Home
Systeembeheer
Consultancy
Connectivity
Training
Development

Klanten

Inloggen

Resources

Sans artikelen
Security artikelen

Software

Linux
Windows









[ terug ]
*************************************************************************
	    @RISK: The Consensus Security Vulnerability Alert
February 19, 2009                                         Vol. 8. Week 08
*************************************************************************
@RISK is the SANS community's consensus bulletin summarizing the most
important vulnerabilities and exploits identified during the past week
and providing guidance on appropriate actions to protect your systems
(PART I). It also includes a comprehensive list of all new
vulnerabilities discovered in the past week (PART II).

Summary of Updates and Vulnerabilities in this Consensus
Platform                        Number of Updates and Vulnerabilities
- ------------------------        -------------------------------------
Other Microsoft Products                       1(#3)
Third Party Windows Apps                       3 
Mac Os                                         7(#1)
Linux                                          3
BSD                                            1(#2)
Cross Platform                                14(#4)
Web Application - Cross Site Scripting         5
Web Application - SQL Injection               15
Web Application                               18
Network Device                                 1

**************  Sponsored By SANS COMPLIANCE WORKSHOP ******************

Many INFOSEC professionals know that "being compliant" does not
guarantee a secure infrastructure.  SANS invites you to attend this
archived webcast which has helped hundreds assess the future trends of
compliance and vulnerability management.  The "must-know" topics of
network vs. vulnerability scanning, compliance mandates (PCI/DDS, ISO
27000/SOX, HIPAA), and the recent evolution of network assessment and
what is needed to help mitigate the latest threats are discussed.
Featuring David Hoelzer and sponsored by Qualys.

http://www.sans.org/info/38779
*************************************************************************
TRAINING UPDATE
- - SANS 2009 in Orlando in early March - the largest security training
conference and expo in the world. lots of evening sessions:
http://www.sans.org/

- - Looking for training in your own Community?  http://sans.org/community/
For a list of all upcoming events, on-line and live: www.sans.org
*************************************************************************

Table Of Contents
Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)
Widely Deployed Software

(1) CRITICAL: Apple Mac OS X Multiple Vulnerabilities (Security Update
2009-001) 
(2) HIGH: FreeBSD telnetd Remote Code Execution Vulnerability
(3) LOW: Microsoft XML Core Services XMLHttpRequest Information Disclosure 
(4) LOW: Symantec Veritas NetBackup "vnet" Remote Escalation of Privilege
vulnerability

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from
Qualys (www.qualys.com)

 -- Other Microsoft Products
09.8.1 - Microsoft XML Core Services XMLHttpRequest "SetCookie2" Header
Information Disclosure
 -- Third Party Windows Apps
09.8.2 - Symantec Endpoint Protection "Smc.exe" Local Denial of Service
09.8.3 - RimArts Becky! Internet Mail Return Receipt Remote Buffer Overflow
09.8.4 - GeoVision LiveX ActiveX Control "SnapShotToFile()" Arbitrary File
Overwrite
 -- Mac Os
09.8.5 - Apple Mac OS X 2009-001 Multiple Security Vulnerabilities
09.8.6 - Apple Mac OS X SMB File System Remote Denial of Service
09.8.7 - Apple Mac OS X Xterm Local Privilege Escalation
09.8.8 - Apple Mac OS X SMB Component Unspecified Buffer Overflow
09.8.9 - Apple Mac OS X Pixlet Video Handling Remote Code Execution
09.8.10  - Apple Mac OS X Resource Manager Remote Code Execution
09.8.11  - Apple Mac OS X CoreText Unicode String Handling Heap Based Buffer
Overflow
 -- Linux
09.8.12  - Linux Kernel KProbe Memory Corruption
09.8.13  - SUSE blinux Buffer Overflow
09.8.14  - Ubuntu xorg-driver-fglrx "LD_LIBRARY_PATH" Remote Command Execution
 -- BSD
09.8.15  - FreeBSD "telnetd" Daemon Remote Code Execution
 -- Cross Platform
09.8.16  - Geovision Digital Video Surveillance System Directory Traversal
09.8.17  - W3C Amaya "CheckUniqueName()" Multiple Stack Based Buffer Overflow
Vulnerabilities
09.8.18  - GE Fanuc iFIX Insecure Authentication Multiple Unauthorized Access
Vulnerabilities
09.8.19  - pam-krb5 Local Privilege Escalation
09.8.20  - pam-krb5 "KRB5CCNAME" Environment Variable Local Privilege Escalation
09.8.21  - Net-SNMP "snmpUDPDomain.c" Remote Information Disclosure
09.8.22  - Sun Java System Directory Server Directory Proxy Server JDBC Backend
Denial of Service
09.8.23  - python-fedora Security Bypass
09.8.24  - TPTEST "pwd" Remote Stack Buffer Overflow
09.8.25  - UniversalIndentGUI "SettingsPaths.cpp" Insecure Temporary File
Creation
09.8.26  - Ruby "OCSP_basic_verify()" X.509 Certificate Verification
09.8.27  - Google Chrome XMLHttpRequest Cookie Information Disclosure
09.8.28  - University of Washington IMAP c-client Remote Format String
09.8.29  - Transmission Connection Timeout Remote Denial of Service
 -- Web Application - Cross Site Scripting
09.8.30  - Drupal Troll Module "Form API" Cross-Site Request Forgery
09.8.31  - FAST ESP Cross-Site Scripting
09.8.32  - Jojo CMS Multiple Cross-Site Scripting Vulnerabilities
09.8.33  - Samizdat Multiple Cross-Site Scripting Vulnerabilities
09.8.34  - Openfiler "redirect" Parameter Cross-Site Scripting
 -- Web Application - SQL Injection
09.8.35  - Bloggeruniverse "editcomments.php" SQL Injection
09.8.36  - Scripts Den Dating Website Script "searchmatch.php" SQL Injection
09.8.37  - InselPhoto "search.php" SQL Injection
09.8.38  - Calendarix Multiple SQL Injection Vulnerabilities
09.8.39  - MemHT Portal "deletenewpm" Parameter SQL Injection
09.8.40  - SAS Hotel Management System "myhotel_info.asp" SQL Injection
09.8.41  - Free Joke Script Multiple SQL Injection Vulnerabilities
09.8.42  - IdeaCart Local File Include and SQL Injection Vulnerabilities
09.8.43  - Vlinks "forum/page.php" SQL Injection
09.8.44  - BlogIt! Multiple SQL Injection Vulnerabilities
09.8.45  - CMS Faethon "info.php" SQL Injection
09.8.46  - BlogWrite "print.php" SQL Injection
09.8.47  - Grestul Multiple SQL Injection Vulnerabilities
09.8.48  - pHNews "header.php" SQL Injection
09.8.49  - S-CMS SQL Injection and Cookie Authentication Bypass Vulnerabilities
 -- Web Application
09.8.50  - Drupal Ajax Checklist Module Unspecified HTML Injection
09.8.51  - SkaDate "photo" Arbitrary File Upload
09.8.52  - Dacio's CMS Cross Site Scripting and Multiple SQL Injection
Vulnerabilities
09.8.53  - Graugon Gallery Multiple Security Vulnerabilities
09.8.54  - Drupal Advertisement Module Multiple HTML Injection Vulnerabilities
09.8.55  - Poppler Multiple Denial of Service Vulnerabilities
09.8.56  - RavenNuke Multiple Input Validation Vulnerabilities
09.8.57  - NovaBoard Multiple Remote Vulnerabilities
09.8.58  - InselPhoto Photo Description Field HTML Injection
09.8.59  - PowerMovieList Multiple SQL Injection and Cross Site Scripting
Vulnerabilities
09.8.60  - Baran CMS Multiple Input Validation Vulnerabilities
09.8.61  - EsFaq "questions.php" SQL Injection
09.8.62  - ea-gBook "inc_ordner" Parameter Remote File Include
09.8.63  - simplePMS PHP Code Injection and Local File Include Vulnerabilities
09.8.64  - ClipBucket "dwnld.php" Directory Traversal
09.8.65  - YACS "update_trailer.php" Remote File Include
09.8.66  - WikkaWiki "backlinks" Handler Information Disclosure
09.8.67  - WebKit XMLHttpRequest Cookie Information Disclosure
 -- Network Device
09.8.68  - Nokia N95 "setAttributeNode()" Denial of Service
______________________________________________________________________

