug.cgi?id=219985

• 10.9.43 - CVE: Not Available
• Platform: Cross Platform
• Title: Gretech GOM Player ".wav" File Remote Buffer Overflow
• Description: Gretech GOM Player is a multimedia player application. GOM Player is exposed to a remote buffer overflow issue because it fails to perform adequate checks on user-supplied input. Specifically, this issue occurs when the application parses malformed ".wav" files. GOM Player version 2.1.21.4846 is affected.
• Ref: http://www.securityfocus.com/bid/38342

• 10.9.44 - CVE: Not Available
• Platform: Cross Platform
• Title: Total Video Player ".wav" File Remote Denial of Service
• Description: Total Video Player is a media player. The application is exposed to a remote denial of service issue when handling specially crafted ".wav" files. Specifically, this issue arises when a file contains a large amount of string values. Total Video Player version 1.3 is affected.
• Ref: http://www.securityfocus.com/bid/38343

• 10.9.45 - CVE: Not Available
• Platform: Cross Platform
• Title: Total Video Player ".avi" File Remote Denial of Service
• Description: Total Video Player is a media player. The application is exposed to a remote denial of service issue when handling specially crafted ".avi" files. Total Video Player version 1.31 is affected.
• Ref: http://www.securityfocus.com/bid/38350

• 10.9.46 - CVE: CVE-2010-0118
• Platform: Cross Platform
• Title: Bournal Insecure Temporary File Creation
• Description: Bournal is a bash script for creating a password-protected journal. The application creates temporary files in an insecure manner. An attacker can exploit this when a legitimate user checks for updates via the "--hack_the_gibson" parameter. The attacker could potentially perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application. Bournal versions prior to 1.4.1 are affected.
• Ref: http://secunia.com/secunia_research/2010-6/

• 10.9.47 - CVE: Not Available
• Platform: Cross Platform
• Title: Steppin" Stonez iFTPStorage Remote Denial of Service
• Description: Steppin" Stonez iFTPStorage is an FTP Server available for the Apple iPhone and iPod touch. The application is exposed to a remote denial of service issue because it fails to handle crafted requests. Steppin" Stonez iFTPStorage version 1.2 is affected.
• Ref: http://www.securityfocus.com/bid/38359

• 10.9.48 - CVE: Not Available
• Platform: Cross Platform
• Title: IBM WebSphere Portal Portlet Palette Search HTML Injection
• Description: IBM WebSphere Portal is a web content management solution for enterprises. The application is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input passed to the "title" filed of the search function within the Portlet Palette. IBM WebSphere Portal version 6.0.1.5 Build Level wp6015_008_01 is affected.
• Ref: http://www-01.ibm.com/support/docview.wss?uid=swg1PM05829

• 10.9.49 - CVE: CVE-2010-0426
• Platform: Cross Platform
• Title: Todd Miller Sudo "sudoedit" Local Privilege Escalation
• Description: Todd Miller "sudo" is a widely used Linux/UNIX command that allows users to securely run commands as the superuser or as other users. The utility is exposed to a local privilege escalation issue because it fails to correctly handle the "sudoedit" command. Specifically, users with permissions to run the "sudoedit" command can run arbitrary commands with superuser privileges by creating a "sudouser" application and placing it in the current working directory. "sudo" versions 1.6.9 up to and including 1.7.2p3 are affected.
• Ref: http://www.linuxquestions.org/questions/linux-security-4/the-use-of-sudoedit-com
  mand-question-785442/

• 10.9.50 - CVE: Not Available
• Platform: Cross Platform
• Title: Avast! Antivirus "aavmKer4.sys" Driver IOCTL Handling Local Privilege Escalation
• Description: Avast! Antivirus is an application that provides virus protection. Avast! Antivirus is exposed to a local privilege escalation issue because the "aavmKer4.sys" driver fails to properly handle input via the 0xb2d60030 IOCTL. Avast! Antivirus versions prior to 5.0.418 are affected.
• Ref: http://forum.avast.com/index.php?topic=55484.0

• 10.9.51 - CVE: Not Available
• Platform: Cross Platform
• Title: SavySoda WiFiFTP "APPE" Command Remote Denial of Service
• Description: SavySoda WiFiFTP is an FTP Server available for the Apple iPhone and iPod touch. The application is exposed to a remote denial of service issue because it fails to handle specially crafted "APPE" commands. SavySoda WiFiFTP version 1 is affected.
• Ref: http://www.securityfocus.com/bid/38365

