Home
Systeembeheer
Consultancy
Connectivity
Training
Development

Klanten

Inloggen

Resources

Sans artikelen
Security artikelen

Software

Linux
Windows









[ terug ]
*************************************************************************
	    @RISK: The Consensus Security Vulnerability Alert
February 12, 2009                                         Vol. 8. Week 07
*************************************************************************
@RISK is the SANS community's consensus bulletin summarizing the most
important vulnerabilities and exploits identified during the past week
and providing guidance on appropriate actions to protect your systems
(PART I). It also includes a comprehensive list of all new
vulnerabilities discovered in the past week (PART II).

Summary of Updates and Vulnerabilities in this Consensus
Platform                        Number of Updates and Vulnerabilities
- ------------------------        -------------------------------------
Other Microsoft Products                     7 (#1, #2, #3)
Third Party Windows Apps                     5
Linux                                        7
HP-UX                                        1
Solaris                                      1
Aix                                          1
Cross Platform                              20 (#4, #5)
Web Application - Cross Site Scripting      19
Web Application - SQL Injection             19
Web Application                             31
Network Device                               9

****************** Sponsored By The LOG MANAGEMENT Summit **************
Attend the Log Management Summit April 6-7 to find best practices in
selecting and implementing the right tools in ways that ensure you meet
regulatory requirements and improve your security at the same time. As
a bonus you'll hear from organizations that have found they can use log
management to improve operational efficiency as well as security.
http://www.sans.org/info/38648
*************************************************************************
TRAINING UPDATE
- - SANS 2009 in Orlando in early March - the largest security training
conference and expo in the world. lots of evening sessions:
http://www.sans.org/
- - Looking for training in your own Community?  http://sans.org/community/
For a list of all upcoming events, on-line and live: www.sans.org
*************************************************************************

Table Of Contents
Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)

Widely Deployed Software
(1) CRITICAL: Microsoft Internet Explorer Multiple Vulnerabilities (MS09-002)
(2) CRITICAL: Microsoft Exchange Server Multiple Vulnerabilities (MS09-003)
(3) CRITICAL: RealNetworks RealPlayer File Parsing Multiple Vulnerabilities
(4) HIGH: Microsoft Office Visio Multiple Vulnerabilities (MS09-005)
(5) HIGH: HP OpenView Network Node Manager Multiple Vulnerabilities