PART I Critical Vulnerabilities
Part I for this issue has been compiled by Rohan Kotian at TippingPoint,
a division of 3Com, as a by-product of that company's continuous effort
to ensure that its intrusion prevention products effectively block
exploits using known vulnerabilities. TippingPoint's analysis is
complemented by input from a council of security managers from twelve
large organizations who confidentially share with SANS the specific
actions they have taken to protect their systems. A detailed description
of the process may be found at
http://www.sans.org/newsletters/cva/#process

*****************************
Widely Deployed Software
*****************************

(1) CRITICAL: Apple Mac OS X Multiple Vulnerabilities (Security Update
2009-001) 
Affected:
Apple Mac OS X versions 10.5.6 and prior
Apple Mac OS X versions 10.4.11 and prior

Description:  Apple Mac OS X contains multiple vulnerabilities in
several of its components. Improper handling of user and network
requests, and several file, document, and media formats, can cause
memory corruption and/or buffer overflow leading to arbitrary remote
code execution with the privileges of the vulnerable process. Other
logical flaws can lead to arbitrary information disclosure, denial of
service, file overwrites, null pointer dereference, escalation of
privileges. Several of these vulnerabilities stem from flaws in included
third-party applications and components.

Status: Vendor confirmed, updates available. 

References:
Apple Security Advisory
http://support.apple.com/kb/HT3438
SecurityFocus BID
http://www.securityfocus.com/bid/33821
http://www.securityfocus.com/bid/33816
http://www.securityfocus.com/bid/33815
http://www.securityfocus.com/bid/33814
http://www.securityfocus.com/bid/33812
http://www.securityfocus.com/bid/33809
http://www.securityfocus.com/bid/33808
http://www.securityfocus.com/bid/33800

*************************************************************

(2) HIGH: FreeBSD telnetd Remote Code Execution Vulnerability
Affected:
FreeBSD 7.x

Description: FreeBSD telnet daemon, telnetd, has a remote code execution
vulnerability. Due to insufficient sanitization of user supplied inputs,
potentially harmful environment variables can be set. This is primarily
caused due to some recent changes in FreeBSD's environment handling
code. Successful exploitation of this vulnerability may allow an
attacker to execute arbitrary code with the privileges of the user
running the vulnerable telnet daemon service. Note that telnetd is
disabled by default. Some technical details are publicly available for
this vulnerability

Status: Vendor confirmed, updates available.

References:
FreeBSD Security Advisory 
http://security.freebsd.org/advisories/FreeBSD-SA-09:05.telnetd.asc
FreeBSD Home Page 
http://www.freebsd.org/
SecurityFocus BID
http://www.securityfocus.com/bid/33777

*************************************************************

(3) LOW: Microsoft XML Core Services XMLHttpRequest Information Disclosure 
Affected:
Microsoft XML Core Services 6.0
Microsoft XML Core Services 5.0
Microsoft XML Core Services 4.0
Microsoft XML Core Services 3.0

Description: Microsoft XML Core Services allows users who use JScript,
VBScript and Microsoft Visual Studio 2005 to build XML based
applications and is used in Microsoft Office, Internet Explorer 6 and
7, and other products. Microsoft XML Core Services is prone to
information disclosure due to improper handling of HTTPOnly cookie flag
by XMLHttpRequest. This can be leveraged by the attackers to sensitive
information from cookies, which can be used for other attacks. Some
technical details are publicly available for this vulnerability.