• 10.9.52 - CVE: CVE-2010-0682
• Platform: Cross Platform
• Title: WordPress Trashed Posts Information Disclosure
• Description: WordPress is a web-based blogging application. The application is exposed to an information disclosure issue because it fails to properly restrict access of blog subscribers to other authors' trashed posts. An attacker can exploit this vulnerability to view other authors' trashed posts. WordPress versions prior to 2.9.2 are affected.
• Ref: http://tmacuk.co.uk/?p=180

• 10.9.53 - CVE: CVE-2010-0655
• Platform: Cross Platform
• Title: Mozilla Firefox Style Sheet Redirection Information Disclosure
• Description: Mozilla Firefox is a web browser available for various platforms. Firefox is exposed to a remote information disclosure issue because the application allows attackers to discover a redirect target URL for a victim's session. An attacker can exploit this issue by placing a malicious site URI in the HREF attribute of a style sheet link element and then reading the "document.stylesheet[0].href" property value.
• Ref: http://nomoreroot.blogspot.com/2010/01/little-bug-in-safari-and-google-chrome.ht
  ml

• 10.9.54 - CVE: CVE-2010-0656
• Platform: Cross Platform
• Title: WebKit "file:///" Directory Listing Page Information Disclosure
• Description: WebKit is a browser framework used in multiple applications, including Apple Safari and Google Chrome browsers. WebKit is exposed to a remote information disclosure issue because the application presents a directory listing page when processing an XMLHttpRequest for "file;///" URI that corresponds to a directory on the affected computer. WebKit versions prior to r51295 are affected.
• Ref: http://googlechromereleases.blogspot.com/2010/01/stable-channel-update_25.html

• 10.9.55 - CVE: CVE-2010-0650
• Platform: Cross Platform
• Title: WebKit Popup Blocker Security Bypass
• Description: WebKit is a browser framework used in multiple applications, including Apple Safari and Google Chrome browsers. WebKit is exposed to a security bypass issue because certain crafted mouse clicks may bypass intended restrictions on popup windows. An attacker may leverage this issue to bypass intended security restrictions to open arbitrary popup windows, which may lead to further attacks.
• Ref: http://googlechromereleases.blogspot.com/2010/01/stable-channel-update_25.html

• 10.9.56 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: CMS Made Simple Local File Include and Cross-Site Scripting Vulnerabilities
• Description: CMS Made Simple is a web-based content manager. It is implemented in PHP. An attacker can exploit the local file include issue using directory traversal strings to view and execute local files within the context of the web server process. Information harvested may aid in further attacks. CMS Made Simple version 1.6.6 is affected.
• Ref: http://www.securityfocus.com/bid/38234

• 10.9.57 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: Basic-CMS "nav_id" Parameter Cross-Site Scripting
• Description: Basic-CMS is a PHP-based content manager. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "nav_id" parameter of the "index.php" script.
• Ref: http://www.securityfocus.com/bid/38235

• 10.9.58 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: Joomla MS Comment Component Security Bypass and Cross-Site Scripting Vulnerabilities
• Description: MS Comment is a PHP-based component for the Joomla! content manager. The component is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input. The component is also exposed to a security-bypass issue because it fails to reset the CAPTCHA after a submission. MS Comment version 0.8.0b is affected.
• Ref: http://www.securityfocus.com/bid/38250

• 10.9.59 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: Portrait Software Portrait Campaign Manager Multiple Cross-Site Scripting Vulnerabilities
• Description: Portrait Campaign Manager is a web-based content manager. The application is exposed to multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied data. Portrait Campaign Manager version 4.6.1.22 is affected.
• Ref: http://www.securityfocus.com/bid/38252

• 10.9.60 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: EziScript Google Page Rank Cross-Site Scripting
• Description: EziScript Google Page Rank is a PHP application for viewing your Google PageRank score. Since it fails to sufficiently sanitize user-supplied input, the application is exposed to a cross-site scripting issue that affects the "url" parameter of the 'pagerank.php' script. EziScript Google Page Rank version 1.1 is affected.
• Ref: http://www.securityfocus.com/bid/38266