 -- Other Microsoft Products
09.7.1 - Microsoft Exchange Server TNEF Decoding Remote Code Execution
09.7.2 - Microsoft Exchange Server EMSMDB2 MAPI Command Remote Denial of Service
09.7.3 - Microsoft Internet Explorer Uninitialized Memory Remote Code Execution
09.7.4 - Microsoft Visio Object Validation Remote Code Execution
09.7.5 - Microsoft Visio Object Copy Memory Corruption Remote Code Execution
09.7.6 - Microsoft Visio Memory Corruption Remote Code Execution
09.7.7 - Microsoft Internet Explorer CSS Memory Corruption Remote Code Execution
 -- Third Party Windows Apps
09.7.8 - QIP 2005 Malformed Rich Text Message Remote Denial of Service
09.7.9 - FeedDemon "outline" Tag Buffer Overflow
09.7.10  - Password Door Local Buffer Overflow
09.7.11  - BlackBerry Application Web Loader ActiveX Control Remote Buffer
Overflow
09.7.12  - Nokia Phoenix Service Software ActiveX Controls Multiple Buffer
Overflow Vulnerabilities
 -- Linux
09.7.13  - Linux Kernel "make_indexed_dir()" Local Denial of Service
09.7.14  - Linux Kernel "inotify_read()" Local Denial of Service
09.7.15  - Wicd "wicd.conf" Default Configuration Local Information Disclosure
09.7.16  - Linux Kernel Console Selection Local Privilege Escalation
09.7.17  - ZeroShell "cgi-bin/kerbynet" Remote Command Execution
09.7.18  - GNOME Evolution S/MIME Email Signature Verification
09.7.19  - libvirt "libvirt_proxy.c" Local Privilege Escalation
 -- HP-UX
09.7.20  - HP-UX NFS Unspecified Local Denial of Service
 -- Solaris
09.7.21  - Sun OpenSolaris Process File System Local Code Execution
 -- Aix
09.7.22  - IBM AIX "at" Local Information Disclosure
 -- Cross Platform
09.7.23  - Openfiler "password.html" Password Reset Security Bypass
09.7.24  - Trend Micro Interscan Web Security HTTP Proxy Authentication
Information Disclosure
09.7.25  - Non-Creative Software LCPlayer ".qt" File Remote Buffer Overflow
09.7.26  - AREVA e-terrahabitat Multiple Security Vulnerabilities
09.7.27  - ClearBudget Invalid ".htaccess" Unauthorized Access
09.7.28  - Fujitsu Systemcast Wizard Lite Registry Tool Buffer Overflow
09.7.29  - Wireshark 1.0.5 Multiple Denial of Service Vulnerabilities
09.7.30  - HP OpenView Network Node Manager Unspecified Remote Code Execution
09.7.31  - RealNetworks RealPlayer IVR File Parsing Multiple Vulnerabilities
09.7.32  - HP OpenView Network Node Manager Multiple Remote Command Execution
Vulnerabilities
09.7.33  - HP OpenView Network Node Manager "ovlaunch" Buffer Overflow
09.7.34  - OpenCORE "pvmp3_huffman_parsing.cpp" Remote Buffer Underflow
09.7.35  - PyCrypto ARC2 Module Buffer Overflow
09.7.36  - Trend Micro InterScan Web Security Suite Multiple Security Bypass
Vulnerabilities
09.7.37  - Open Handset Alliance Android Multiple Local Vulnerabilities
09.7.38  - Fail2ban "wuftpd.conf" Remote Denial of Service
09.7.39  - IBM WebSphere Application Server Multiple Vulnerabilities
09.7.40  - Sun Java System Directory Server LDAP Request Denial of Service
09.7.41  - Varnish HTTP Request Parsing Denial of Service
09.7.42  - Tor Multiple Denial of Service Vulnerabilities
 -- Web Application - Cross-Site Scripting
09.7.43  - Team "online.asp" Cross-Site Scripting Vulnerability
09.7.44  - Moodle Forum Unspecified Cross-Site Request Forgery
09.7.45  - Power System Of Article Management Multiple Cross-Site Scripting
Vulnerabilities
09.7.46  - Multiple Scripts For Sites EZ Products "directory.php" Cross-Site
Scripting
09.7.47  - Moodle "Login As" Cross-Site Scripting
09.7.48  - Mahara Forum Post Cross-Site Scripting
09.7.49  - Views Bulk Operations Unspecified Cross-Site Scripting
09.7.50  - Cisco IOS HTTP Server Multiple Cross-Site Scripting Vulnerabilities
09.7.51  - htmLawed CSS Expressions Unspecified Cross-Site Scripting
09.7.52  - Scripts for Sites EZ Baby "password.php" Cross-Site Scripting
09.7.53  - Kipper Local File Include and Cross-Site Scripting Vulnerabilities
09.7.54  - EZ Reminder "password.php" Cross-Site Scripting
09.7.55  - Phorum Unspecified Cross-Site Scripting
09.7.56  - MediaWiki "config/index.php" Multiple Cross-Site Scripting
Vulnerabilities
09.7.57  - AdaptCMS Lite Cross-Site Scripting and Remote File Include