Status: Vendor has not confirmed, no updates available.

References:
XML Developer Center
http://msdn.microsoft.com/en-us/xml/default.aspx
SecurityFocus BID
http://www.securityfocus.com/bid/33803

*************************************************************

(4) LOW: Symantec Veritas NetBackup "vnet" Remote Escalation of Privilege
vulnerability
Affected:
Symantec Veritas NetBackup Server / Enterprise Server 5.x
Symantec Veritas NetBackup Server / Enterprise Server 6.0 through 6.0 MP7
Symantec Veritas NetBackup Server / Enterprise Server 6.5 through 6.5.3

Description: Symantec Veritas NetBackup is a backup and recovery suite
that provides cross-platform backup functionality. Symantec Veritas
Netbackup has a remote escalation of privilege vulnerability due to
inadequate sanitization of server-supplied data during initial
communication setup. This could be leveraged by the remote authorized
attackers who have access to the target network to execute arbitrary
code with elevated privileges. Some technical details are publicly
available for this vulnerability.

Status: Vendor confirmed, updates available.

References:
Symantec Security Advisory (SYM09-002) 
http://seer.entsupport.symantec.com/docs/317828.htm
Wikipedia Article on Veritas NetBackup
http://en.wikipedia.org/wiki/NetBackup
Product Home Page
http://www.symantec.com/business/netbackup
SecurityFocus BID
http://www.securityfocus.com/bid/33772

*************************************************************

Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 8, 2009

This list is compiled by Qualys ( www.qualys.com ) as part of that
company's ongoing effort to ensure its vulnerability management web
service tests for all known vulnerabilities that can be scanned. As of
this week Qualys scans for 5549 unique vulnerabilities. For this special
SANS community listing, Qualys also includes vulnerabilities that cannot
be scanned remotely.

09.8.1 CVE: CVE-2009-0419
Platform: Other Microsoft Products
Title: Microsoft XML Core Services XMLHttpRequest "SetCookie2" Header
Information Disclosure
Description: Microsoft XML Core Services (MSXML) is a software
component that allows multiple programming languages to support
XML-based communication. MSXML is exposed to an information disclosure
issue because it fails to properly protect sensitive cookie data with
the "HTTPOnly" protection mechanism.
Ref: https://bugzilla.mozilla.org/show_bug.cgi?id=380418
______________________________________________________________________

09.8.2 CVE: Not Available
Platform: Third Party Windows Apps
Title: Symantec Endpoint Protection "Smc.exe" Local Denial of Service
Description: Symantec Endpoint Protection is a desktop security
application that includes antivirus and firewall functionality.
Endpoint Protection is exposed to a local denial of service issue.
Specifically, this issue lies in the "Smc.exe" executable and occurs
because the software fails to handle malformed command-line
parameters. Endpoint Protection version 11.0.4000 is affected.
Ref: http://www.securityfocus.com/archive/1/500964
______________________________________________________________________

09.8.3 CVE: Not Available
Platform: Third Party Windows Apps
Title: RimArts Becky! Internet Mail Return Receipt Remote Buffer
Overflow
Description: RimArts Becky! Internet Mail is an e-mail client for
Microsoft Windows. Becky! Internet Mail is exposed to a remote buffer
overflow issue because it fails to perform adequate bounds checks on
user-supplied input. Becky! Internet Mail versions prior to 2.50 are
affected.
Ref: http://jvn.jp/en/jp/JVN29641290/index.html
______________________________________________________________________

09.8.4 CVE: Not Available
Platform: Third Party Windows Apps
Title: GeoVision LiveX ActiveX Control "SnapShotToFile()" Arbitrary
File Overwrite
Description: GeoVision LiveX is an ActiveX control for displaying
information in graphs on a web page. The application is exposed to an
issue that allows attackers to overwrite files with arbitrary,
attacker-supplied content. GeoVision LiveX ActiveX control versions
7000, 8120 and 8200 are affected.
Ref: http://support.microsoft.com/kb/240797
______________________________________________________________________

09.8.5 CVE: CVE-2009-0009, CVE-2009-0020, CVE-2009-0142,
CVE-2009-0011, CVE-2009-0012, CVE-2009-0013, CVE-2009-0014,
CVE-2009-0015, CVE-2009-0017, CVE-2009-0018, CVE-2009-0019,
CVE-2009-0137, CVE-2009-0138, CVE-2009-0139, CVE-2009-0140,
CVE-2009-0141
Platform: Mac Os
Title: Apple Mac OS X 2009-001 Multiple Security Vulnerabilities
Description: Apple Mac OS X is exposed to multiple security issues
that have been addressed in Security Update 2009-001. The security
update addresses a total of 16 new vulnerabilities that affect the AFP
server, movie playing, Resource Manager, Certificate Assistant,
CoreText, "dscl", Folder Manager, FSEvents, csregprinter, Remote Apple
Event Viewer, Safari, SMB File System, and XTerm components of Mac OS
X.
Ref: http://support.apple.com/kb/ht3438
______________________________________________________________________

09.8.6 CVE: CVE-2009-0140
Platform: Mac Os
Title: Apple Mac OS X SMB File System Remote Denial of Service
Description: Apple Mac OS X SMB File System is prone to a remote
denial of service vulnerability when handling SMB file system names.
An attacker that can trick an unsuspecting victim into connecting to a
malicious SMB server can exploit this issue to cause the affected
computer to shutdown.
Ref: http://support.apple.com/kb/ht3438
______________________________________________________________________

09.8.7 CVE: CVE-2009-0141
Platform: Mac Os
Title: Apple Mac OS X Xterm Local Privilege Escalation
Description: Apple Mac OS X is prone to a local privilege escalation
vulnerability. This issue affects the XTerm terminal application when
used in conjunction with Luit, which provides multilanguage support.
Specifically, this issue results from XTerm creating tty devices
without access restrictions. Mac OS X versions 10.4.11 and 10.5.6 are
affected.
Ref: http://support.apple.com/kb/ht3438
______________________________________________________________________