• 10.9.61 - CVE: CVE-2010-0162
• Platform: Web Application - Cross Site Scripting
• Title: Mozilla Firefox and SeaMonkey SVG Document Cross-Domain Scripting
• Description: Mozilla Firefox and SeaMonkey are web applications available for multiple platforms. Mozilla Firefox and SeaMonkey are exposed to a cross-domain scripting issue because they fail to properly handle embedded SVG documents. Specifically, if a SVG document is referenced by an "embed" tag with the "type" attribute set to "image/svg+xml", the "Content-Type" header assigned by the server hosting the SVG document is ignored.
• Ref: http://www.mozilla.org/security/announce/2010/mfsa2010-05.html

• 10.9.62 - CVE: CVE-2009-3988
• Platform: Web Application - Cross Site Scripting
• Title: Mozilla Firefox and SeaMonkey "showModalDialog" method Cross- Domain Scripting
• Description: Mozilla Firefox and Sea Monkey are web applications available for multiple platforms. The application is exposed to a cross-domain scripting issue because it fails to properly enforce the same-groin policy. Specifically, properties set on an object passed to "ShowModalDialog" are readable even when the document was from a different domain. Firefox and SeaMonkey versions prior to: Firefox 3.6, Firefox 3.5.8 Firefox 3.0.18, and SeaMonkey 2.0.3 are affected.
• Ref: http://rhn.redhat.com/errata/RHSA-2010-0112.html

• 10.9.63 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: Portwise SSL VPN "reloadFrame" Parameter Cross-Site Scripting
• Description: Portwise SSL VPN is a secure Virtual Private Network application that uses SSL connections to encapsulate network traffic. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "reloadFrame" parameter of the "index.php" script. Portwise SSL VPN version 4.6 is affected.
• Ref: http://www.securityfocus.com/bid/38308

• 10.9.64 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: Subex Nikira Fraud Management System GUI "message" Parameter Cross-Site Scripting
• Description: Subex Nikira Fraud Management System is an application for detecting and mitigating fraud risks. The application has a web-based GUI. The web-based GUI is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "message" parameter of the login prompt.
• Ref: http://www.securityfocus.com/bid/38311

• 10.9.65 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: OCS Inventory NG Multiple Cross-Site Scripting Vulnerabilities
• Description: OCS Inventory NG is a application for managing computing assets. The application is exposed to multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied data to "a","c" and "multi" parameters to the "header.php" script through e.g. "index.php". OCS Inventory NG versions 1.02.3, 1.3.0 and 1.3.1 are affected.
• Ref: http://www.securityfocus.com/bid/38315

• 10.9.66 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: LiteSpeed Web Server Cross-Site Scripting and Request Forgery Vulnerabilities
• Description: LiteSpeed Web Server is a scalable web server that is interchangeable with Apache. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize the input to the Notes field of the Virtual Server configuration. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. LiteSpeed Web Server version 4.0.12 is affected.
• Ref: http://www-01.ibm.com/support/docview.wss?uid=swg1PM05829

• 10.9.67 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: Social Web CMS "index.php" Cross-Site Scripting
• Description: Social Web CMS is a social news application written in PHP. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "category" parameter of the "index.php" script. Social Web CMS Beta version 2 is affected.
• Ref: http://www.securityfocus.com/bid/38329

• 10.9.68 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: vBulletin 4.0.2 Multiple Cross-Site Scripting Vulnerabilities
• Description: vBulletin is a web-based forum application implemented in PHP. The application is exposed to multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. vBulletin version 4.0.2 is affected.
• Ref: http://www.securityfocus.com/bid/38339

• 10.9.69 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: VideoSearchScript "index.php" Cross-Site Scripting
• Description: VideoSearchScript is a content indexing script written in PHP. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "q" parameter of the "index.php" script. VideoSearchScript Pro version 3.5 is affected.
• Ref: http://www.securityfocus.com/bid/38354

• 10.9.70 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: Pulse CMS "view.php" Cross-Site Scripting
• Description: Pulse CMS is a PHP-based content manager. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "f" parameter of the "view.php" script. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. Pulse CMS version 1.2.2 is affected.
• Ref: http://www.securityfocus.com/bid/38356

• 10.9.71 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: WampServer "lang" Parameter Cross-Site Scripting
• Description: WampServer is a PHP-based platform for web development. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "lang" parameter of the "index.php" script. WampServer version 2.0i is affected.
• Ref: http://www.securityfocus.com/bid/38357

• 10.9.72 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Joomla! "com_recipe" Component Multiple SQL Injection Vulnerabilities
• Description: The "com_recipe" component is a PHP-based application for the Joomla! content manager. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "rec", "category", and "id" parameters of the "com_recipe" component before using them in an SQL query.
• Ref: http://www.securityfocus.com/bid/38336