Vulnerabilities
09.7.58  - Pebble Unspecified Cross-Site Scripting
09.7.59  - Zeroboard Xpress Engine "func.inc.php" Cross-Site Scripting
09.7.60  - Novell QuickFinder Server Multiple Cross-Site Scripting
Vulnerabilities
09.7.61  - Sajax "Sajax.php" Cross-Site Scripting
 -- Web Application - SQL Injection
09.7.62  - YapBB "forumhop.php" SQL Injection
09.7.63  - ProFTPD Character Encoding SQL Injection
09.7.64  - BusinessSpace "id" Parameter SQL Injection
09.7.65  - A Better Member-Based ASP Photo Gallery "view.asp" SQL Injection
09.7.66  - PHP Director "searching" Parameter SQL Injection
09.7.67  - CafeEngine "catid" Parameter SQL Injection
09.7.68  - PHP-Calendar SQL Credentials Information Disclosure
09.7.69  - Ilch CMS "HTTP_X_FORWARDED_FOR" SQL Injection
09.7.70  - ClickAuction "login_check.asp" Multiple SQL Injection Vulnerabilities
09.7.71  - ilchClan "statistic.php" SQL Injection
09.7.72  - FlexCMS "catId" Parameter SQL Injection
09.7.73  - If-CMS "id" Parameter SQL Injection
09.7.74  - Halite News "halite.php" SQL Injection
09.7.75  - MyNews "login.php" SQL Injection
09.7.76  - w3b|cms Multiple SQL Injection Vulnerabilities
09.7.77  - Banking@Home "Login.asp" Multiple SQL Injection Vulnerabilities
09.7.78  - ProFTPD "mod_sql_mysql" Username SQL Injection
09.7.79  - Auth PHP "login.php" SQL Injection
09.7.80  - Bluebird "login.php" Multiple SQL Injection Vulnerabilities
 -- Web Application
09.7.81  - Jaws Multiple Local File Include Vulnerabilities
09.7.82  - Moodle Log Table HTML Injection
09.7.83  - Moodle Calendar Export Unspecified Information Disclosure
09.7.84  - Moodle "/user/pix.php" Information Disclosure
09.7.85  - Bitrix Site Manager Multiple Input Validation Vulnerabilities
09.7.86  - rgboard Multiple Input Validation Vulnerabilities
09.7.87  - MetaBBS Administration Settings Authentication Bypass
09.7.88  - GR Blog Multiple Administrative Scripts Authentication Bypass
Vulnerabilities
09.7.89  - ESET Remote Administrator HTML Injection
09.7.90  - Drupal Link Module HTML Injection
09.7.91  - ClearBudget Local File Include and Authentication Bypass
Vulnerabilities
09.7.92  - txtBB User Profile "Miasto" Field HTML Injection
09.7.93  - WikkiTikkiTavi "upload.php" Arbitrary File Upload
09.7.94  - Mailist "send.php" Local File Include
09.7.95  - Zeroboard Multiple Remote Vulnerabilities
09.7.96  - Taridnt UP Remote File Upload
09.7.97  - HP OpenView Network Node Manager Multiple Information Disclosure
Vulnerabilities
09.7.98  - SilverNews Multiple Input Validation Vulnerabilities
09.7.99  - phpYabs "Azione" Parameter Remote File Include
09.7.100 - PyBlosxom Atom Flavor Multiple XML Injection Vulnerabilities
09.7.101 - Drupal "install.php" Local File Include
09.7.102 - Hedgehog-CMS "specialacts.php" Arbitrary File Upload
09.7.103 - WebFrame Local and Remote File Include Vulnerabilities
09.7.104 - YANOCC "lang_check.php" Local File Include
09.7.105 - Potato News "user" Cookie Parameter Local File Include
09.7.106 - Thyme "export.php" Local File Include
09.7.107 - SnippetMaster Webpage Editor Cross-Site Scripting and Remote File
Include Vulnerabilities
09.7.108 - Hedgehog-CMS Local File Include and PHP code Injection
Vulnerabilities
09.7.109 - TYPO3 Cross-Site Scripting and Information Disclosure Vulnerabilities
09.7.110 - Q-News "settings.php" Remote Command Execution
09.7.111 - Papoo "message_class.php" Local File Include
 -- Network Device
09.7.112 - Multiple Cisco Wireless LAN Controllers Multiple Remote
Vulnerabilities
09.7.113 - HP Multiple LaserJet Printers Unspecified Directory Traversal
09.7.114 - 3Com OfficeConnect Wireless Cable/DSL Gateway "SaveCfgFile" Access
Validation
09.7.115 - Rockwell Automation ControlLogix 1756-ENBT/A EtherNet/IP Bridge URI
Redirection
09.7.116 - Automation ControlLogix 1756-ENBT/A EtherNet/IP Bridge Multiple
Cross-Site Scripting Vulnerabilities
09.7.117 - NetGear SSL312 CGI Binary Remote Denial of Service
09.7.118 - Nokia N95 Malformed JPEG Denial of Service
09.7.119 - Avaya DECT Products Information Disclosure Weakness
09.7.120 - Swann DVR4 SecuraNet Directory Traversal
______________________________________________________________________