09.8.8 CVE: CVE-2009-0139
Platform: Mac Os
Title: Apple Mac OS X SMB Component Unspecified Buffer Overflow
Description: Apple Mac OS X is exposed to a buffer overflow issue that
occurs in the SMB component. Attackers can exploit this issue by
enticing an unsuspecting user to connect to a malicious SMB server. OS
X versions 10.5.6 and OS X Server 10.5.6 are affected.
Ref: http://support.apple.com/kb/ht3438
______________________________________________________________________

09.8.9 CVE: CVE-2009-0009
Platform: Mac Os
Title: Apple Mac OS X Pixlet Video Handling Remote Code Execution
Description: Apple Mac OS X is exposed to a code execution issue
because it fails to perform adequate boundary checks on user-supplied
data. Specifically, a memory corruption vulnerability occurs when
handling movies encoded with the Pixlet codec. Mac OS X versions
10.4.11 and 10.5.6 (both client and server) are affected.
Ref: http://support.apple.com/kb/ht3438
______________________________________________________________________

09.8.10 CVE: CVE-2009-0020
Platform: Mac Os
Title: Apple Mac OS X Resource Manager Remote Code Execution
Description: Apple Mac OS X is prone to a code execution issue.
Specifically, this vulnerability affects the Resource Manager's
handling of resource forks. This issue may be triggered by opening a
file with a maliciously constructed resource fork. Mac OS X versions
10.4.11 and 10.5.6 (both client and server) are affected.
Ref: http://support.apple.com/kb/ht3438
______________________________________________________________________

09.8.11 CVE: CVE-2009-0012
Platform: Mac Os
Title: Apple Mac OS X CoreText Unicode String Handling Heap Based
Buffer Overflow
Description: Apple Mac OS X is prone to a heap-based buffer overflow
vulnerability that affects the CoreText component. Attackers can
exploit this issue by enticing an unsuspecting user to handle
maliciously crafted Unicode strings, such as when viewing a
maliciously crafted web page. Apple Mac OS X versions 10.5.6 and OS X
Server 10.5.6 are vulnerable.
Ref: http://support.apple.com/kb/ht3438
______________________________________________________________________

09.8.12 CVE: Not Available
Platform: Linux
Title: Linux Kernel KProbe Memory Corruption
Description: KProbes are a mechanism used to monitor and debug Linux
kernel operations. KProbes are exposed to a memory corruption issue
because of a failure to handle certain fault conditions. This issue
affects the function "do_page_fault()" in the "arch/x86/mm/fault.c"
source code file. Linux kernel versions prior to 2.6.28.5 are
affected.
Ref: http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.5
______________________________________________________________________

09.8.13 CVE: CVE-2009-0310
Platform: Linux
Title: SUSE blinux Buffer Overflow
Description: The SUSE blinux (sbl) package is a screen reader for the
Linux console which supports braille displays. The sbl package is
exposed to a buffer overflow issue because it fails to perform
adequate boundary checks on user-supplied data. Specifically, this
issue occurs due to a failure to handle incoming data and
authentication strings.
Ref: http://www.securityfocus.com/bid/33794
______________________________________________________________________

09.8.14 CVE: Not Available
Platform: Linux
Title: Ubuntu xorg-driver-fglrx "LD_LIBRARY_PATH" Remote Command
Execution
Description: Ubuntu xorg-driver-fglrx (FireGL and Radeon for X) is a
driver for ATI video cards for the X11 window system. The package is
exposed to a remote command execution issue because it creates unsafe
environment variables. This problem occurs because the current working
directory is prepended to the "LD_LIBRARY_PATH" list by the script
"/etc/X11/Xsession.d/10fglrx". Ubuntu version 8.10 is affected.
Ref:
https://bugs.launchpad.net/ubuntu/+source/linux-restricted-modules-2.6.24/+bug/
323327
______________________________________________________________________

09.8.15 CVE: Not Available
Platform: BSD
Title: FreeBSD "telnetd" Daemon Remote Code Execution
Description: FreeBSD is exposed to a remote code execution issue that
exists in the "telnetd" daemon. This issue occurs because the
application fails to sufficiently sanitize user-supplied "LD_* "
environment variables when executing "/bin/login". FreeBSD version
7.0-RELEASE is affected.
Ref: http://security.freebsd.org/advisories/FreeBSD-SA-09:05.telnetd.asc
______________________________________________________________________

09.8.16 CVE: Not Available
Platform: Cross Platform
Title: Geovision Digital Video Surveillance System Directory Traversal
Description: Geovision Digital Video Surveillance System is a
surveillance camera application. Geovision Digital Video Surveillance
System is exposed to a directory traversal issue because the
application fails to sufficiently sanitize user-supplied input.
Ref: http://www.securityfocus.com/archive/1/500858
______________________________________________________________________

09.8.17 CVE: CVE-2008-6005
Platform: Cross Platform
Title: W3C Amaya "CheckUniqueName()" Multiple Stack Based Buffer
Overflow Vulnerabilities
Description: W3C Amaya is a freely available web browser and editor
that runs on multiple platforms. Amaya is exposed to multiple
stack-based buffer overflow issues because it fails to perform
adequate checks on user-supplied input. Amaya versions prior to 11.1
are vulnerable.
Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507587#15
______________________________________________________________________

09.8.18 CVE: CVE-2009-0216
Platform: Cross Platform
Title: GE Fanuc iFIX Insecure Authentication Multiple Unauthorized
Access Vulnerabilities
Description: GE Fanuc iFIX is an HMI/SCADA client/server application.
iFIX is exposed to multiple issues that could let attackers gain
unauthorized access because it handles authentication in an insecure
manner. GE Fanuc iFIX versions up to and including 5.0 are affected.
Ref: http://www.kb.cert.org/vuls/id/310355
______________________________________________________________________