• 10.9.73 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: SN Guest "index.php" SQL Injection
• Description: WSN Guest is a web-based application implemented in PHP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "orderlinks" parameter of the "index.php" script. WSN Guest version 1.02 is affected.
• Ref: http://www.securityfocus.com/bid/38236

• 10.9.74 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Copperleaf Photolog Plugin for WordPress "cplphoto.php" SQL Injection
• Description: WordPress is a web-based publishing application implemented in PHP. The Copperleaf Photolog plugin provides a photo blog for WordPress. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "cplphoto.php" script before using it in an SQL query.
• Ref: http://www.securityfocus.com/bid/38239

• 10.9.75 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Joomla "com_videos" Component "id" Parameter SQL Injection
• Description: "com_videos" is a component for the Joomla! content manager. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter before using it in an SQL query.
• Ref: http://www.securityfocus.com/bid/38243

• 10.9.76 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Joomla! "com_flashmagazinedeluxe" Component "mag_id" Parameter SQL Injection
• Description: "com_flashmagazinedeluxe" is a component for the Joomla! content manager. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "mag_id" parameter of the "com_flashmagazinedeluxe" component before using it an SQL query.
• Ref: http://www.securityfocus.com/bid/38246

• 10.9.77 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Mambo "com_acnews" Component "id" Parameter SQL Injection
• Description: "com_acnews" is a PHP-based component for the Mambo content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter before using it in an SQL query.
• Ref: http://www.securityfocus.com/bid/38247

• 10.9.78 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Pogodny CMS "id" Parameter SQL Injection
• Description: Pogodny CMS is a content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. This issue affects to the "id" parameter of the "index.php" script when the "modul" parameter is set to "niusy".
• Ref: http://www.securityfocus.com/bid/38253

• 10.9.79 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Joomla! "com_acstartseite" Component SQL Injection
• Description: The "com_acstartseite" application is a PHP-based component for the Joomla! content manager. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "Itemid" parameter before using it in an SQL query.
• Ref: http://www.securityfocus.com/bid/38269

• 10.9.80 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Joomla! "com_acteammember" Component SQL Injection
• Description: The "com_acteammember" application is a PHP-based component for the Joomla! content manager. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter before using it in an SQL query.
• Ref: http://www.securityfocus.com/bid/38270

• 10.9.81 - CVE: CVE-2010-0147
• Platform: Web Application - SQL Injection
• Title: Cisco Management Center for Cisco Security Agents SQL Injection
• Description: Cisco Management Center for Cisco Security Agents is a web-based management interface for Cisco Security Agents. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied input before using it in an SQL query. Cisco Security Agent version 5.1, 5.2 and 6.0 are affected.
• Ref: http://www.cisco.com/warp/public/707/cisco-sa-20100217-csa.shtml

• 10.9.82 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Newgen Software OmniDocs "ForceChangePassword.jsp" SQL Injection
• Description: Newgen Software OmniDocs is an application for managing documents. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "ForceChangePassword.jsp" script.
• Ref: http://www.securityfocus.com/bid/38304

• 10.9.83 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: XlentProjects SphereCMS "archive.php" SQL Injection
• Description: SphereCMS is a content manager implemented in PHP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied input to the "view" parameter of the "archive.php" script before using it in an SQL query. SphereCMS version 1.1 Alpha is affected.
• Ref: http://www.securityfocus.com/bid/38309

• 10.9.84 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Amelia CMS "index.php" SQL Injection
• Description: Amelia CMS is a content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied input to the "page" parameter of the "index.php" script before using it in an SQL query.
• Ref: http://www.securityfocus.com/archive/1/509617

• 10.9.85 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: PHPKIT "include.php" SQL Injection
• Description: PHPKIT is a web portal application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied input to the "searchstr" parameter of the "include.php" script when the "path" parameter is set to "login/member.php". PHPKIT version 1.6.1 is affected.
• Ref: http://www.securityfocus.com/bid/38324

• 10.9.86 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Demo Auktionshaus "news.php" SQL Injection
• Description: Demo Auktionshaus is a content manager implemented in PHP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied input to the "id" parameter of the "news.php" script before using it in an SQL query. Demo Auktionshaus version 4 is affected.
• Ref: http://www.securityfocus.com/bid/38331