PART I Critical Vulnerabilities
Part I for this issue has been compiled by Rohan Kotian at TippingPoint,
a division of 3Com, as a by-product of that company's continuous effort
to ensure that its intrusion prevention products effectively block
exploits using known vulnerabilities. TippingPoint's analysis is
complemented by input from a council of security managers from twelve
large organizations who confidentially share with SANS the specific
actions they have taken to protect their systems. A detailed description
of the process may be found at
http://www.sans.org/newsletters/cva/#process

*****************************
Widely Deployed Software
*****************************

(1) CRITICAL: Microsoft Internet Explorer Multiple Vulnerabilities (MS09-002)
Affected:
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista 
Microsoft Windows Server 2008

Description: Microsoft Internet Explorer has multiple vulnerabilities
due to improper handling of certain HTML and web scripting constructs.
A specially crafted web page could trigger these issues thereby allowing
remote attackers to execute arbitrary code with the privileges of the
logged in user. User interaction is needed to exploit this vulnerability
with the user visiting the malicious page. Some technical details are
publicly available for these vulnerabilities.

Status: Vendor confirmed, updates available. 

References:
Microsoft Security Bulletin
http://www.microsoft.com/technet/security/bulletin/ms09-002.mspx
Zero Day Initiative Advisory
http://www.zerodayinitiative.com/advisories/ZDI-09-011/
http://www.zerodayinitiative.com/advisories/ZDI-09-012/
SecurityFocus BID
http://www.securityfocus.com/bid/33627
http://www.securityfocus.com/bid/33628

*************************************************************

(2) CRITICAL: Microsoft Exchange Server Multiple Vulnerabilities (MS09-003)
Affected:
Microsoft Exchange Server 2000
Microsoft Exchange Server 2003
Microsoft Exchange Server 2007

Description: Microsoft Exchange Server is a messaging system from
Microsoft that is used by enterprises to allow their users to access
e-mail, calendars, contacts and tasks. This product is vulnerable to
remote code execution and remote denial-of-service attacks. A specially
crafted e-mail when viewed by a user could execute arbitrary code with
the privileges of the vulnerable process, or a malformed command could
allow remote attackers to cause a denial of service. Some technical
details are publicly available for these vulnerabilities.

Status: Vendor confirmed, updates available.

References:
Microsoft Security Bulletin
http://www.microsoft.com/technet/security/bulletin/ms09-003.mspx
Wikipedia Article on Microsoft Exchange Server
http://en.wikipedia.org/wiki/Microsoft_Exchange_Server
Microsoft Exchange Server Home Page 
http://www.microsoft.com/exchange/default.mspx
SecurityFocus BID
http://www.securityfocus.com/bid/33134
http://www.securityfocus.com/bid/33136

*************************************************************

(3) CRITICAL: RealNetworks RealPlayer File Parsing Multiple Vulnerabilities
Affected:
Real Networks RealPlayer 11

Description: RealPlayer is a proprietary media player from RealNetworks
desgined to play different multimedia formats. RealPlayer has got
multiple vulnerabilities in the way it parses certain Internet Video
Recorder (IVR) files. A specially crafted IVR files could trigger either
a heap corruption vulnerability or a buffer overflow condition which can
overwrite arbitrary memory location with a NULL byte. Successful
exploitation of these vulnerabilities may allow an attacker to execute
arbitrary code with the privileges of the logged in user. User
Interaction is required though the user doesn't have to open the files
but a simple preview of the files is enough to trigger these issues.

Status: Vendor has not confirmed, no updates available.

References:
FortiGuard Advisory (FGA-2009-04)
http://www.fortiguardcenter.com/advisory/FGA-2009-04.html
Vendor Home Page
http://www.realnetworks.com/
SecurityFocus BID
http://www.securityfocus.com/bid/33652

*************************************************************

(4) HIGH: Microsoft Office Visio Multiple Vulnerabilities (MS09-005)
Affected:
Microsoft Office Visio 2002
Microsoft Office Visio 2003
Microsoft Office Visio 2007

Description: Microsoft Visio, a diagramming software from Microsoft, has
multiple vulnerabilities while handling malicious Visio files. A
specially crafted Visio file could trigger one of these vulnerabilities,
allowing an attacker to execute arbitrary code with the privileges of
the current user. User interaction is required, in that an attacker has
to convince the unsuspecting user to open the malicious file that is
either sent via an e-mail attachment or hosted on a Web site. Some
technical details are publicly available for these vulnerabilities.