09.8.19 CVE: CVE-2009-0360
Platform: Cross Platform
Title: pam-krb5 Local Privilege Escalation
Description: Pluggable authentication modules (PAM) provide a standard
interface to a variety of authentication mechanisms. The pam-krb5
library is used to provide a PAM interface to the Kerberos
authentication system. The library is exposed to a local
privilege escalation issue because of a failure to properly handle
setuid processes. This issue is reported to affect the pam-krb5 module
as shipped with Debian, Ubuntu and Gentoo Linux releases.
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-252767-1
______________________________________________________________________

09.8.20 CVE: CVE-2009-0361
Platform: Cross Platform
Title: pam-krb5 "KRB5CCNAME" Environment Variable Local Privilege
Escalation
Description: Pluggable authentication modules (PAM) provide a standard
interface to a variety of authentication mechanisms. Russ Allbery
maintains a pam-krb5 library which provides a PAM interface to
Kerberos authentication systems. The pam-krb5 library is exposed to a
local privilege escalation issue because of a failure to properly
handle setuid processes. pam-krb5 versions prior to 3.13 are affected.
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-252767-1
______________________________________________________________________

09.8.21 CVE: CVE-2008-6123
Platform: Cross Platform
Title: Net-SNMP "snmpUDPDomain.c" Remote Information Disclosure
Description: Net-SNMP is a set of tools and libraries used for
deploying the SNMP protocol. The application is exposed to a remote
information disclosure issue because it fails to properly parse
"hosts.allow" and "hosts.deny" TCP Wrappers rules. This issue stems
from mishandling source and destination IP addresses. Net-SNMP version
5.4.2.1 is affected.
Ref: https://bugzilla.redhat.com/show_bug.cgi?id=485211
______________________________________________________________________

09.8.22 CVE: Not Available
Platform: Cross Platform
Title: Sun Java System Directory Server Directory Proxy Server JDBC
Backend Denial of Service
Description: Sun Java System Directory Server is an LDAP (Lightweight
Directory Access Protocol) server distributed with multiple Sun
products. The Directory Proxy Server is a component of Sun Java System
Directory Server Enterprise Edition. The Directory Proxy Server is
exposed to a denial of service issue that occurs due to unspecified
error.
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-251086-1
______________________________________________________________________

09.8.23 CVE: Not Available
Platform: Cross Platform
Title: python-fedora Security Bypass
Description: python-fedora is a set of python modules used for
building Fedora Services. One of the modules provides functionality
for authenticating and verifying user credentials against FAS2 (Fedora
Account System 2). python-fedora is affected by a security bypass
vulnerability because of an error in the
"fedora.client.AccountSystem().verify_password()" method. The issue
causes the method to return "True" for arbitrary username and password
combination.
Ref: http://www.securityfocus.com/bid/33762
______________________________________________________________________

09.8.24 CVE: Not Available
Platform: Cross Platform
Title: TPTEST "pwd" Remote Stack Buffer Overflow
Description: TPTEST is network performance testing software available
for a number of platforms. The TPTEST server is exposed to a remote
stack-based buffer overflow issue. Specifically, this issue occurs due
to a failure to handle excessive data supplied by the client as the
"pwd" argument. TPTEST version 3.1.7 is affected.
Ref: http://www.securityfocus.com/bid/33785
______________________________________________________________________

09.8.25 CVE: Not Available
Platform: Cross Platform
Title: UniversalIndentGUI "SettingsPaths.cpp" Insecure Temporary File
Creation
Description: UniversalIndentGUI is a tool for creating indented, more
readable code. The application creates temporary files with a fixed
name in the "SettingsPaths::init()" function of the
"SettingsPaths.cpp" source file. UniversalIndentGUI versions prior to
1.0.2 are vulnerable.
Ref:
http://universalindent.svn.sourceforge.net/viewvc/universalindent/trunk/src/
SettingsPaths.cpp?r1=893&r2=901
______________________________________________________________________

09.8.26 CVE: Not Available
Platform: Cross Platform
Title: Ruby "OCSP_basic_verify()" X.509 Certificate Verification
Description: Ruby is an object oriented scripting language. Ruby is
exposed to an issue related to the handling of the Online Certificate
Status Protocol (OSCP), used to obtain the revocation status of x.509
certificates. This error occurs in the "ext/openssl/ossl_ocsp.c"
source code file. Ruby versions 1.8.7 and 1.9.1 are affected.
Ref: http://redmine.ruby-lang.org/issues/show/1091
______________________________________________________________________

09.8.27 CVE: CVE-2009-0411
Platform: Cross Platform
Title: Google Chrome XMLHttpRequest Cookie Information Disclosure
Description: Google Chrome is a web browser. Chrome is exposed to an
information disclosure issue because cookies marked "HTTPOnly" are
readable by JavaScript through the XMLHttpRequest API. An attacker can
exploit this to bypass the "HTTPOnly" flag security restrictions to
gain access to cookie data. Chrome versions prior to 1.0.154.46 are
affected.
Ref: http://www.securityfocus.com/bid/33773
______________________________________________________________________

09.8.28 CVE: Not Available
Platform: Cross Platform
Title: University of Washington IMAP c-client Remote Format String
Description: The University of Washington IMAP library is an
implementation of the IMAP mail protocol. c-client is exposed to a
remote format string issue because of incorrect usage of
"printf()"-type functions, allowing format specifiers to be supplied
directly to vulnerable functions from external data. IMAP version
2007d is affected.
Ref: http://www.securityfocus.com/bid/33795
______________________________________________________________________

09.8.29 CVE: Not Available
Platform: Cross Platform
Title: Transmission Connection Timeout Remote Denial of Service
Description: Transmission is a multi-platform BitTorrent client. The
application is exposed to a remote denial of service issue.
Specifically, the application fails to enforce a timeout on incoming
connections. Transmission version 1.41 is affected.
Ref: http://trac.transmissionbt.com/ticket/1810
______________________________________________________________________