• 10.9.87 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: superengine cms "index.php" SQL Injection
• Description: The "superengine cms" application is a content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied input to the "mod" parameter of the "index.php" script before using it in an SQL query.
• Ref: http://www.securityfocus.com/bid/38334

• 10.9.88 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Article Friendly "Username" Field Login SQL Injection
• Description: Article Friendly is a PHP-based application for publishing articles. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "Username" field of the login page. A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
• Ref: http://www.securityfocus.com/bid/38341

• 10.9.89 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: WSC CMS "Password" Field SQL Injection
• Description: WSC CMS is a content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied input to the password field before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
• Ref: http://www.securityfocus.com/bid/38335

• 10.9.90 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Softbiz Jobs "news_desc.php" SQL Injection
• Description: Softbiz Jobs is a PHP-based script for job recruitment. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "news_desc.php" script before using it in an SQL query.
• Ref: http://www.securityfocus.com/bid/38344

• 10.9.91 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Joomla! "com_sqlreport" Component SQL Injection
• Description: The "com_sqlreport" application is a PHP-based component for the Joomla! content manager. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "user_id" parameter before using it in an SQL query.
• Ref: http://www.securityfocus.com/bid/38361

• 10.9.92 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Php Auktion Pro "news.php" SQL Injection
• Description: Php Auktion Pro is a content manager implemented in PHP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied input to the "id" parameter of the "news.php" script before using it in an SQL query.
• Ref: http://www.securityfocus.com/bid/38371

• 10.9.93 - CVE: CVE-2009-3036
• Platform: Web Application
• Title: Symantec IM Manager Console HTML Injection
• Description: Symantec IM Manager is an instant-messaging traffic manager. IM Manager is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input to the console. An authenticated, but non privileged, attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site.
• Ref: http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fi
  d=security_advisory&pvid=security_advisory&year=2010&suid=20100218_0
  0

• 10.9.94 - CVE: Not Available
• Platform: Web Application
• Title: Joomla! "com_otzivi" Component "controller" Parameter Local File Include
• Description: The "com_otzivi" application is a component for the Joomla! content manager. The component is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "controller" parameter of "com_otzivi".
• Ref: http://www.securityfocus.com/bid/38295

• 10.9.95 - CVE: Not Available
• Platform: Web Application
• Title: Joomla! Core Design Scriptegrator Component Local File Include
• Description: The Core Design Scriptegrator application is a component for the Joomla! content manager. The component is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "files" parameter of the "jsloader.php" script.
• Ref: http://www.greatjoomla.com/extensions/plugins/core-design-scriptegrator-plugin.h
  tml

• 10.9.96 - CVE: Not Available
• Platform: Web Application
• Title: Izumi "src/page.php" Multiple Remote and Local File Include Vulnerabilities
• Description: Izumi is a PHP-based content manager. Izumi is exposed to multiple input validation issues. An attacker may leverage these issues to execute arbitrary server side script code that resides on an affected computer or in a remote location with the privileges of the web server process. Izumi version 1.1.0 is affected.
• Ref: http://www.securityfocus.com/bid/38223

• 10.9.97 - CVE: Not Available
• Platform: Web Application
• Title: Joomlaku Testimonialku Component for Joomla! Multiple HTML Injection Vulnerabilities
• Description: Joomlaku Testimonialku is a PHP-based component for the Joomla! content manager. The application is exposed to multiple HTML injection issues because it fails to properly sanitize user-supplied input to all available input parameters except "email" of the "administrator panel" before using the input in dynamically generated content. Joomlaku Testimonialku version 2.0 is affected.
• Ref: http://www.securityfocus.com/bid/38230

• 10.9.98 - CVE: Not Available
• Platform: Web Application
• Title: WordPress "wp-admin/admin.php" Module Configuration Security Bypass
• Description: WordPress is a web-based publishing application implemented in PHP. The application is exposed to a security bypass issue because it fails to properly restrict access to certain content. Specifically, any authenticated user can access items in the trash directory which may include things such as old posts. WordPress versions 2.9 and later are affected.
• Ref: http://tmacuk.co.uk/?p=180

• 10.9.99 - CVE: Not Available
• Platform: Web Application
• Title: ZeusCMS "page" Parameter Local File Include
• Description: ZeusCMS is a PHP-based content manager. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "page" parameter. ZeusCMS version 0.2 is affected.
• Ref: http://www.securityfocus.com/bid/38237