09.8.30 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Drupal Troll Module "Form API" Cross-Site Request Forgery
Description: The Drupal Troll module is a troll management tools for
community sites. The application is exposed to a cross-site request
forgery issue because it fails to properly implement the Drupal Form
API.
Ref: http://drupal.org/node/372903
______________________________________________________________________

09.8.31 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: FAST ESP Cross-Site Scripting
Description: FAST ESP is an enterprise search platform. The
application is exposed to a cross-site scripting issue because it
fails to sufficiently sanitize user-supplied input to an unspecified
parameter of the management interface. FAST ESP version 5.1.5 is
affected.
Ref: http://www.securityfocus.com/bid/33750
______________________________________________________________________

09.8.32 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Jojo CMS Multiple Cross-Site Scripting Vulnerabilities
Description: Jojo CMS is a PHP-based content manager. The application
is exposed to multiple cross-site scripting issues because it fails to
properly sanitize user-supplied input. Specifically, these issues
affect the "Mail Address" or "Username" textboxes of the
"forgot-password" page. Jojo CMS version 1.0 RC1 is affected.
Ref: http://www.securityfocus.com/bid/33757
______________________________________________________________________

09.8.33 CVE: CVE-2009-0359
Platform: Web Application - Cross Site Scripting
Title: Samizdat Multiple Cross-Site Scripting Vulnerabilities
Description: Samizdat is a framework for building collaboration and
open publishing websites. The application is exposed to multiple
cross-site scripting issues because it fails to properly sanitize
user-supplied input. Samizdat versions prior to 0.6.2 are vulnerable.
Ref: http://www.securityfocus.com/archive/1/500961
______________________________________________________________________

09.8.34 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Openfiler "redirect" Parameter Cross-Site Scripting
Description: Openfiler is open-source storage software. The
application is exposed to a cross-site scripting issue because it
fails to sufficiently sanitize user-supplied input. This issue affects
the "redirect" parameter of the "index.html" script. Openfiler version
2.3 is affected.
Ref: http://www.securityfocus.com/bid/33778
______________________________________________________________________

09.8.35 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Bloggeruniverse "editcomments.php" SQL Injection
Description: Bloggeruniverse is a web-based blogging application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "id" parameter of the
"editcomments.php" script before using the data in an SQL query.
Bloggeruniverse beta version 2 is affected.
Ref: http://www.securityfocus.com/bid/33744
______________________________________________________________________

09.8.36 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Scripts Den Dating Website Script "searchmatch.php" SQL
Injection
Description: Dating Website Script is an online dating script
implemented in PHP. The application is exposed to an SQL injection
issue because it fails to sufficiently sanitize user-supplied data to
the "txtlookgender" parameter of the "searchmatch.php" script before
using the data in an SQL query. Dating Website Script version 9.01 is
affected.
Ref: http://www.securityfocus.com/bid/33746
______________________________________________________________________

09.8.37 CVE: Not Available
Platform: Web Application - SQL Injection
Title: InselPhoto "search.php" SQL Injection
Description: InselPhoto is a web-based application implemented in PHP.
The application is exposed to an SQL injection issue because it fails
to sufficiently sanitize user-supplied data to the "query" parameter
of the "search.php" script before using the data in an SQL query.
InselPhoto version 1.1 is affected.
Ref: http://www.securityfocus.com/bid/33748
______________________________________________________________________

09.8.38 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Calendarix Multiple SQL Injection Vulnerabilities
Description: Calendarix is a web-based calendar implemented in PHP. 
The application is exposed to multiple SQL injection issues because it
fails to sufficiently sanitize user-supplied data to the "login"
parameter in the "cal_login.php" and "admin/cal_login.php" scripts.
Calendarix Advanced version 1.8.20081228 and Calendarix Basic version
0.8.20080808 are affected.
Ref: https://bugs.edge.launchpad.net/poppler/+bug/320181
______________________________________________________________________

09.8.39 CVE: Not Available
Platform: Web Application - SQL Injection
Title: MemHT Portal "deletenewpm" Parameter SQL Injection
Description: MemHT Portal is a PHP-based content management system.
The application is exposed to an SQL injection issue because it fails
to sufficiently sanitize user-supplied data to the "deletenewpm"
parameter of the "pages/putmsg/index.php" script before using it in an
SQL query. MemHT Portal version 4.0.1 is affected.
Ref: http://www.securityfocus.com/bid/33789
______________________________________________________________________

09.8.40 CVE: Not Available
Platform: Web Application - SQL Injection
Title: SAS Hotel Management System "myhotel_info.asp" SQL Injection
Description: SAS Hotel Management System is an ASP-based application
for handling hotel reservations. The application is prone to an SQL
injection issue because it fails to sufficiently sanitize
user-supplied data to the "id" parameter of the "myhotel_info.asp"
script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/33790
______________________________________________________________________

09.8.41 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Free Joke Script Multiple SQL Injection Vulnerabilities
Description: Free Joke Script is a web-based application implemented
in PHP. The application is exposed to multiple SQL injection issues
because it fails to sufficiently sanitize user-supplied data to the
"cat_id" parameter of the "joke-archives.php" script and the login
field of the login section. Free Joke Script version 1.0 is affected.
Ref: http://www.securityfocus.com/bid/33760
______________________________________________________________________

09.8.42 CVE: Not Available
Platform: Web Application - SQL Injection
Title: IdeaCart Local File Include and SQL Injection Vulnerabilities
Description: IdeaCart is a PHP-based ecommerce application. The
application is exposed to multiple input validation issues. An
attacker can exploit the local file include vulnerability using
directory traversal strings to view or execute local files within the
context of the web server process. IdeaCart version 0.02 is affected.
Ref: http://www.securityfocus.com/bid/33765
______________________________________________________________________

09.8.43 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Vlinks "forum/page.php" SQL Injection
Description: Vlinks is a PHP-based link directory application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "id" parameter of the
"forum/page.php" script. Vlinks version 1.1.6 is affected.
Ref: http://www.securityfocus.com/bid/33766
______________________________________________________________________

09.8.44 CVE: CVE-2009-0337
Platform: Web Application - SQL Injection
Title: BlogIt! Multiple SQL Injection Vulnerabilities
Description: BlogIt! is a web-log application implemented in ASP. The
application is exposed to multiple SQL injection issues because it
fails to sufficiently sanitize user-supplied data to the "month" and
"year" parameters of the "index.asp" script before using it in an SQL
query.
Ref: http://www.securityfocus.com/bid/33771
______________________________________________________________________

09.8.45 CVE: Not Available
Platform: Web Application - SQL Injection
Title: CMS Faethon "info.php" SQL Injection
Description: CMS Faethon is a PHP-based content manager. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "item" parameter of
the "info.php" script before using the data in an SQL query. CMS
Faethon version 2.2.0 is affected.
Ref: http://www.securityfocus.com/bid/33775
______________________________________________________________________

09.8.46 CVE: Not Available
Platform: Web Application - SQL Injection
Title: BlogWrite "print.php" SQL Injection
Description: BlogWrite is a web-based application implemented in PHP.
The application is exposed to an SQL injection issue because it fails
to sufficiently sanitize user-supplied data to the "id" parameter of
the "print.php" script before using it in an SQL query. BlogWrite
version 0.91 is affected.
Ref: http://www.securityfocus.com/bid/33776
______________________________________________________________________

09.8.47 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Grestul Multiple SQL Injection Vulnerabilities
Description: Grestul is a web-based application implemented in PHP.
The application is exposed to multiple SQL injection issues because it
fails to sufficiently sanitize user-supplied data to the
"grestul[username]" and "grestul[passcode]" cookie parameters of the
"admin/index.php" script. Grestul version 1.0.6 is affected.
Ref: http://www.securityfocus.com/bid/33792
______________________________________________________________________

09.8.48 CVE: Not Available
Platform: Web Application - SQL Injection
Title: pHNews "header.php" SQL Injection
Description: pHNews is a web-based application implemented in PHP. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "mod" parameter of the
"header.php" script before using it in an SQL query. pHNews alpha
version 1 is affected.
Ref: http://www.securityfocus.com/bid/33797
______________________________________________________________________

09.8.49 CVE: Not Available
Platform: Web Application - SQL Injection
Title: S-CMS SQL Injection and Cookie Authentication Bypass
Vulnerabilities
Description: S-CMS is a web-based application implemented in PHP. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "id" parameter of the
"admin/delete_page.php" script file before using it in an SQL query.
S-CMS version 1.1 Stable is affected.
Ref: http://www.securityfocus.com/bid/33799
______________________________________________________________________

09.8.50 CVE: CVE-2008-5999
Platform: Web Application
Title: Drupal Ajax Checklist Module Unspecified HTML Injection
Description: Ajax Checklist is a PHP-based component for Drupal. It is
used to add dynamic checklists into nodes. The application is exposed
to an unspecified HTML injection issue because it fails to properly
sanitize user-supplied input to node pages before using the input in
dynamically generated content. Ajax Checklist versions prior to
5.x-1.1 are affected.
Ref: http://drupal.org/node/312968
______________________________________________________________________

09.8.51 CVE: Not Available
Platform: Web Application
Title: SkaDate "photo" Arbitrary File Upload
Description: SkaDate is a web-based dating application implemented in
PHP. The application is exposed to an issue that lets attackers upload
arbitrary files. The issue occurs because the software fails to
adequately sanitize file extensions before uploading photos onto the
web server. SkaDate version 7 is affected.
Ref: http://www.securityfocus.com/bid/33742
______________________________________________________________________

09.8.52 CVE: Not Available
Platform: Web Application
Title: Dacio's CMS Cross-Site Scripting and Multiple SQL Injection
Vulnerabilities
Description: Dacio's CMS is a PHP-based content manager. The
application is exposed to mulitple issues, since it fails to
adequately sanitize user-supplied input. Dacio's CMS version 1.08 is
affected.
Ref: http://www.milw0rm.com/exploits/8042
______________________________________________________________________

09.8.53 CVE: Not Available
Platform: Web Application
Title: Graugon Gallery Multiple Security Vulnerabilities
Description: Graugon Gallery is a web-based image gallery application.
The application is exposed to multiple input validation issues because
it fails to sufficiently sanitize user-supplied data.
Ref: http://www.securityfocus.com/bid/33745
______________________________________________________________________

09.8.54 CVE: Not Available
Platform: Web Application
Title: Drupal Advertisement Module Multiple HTML Injection
Vulnerabilities
Description: The Drupal Advertisement Module is a module for the
Drupal content management system. The module is exposed to multiple
HTML injection issues because it fails to properly sanitize
user-supplied input before using it in dynamically generated content.
Advertisement module versions prior to 5.x-1.7 and 6.x-1.0-rc1 are
affected.
Ref: http://drupal.org/node/372977
______________________________________________________________________

09.8.55 CVE: Not Available
Platform: Web Application
Title: Poppler Multiple Denial of Service Vulnerabilities
Description: Poppler is a library that provides a programming
interface for rendering PDF files. The library is based on the
Xpdf-3.0 codebase. Poppler is exposed to multiple denial of service
issues when handling certain PDF files. The issues stem from an
uninitialized memory access error in the
"FormWidgetChoice::loadDefaults()" function and an error in the
"JBIG2Stream::readSymbolDictSeg()" function. Poppler versions prior to
0.10.4 are affected.
Ref: https://bugs.edge.launchpad.net/poppler/+bug/320181
______________________________________________________________________

09.8.56 CVE: Not Available
Platform: Web Application
Title: RavenNuke Multiple Input Validation Vulnerabilities
Description: RavenNuke is a PHP-based content manager. RavenNuke is
originally based on PHP-Nuke. The application is exposed to multiple
input validation issues. An attacker can exploit these issues to
execute arbitrary code within the context of the web server, compromise
the application, access or modify data, exploit latent vulnerabilities
in the underlying database, or obtain sensitive information. RavenNuke
versions prior to 2.30.01 are vulnerable.
Ref: http://www.securityfocus.com/archive/1/500988
______________________________________________________________________