• 10.9.100 - CVE: Not Available
• Platform: Web Application
• Title: JoomlaWorks AllVideos Joomla! Component Directory Traversal
• Description: The AllVideos component is a PHP-based application for the Joomla! content manager. The application is exposed to a directory traversal issue because it fails to sufficiently sanitize user-supplied input to the "file" parameter of the "download.php" script.
• Ref: http://www.securityfocus.com/bid/38238

• 10.9.101 - CVE: Not Available
• Platform: Web Application
• Title: Joomla! "com_hdvideoshare" Component "secid" Parameter SQL Injection
• Description: The "com_hdvideoshare" component is a video sharing application for the Joomla! content manager. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "com_hdvideoshare" component before using it an SQL query.
• Ref: http://www.securityfocus.com/bid/38244

• 10.9.102 - CVE: Not Available
• Platform: Web Application
• Title: Drupal Realname User Reference Widget Module Information Disclosure
• Description: Realname User Reference Widget is a module for the Drupal content manager. The module is exposed to an information disclosure issue because it fails to adequately restrict access to sensitive information. Specifically, attackers may access user names and real names. Realname User Reference Widget version 6.x-1.0 is affected.
• Ref: http://www.securityfocus.com/archive/1/509542

• 10.9.103 - CVE: Not Available
• Platform: Web Application
• Title: Joomla! Webamoeba Ticket System Component HTML Injection
• Description: Webamoeba Ticket System is a component for the Joomla! content manager. The component is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input to the BBCode library used to parse BBCode tags. Specifically, the application fails to properly validate "[url]" tags. Webamoeba Ticket System version 3.0.0 is affected.
• Ref: http://www.webamoeba.co.uk/site/index.php/wats-news

• 10.9.104 - CVE: Not Available
• Platform: Web Application
• Title: Joomla! "com_rwcards" Component "controller" Parameter Local File Include
• Description: "com_rwcards" application is a component for the Joomla! content manager. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "controller" parameter of "com_rwcards".
• Ref: http://www.securityfocus.com/bid/38267

• 10.9.105 - CVE: Not Available
• Platform: Web Application
• Title: Drupal Advanced Help Injection and Export Module HTML Injection
• Description: Advanced Help Injection and Export is a PHP-based component for the Drupal content manager. The component is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input.
• Ref: http://www.securityfocus.com/bid/38284

• 10.9.106 - CVE: Not Available
• Platform: Web Application
• Title: Drupal iTweak Upload Module HTML Injection
• Description: iTweak Upload is a file uploader for the Drupal CMS. The module is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input. Specifically, it fails to escape filenames when displaying uploaded files. iTweak Upload versions 6.x-1.x prior to 6.x-1.2 and versions 6.x-2.x prior to 6.x-2.3 are affected.
• Ref: http://drupal.org/node/717214

• 10.9.107 - CVE: Not Available
• Platform: Web Application
• Title: Drupal Content Distribution Module Security Bypass Vulnerabilities
• Description: Content Distribution is a module for the Drupal content manager. It is used for managing distribution of content from a single central site to many remote sites via web services. The module is exposed to multiple remote issues. Exploiting these issues may allow a remote attacker to bypass certain security restrictions and perform unauthorized actions.
• Ref: http://drupal.org/node/717556

• 10.9.108 - CVE: Not Available
• Platform: Web Application
• Title: OSClass Multiple Input Validation Vulnerabilities
• Description: OSClass is a PHP-based web application. The application is exposed to multiple input validation issues. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, control how the site is rendered to the user, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. OSClass version 1.1.0 Alpha is affected.
• Ref: http://drupal.org/node/717556

• 10.9.109 - CVE: Not Available
• Platform: Web Application
• Title: New-CMS Multiple Local File Include and HTML Injection Vulnerabilities
• Description: New-CMS is a web-based content manager. The application is exposed to multiple issues. An attacker can exploit the local file include issue using directory traversal strings to view and execute a crafted "cmd.php" script within the context of the web server process. New-CMS version 1.08 is affected.
• Ref: http://www.securityfocus.com/bid/38307

• 10.9.110 - CVE: Not Available
• Platform: Web Application
• Title: Core Joomla Community Polls Component "controller" Parameter Local File Include
• Description: Core Joomla Community Polls is a PHP-based component for the Joomla! content manager. The component is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "controller" parameter of "com_communitypolls". Community Polls version 1.5.2 is affected.
• Ref: http://www.corejoomla.com/component/content/article/1-corejoomla-updates/40-comm
  unity-polls-v153-security-release.html