09.8.57 CVE: Not Available
Platform: Web Application
Title: NovaBoard Multiple Remote Vulnerabilities
Description: NovaBoard is a message board application implemented in
PHP. The application is exposed to multiple remote issues. NovaBoard
version 1.0.0 is affected.
Ref: http://www.securityfocus.com/bid/33788
______________________________________________________________________

09.8.58 CVE: Not Available
Platform: Web Application
Title: InselPhoto Photo Description Field HTML Injection
Description: InselPhoto is a web-based application implemented in PHP.
InselPhoto is exposed to an HTML injection issue because it fails to
sufficiently sanitize user-supplied input. This issue affects photo
descriptions on uploaded photos. Attacker-supplied HTML or JavaScript
code could run in the context of the affected site, potentially
allowing the attacker to steal cookie-based authentication credentials
and to control how the site is rendered to the user; other attacks are
also possible. InselPhoto version 1.1 is affected.
Ref: http://www.securityfocus.com/bid/33783
______________________________________________________________________

09.8.59 CVE: Not Available
Platform: Web Application
Title: PowerMovieList Multiple SQL Injection and Cross-Site Scripting
Vulnerabilities
Description: PowerMovieList is a movie database application
implemented in PHP. The application is exposed to multiple input
validation issues. Exploiting these issues could allow an attacker to
steal cookie-based authentication credentials, compromise the
application, access or modify data, or exploit latent vulnerabilities
in the underlying database.
Ref: http://www.securityfocus.com/bid/33786
______________________________________________________________________

09.8.60 CVE: Not Available
Platform: Web Application
Title: Baran CMS Multiple Input Validation Vulnerabilities
Description: Baran CMS is web-based content management system
implemented in ASP. The application is exposed to multiple issues
because it fails to properly sanitize user-supplied input. Baran CMS
version 1.0 is affected.
Ref: http://www.securityfocus.com/bid/33764
______________________________________________________________________

09.8.61 CVE: CVE-2008-6016
Platform: Web Application
Title: EsFaq "questions.php" SQL Injection
Description: EsFaq is a web-based FAQ application implemented in PHP.
The application is exposed to an SQL injection issue because it fails
to sufficiently sanitize user-supplied data to the "cid" parameter of
the "questions.php" script before using it in an SQL query. EsFaq
version 2.0 is affected.
Ref: http://www.securityfocus.com/bid/33770
______________________________________________________________________

09.8.62 CVE: Not Available
Platform: Web Application
Title: ea-gBook "inc_ordner" Parameter Remote File Include
Description: ea-gBook is a PHP-based web application. The application
is exposed to a remote file include issue because it fails to
sufficiently sanitize user-supplied input to the "inc_ordner"
parameter of the "index_inc.php" script. ea-gBook version 0.1 is
affected.
Ref: http://www.securityfocus.com/bid/33774
______________________________________________________________________

09.8.63 CVE: Not Available
Platform: Web Application
Title: simplePMS PHP Code Injection and Local File Include
Vulnerabilities
Description: simplePMS is a PHP-based content manager. The application
is exposed to multiple input validation issues because it fails to
properly sanitize user-supplied input. simplePMS version 0.1.3a is
affected.
Ref: http://www.securityfocus.com/bid/33780
______________________________________________________________________

09.8.64 CVE: Not Available
Platform: Web Application
Title: ClipBucket "dwnld.php" Directory Traversal
Description: ClipBucket is a web-based video sharing application
implemented in PHP. The application is exposed to a directory
traversal issue because it fails to sufficiently sanitize
user-supplied input to the "file" parameter of the "dwnld.php" script.
ClipBucket version 1.7 is affected.
Ref: http://www.securityfocus.com/bid/33781
______________________________________________________________________

09.8.65 CVE: Not Available
Platform: Web Application
Title: YACS "update_trailer.php" Remote File Include
Description: YACS (Yet Another Community System) is a PHP-based web
application. The application is exposed to a remote file include issue
because it fails to sufficiently sanitize user-supplied input to the
"context[path_to_root]" parameter of the
"yacs/scripts/update_trailer.php" script. YACS version 8.11 is
affected.
Ref: http://www.securityfocus.com/bid/33791
______________________________________________________________________

09.8.66 CVE: Not Available
Platform: Web Application
Title: WikkaWiki "backlinks" Handler Information Disclosure
Description: WikkaWiki is a wiki application implemented in PHP. The
application is exposed to an information disclosure issue because it
fails to properly restrict access to certain restricted content.
WikkaWiki versions prior to 1.1.6.6 are affected.
Ref: http://www.securityfocus.com/bid/33793
______________________________________________________________________

09.8.67 CVE: CVE-2008-6059
Platform: Web Application
Title: WebKit XMLHttpRequest Cookie Information Disclosure
Description: WebKit is an open source web browser engine available for
a number of platforms. WebKit is exposed to an information disclosure
issue because cookies marked "HTTPOnly" are readable by JavaScript
through the XMLHttpRequest API. WebKit versions prior to r38566 are
vulnerable.
Ref:
http://trac.webkit.org/changeset/38566/trunk/WebCore/xml/XMLHttpRequest.cpp
______________________________________________________________________

09.8.68 CVE: Not Available
Platform: Network Device
Title: Nokia N95 "setAttributeNode()" Denial of Service
Description: Nokia N95 is a smartphone. Nokia N95 is exposed to a
denial of service issue that occurs in the device's web browser. This
issue affects the "setAttributeNode()" method. A successful exploit of
this issue allows remote attackers to crash the browser on the
affected device, denying service to legitimate users.
Ref: http://www.securityfocus.com/archive/1/500954
______________________________________________________________________
[ terug ]