• 10.9.111 - CVE: Not Available
• Platform: Web Application
• Title: Infragistics NetAdvantage for Web Client Directory Traversal
• Description: The Infragistics NetAdvantage for Web Client is a framework for building interfaces for ASP.NET/Web 2.0 applications. The software is exposed to a directory traversal issue because it fails to sufficiently sanitize user-supplied input to the "InitialDirectory" parameter of the "WebHtmlEditor" component when the "iged_uploadid" parameter is set to "InsertImage" or "Open". NetAdvantage for Web Client 2009 Vol. 2 is affected.
• Ref: http://www.securityfocus.com/bid/38333

• 10.9.112 - CVE: Not Available
• Platform: Web Application
• Title: phpBugTracker "filename" Parameter Remote File Disclosure
• Description: phpBugTracker is a web-based bug tracker implemented in PHP. The application is exposed to a file disclosure issue because it fails to properly sanitize user-supplied input passed to the "filename" parameter of the "attachment.php" script. An attacker can obtain a file's contents by supplying the filename along with directory traversal sequences to the affected parameter. phpBugTracker version 1.0.1 is affected.
• Ref: http://www.securityfocus.com/bid/38337

• 10.9.113 - CVE: Not Available
• Platform: Web Application
• Title: Kusaba X Report Function HTML Injection
• Description: Kusaba X is a PHP-based image board application. The application is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input passed to the report function. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. Kusaba version X 0.9 is affected.
• Ref: http://www.securityfocus.com/archive/1/509605

• 10.9.114 - CVE: Not Available
• Platform: Web Application
• Title: Galerie Dezign-Box Multiple Input Validation Vulnerabilities
• Description: Galerie Dezign-Box is a PHP-based web application. The application is exposed to these issues. An attacker can exploit the file-upload issues to upload arbitrary code and execute it in the context of the web server process.
• Ref: http://www.securityfocus.com/bid/38347

• 10.9.115 - CVE: CVE-2010-0119
• Platform: Web Application
• Title: Bournal ccrypt Utility Local Information Disclosure
• Description: Bournal is a bash script for editing encrypted journal entries. The script is exposed to a local information disclosure issue because it allows an attacker to pass information to the "ccrypt" utility through insecure parameters. Specifically, the script uses the insecure "-K" parameter to pass the "key" to the "ccrypt" utility. The "ccrypt" utility in Bournal version 1.4 is affected.
• Ref: http://secunia.com/secunia_research/2010-7/

• 10.9.116 - CVE: Not Available
• Platform: Web Application
• Title: Ac4p Gallery Multiple Remote Vulnerabilities
• Description: Ac4p Gallery is a PHP-based photo-gallery application. The application is exposed to the multiple remote issues. An attacker can exploit these issues to gain unauthorized access to the affected application, execute arbitrary script code within the context of the browser, and steal cookie-based authentication credentials. Ac4p Gallery version 1.0 is affected.
• Ref: http://www.securityfocus.com/bid/38358

• 10.9.117 - CVE: Not Available
• Platform: Web Application
• Title: TYPO3 Core Multiple Remote Security Vulnerabilities
• Description: TYPO3 is web-based content manager implemented in PHP. The application's core component is exposed to multiple remote issues. An attacker can exploit these issues to execute arbitrary script code, steal cookie-based authentication credentials, obtain sensitive information, or gain unauthorized access to the affected application. TYPO3 versions prior to 4.2.12 and 4.3.2 are affected.
• Ref: http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-004/

• 10.9.118 - CVE: Not Available
• Platform: Web Application
• Title: WorkSimple "uploader.php" Remote File Upload Vulnerability
• Description: WorkSimple is a PHP-based blog. The application is exposed to a remote file upload issue because it fails to sufficiently sanitize user-supplied input. This issue affects the "uploader.php" file. Attackers can exploit this issue to upload arbitrary code and run it in the context of the web server process.
• Ref: http://www.securityfocus.com/bid/38370

• 10.9.119 - CVE: Not Available
• Platform: Network Device
• Title: Huawei HG510 Multiple Cross-Site Request Forgery Vulnerabilities
• Description: The Huawei HG510 is a router device for home use. The router is exposed to a cross-site request forgery issues that affects the "password.cgi" and "rebootinfo.cgi" scripts and possibly other scripts. Attackers can exploit this issue by tricking a victim into visiting a malicious webpage. The page will consist of specially crafted script code designed to perform some action on the attacker's behalf.
• Ref: http://www.securityfocus.com/bid/38261

• 10.9.120 - CVE: CVE-2010-0149
• Platform: Network Device
• Title: Cisco ASA Appliance TCP Connection Exhaustion Denial of Service
• Description: Cisco Adaptive Security Appliance (ASA) devices provide security services such as a firewall, intrusion prevention, and VPN. Cisco ASA security appliances are exposed to a remote denial of service issue when handling malformed TCP segments that are sent to certain TCP services. To exploit this issue, a TCP 3-way handshake must occur.
• Ref: http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1910c.s
  html

• 10.9.121 - CVE: CVE-2010-0568
• Platform: Network Device
• Title: Cisco ASA 5500 NTLM Protocol Authentication Bypass
• Description: Cisco ASA 5500 are network security appliances. ASA 5500 series appliances are exposed to a remote authentication bypass issue. The problem occurs when authenticating against Microsoft Windows servers using the NTLM protocol. An attacker can bypass authentication by providing a specially crafted username during the authentication request.
• Ref: http://www.cisco.com/en/US/products/products_security_advisory09186a0080a994f6.s
  html#@ID

• 10.9.122 - CVE: CVE-2010-0567
• Platform: Network Device
• Title: Cisco ASA 5500 IKE Message Denial of Service
• Description: Cisco Adaptive Security Appliance (ASA) devices provide security services such as a firewall, intrusion prevention, and VPN. Cisco ASA security appliances are exposed to a remote denial of service issue that occurs when processing a malformed IKE message on UDP port 4500 through an existing IPsec tunnel.
• Ref: http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1910c.s
  html

• 10.9.123 - CVE: CVE-2010-0151
• Platform: Network Device
• Title: Cisco Firewall Services Module SCCP Inspection Remote Denial of Service
• Description: Cisco Firewall Services Module (FWSM) is an integrated firewall module for multiple Cisco devices. Cisco ASA 5500 Series Adaptive Security Appliances and FWSM for the Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers are exposed to an issue that may cause FWSM to reload after processing a malformed Skinny Client Control Protocol (SCCP) message.
• Ref: http://www.cisco.com/warp/public/707/cisco-sa-20100217-fwsm.shtml

• 10.9.124 - CVE: CVE-2010-0150
• Platform: Network Device
• Title: Cisco ASA 5500 Series SIP Traffic (CVE-2010-0150) Denial of Service
• Description: Cisco ASA 5500 series security appliances are network security devices. The devices are exposed to a denial of service issue because they fail to properly process "SIP" messages. This issue occurs when "SIP" inspection is enabled. An attacker can exploit this issue to cause the vulnerable device to crash, denying service to legitimate users. Ref: http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1910c.shtml

• 10.9.125 - CVE: CVE-2010-0566
• Platform: Network Device
• Title: Cisco ASA 5500 Crafted TCP Segment Denial of Service
• Description: Cisco ASA 5500 Adaptive Security Appliances are network security devices. The devices are exposed to a denial of service issue because they fail to handle crafted TCP segments. An attacker can exploit this issue to cause an affected device to restart, denying service to legitimate users.
• Ref: http://www.securityfocus.com/bid/38278

• 10.9.126 - CVE: CVE-2010-0565
• Platform: Network Device
• Title: Cisco ASA 5500 WebVPN DTLS Packet Denial of Service
• Description: Cisco Adaptive Security Appliance (ASA) devices provide security services such as a firewall, intrusion prevention, and VPN. Cisco ASA security appliances are exposed to a remote denial of service issue when handling malformed DTLS messages sent to UDP port 443. For an exploit to succeed, affected devices must be configured to use DTLS and WebVPN.
• Ref: http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1910c.s
  html

• 10.9.127 - CVE: CVE-2010-0569
• Platform: Network Device
• Title: Cisco ASA 5500 Series SIP Traffic (CVE-2010-0569) Denial of Service
• Description: Cisco ASA 5500 series security appliances are network security devices. The devices are exposed to a denial of service issue because they fail to properly process "SIP" messages. This issue occurs when "SIP" inspection is enabled. An attacker can exploit this issue to cause a vulnerable device to crash, denying service to legitimate users.
• Ref: http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1910c.s
  html

(c) 2010. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge by the SANS Institute to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.