Status: Vendors confirmed, updates available.

References:
Microsoft Security Bulletin
http://www.microsoft.com/technet/security/bulletin/ms09-005.mspx
Wikipedia Article on Microsoft Visio
http://en.wikipedia.org/wiki/Microsoft_Visio
Visio Home Page
http://office.microsoft.com/en-us/visio/default.aspx
SecurityFocus BID
http://www.securityfocus.com/bid/33659
http://www.securityfocus.com/bid/33660
http://www.securityfocus.com/bid/33661

*************************************************************

(5) HIGH: HP OpenView Network Node Manager Multiple Vulnerabilities
Affected:
HP OpenView Network Node Manager (NNM) 7.x and possibly prior

Description: HP Netwok Node Manager (NNM) is used to undertand and
realise a network topography. It contains multiple vulnerabilities
namely buffer overflow, remote command injection and information
disclosure due to lack of proper sanitary checks of user-supplied
inputs. A specially crafted request can be used to trigger any one of
the mentioned vulnerabilities. Successful exploitation of these
vulnerabilities can allow an attacker either to execute code with the
privileges of the vulnerable service or to gain access to sensitive
information. Some technical details are publicly available for these
vulnerabilities.

Status: Vendor confirmed, updates available.

References:
iDefense Security Advisory
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=770
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=771
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=772
Product Home Page
https://h10078.www1.hp.com/cda/hpms/display/main/hpms_content.jsp?zn=bto&cp=1-11
-15-119^1155_4000_100
SecurityFocus BID
http://www.securityfocus.com/bid/33666/
http://www.securityfocus.com/bid/33667/
http://www.securityfocus.com/bid/33668/

*************************************************************

Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 7, 2009

This list is compiled by Qualys ( www.qualys.com ) as part of that
company's ongoing effort to ensure its vulnerability management web
service tests for all known vulnerabilities that can be scanned. As of
this week Qualys scans for 5549 unique vulnerabilities. For this special
SANS community listing, Qualys also includes vulnerabilities that cannot
be scanned remotely.

09.7.1 CVE: CVE-2009-0098
Platform: Other Microsoft Products
Title: Microsoft Exchange Server TNEF Decoding Remote Code Execution
Description: Microsoft Exchange Server is an email server for the
Microsoft Windows platform. The application is exposed to a remote
code execution issue caused by an error in handling Transport Neutral
Encapsulation Format (TNEF) data. TNEF is used to encode Rich Text
Format (RTF) data in email messages.
Ref: http://support.microsoft.com/kb/959239
______________________________________________________________________

09.7.2 CVE: CVE-2009-0099
Platform: Other Microsoft Products
Title: Microsoft Exchange Server EMSMDB2 MAPI Command Remote Denial of
Service
Description: Microsoft Exchange Server is an email server for
Microsoft Windows. The application is exposed to a remote denial of
service issue. Specifically, this issue occurs in the Electronic
Message System Microsoft Database (EMSMDB2) provider.
Ref: http://www.microsoft.com/technet/security/Bulletin/MS09-003.mspx
______________________________________________________________________

09.7.3 CVE: CVE-2009-0075
Platform: Other Microsoft Products
Title: Microsoft Internet Explorer Uninitialized Memory Remote Code
Execution
Description: Microsoft Internet Explorer is a browser for the Windows
operating system. Internet Explorer is exposed to a remote code
execution issue when the application tries to access objects that have
been appended and deleted in a specific order.
Ref: http://www.securityfocus.com/archive/1/500831
______________________________________________________________________

09.7.4 CVE: CVE-2009-0095
Platform: Other Microsoft Products
Title: Microsoft Visio Object Validation Remote Code Execution
Description: Microsoft Visio is an application for visualizing and
communicating complex drawings and diagrams. Visio is exposed to a
remote code execution issue because it fails to adequately handle
user-supplied data. The software fails to properly validate object
data when opening specially-crafted Visio files, which can cause
memory to become corrupted.
Ref: http://www.microsoft.com/technet/security/Bulletin/MS09-005.mspx
______________________________________________________________________

09.7.5 CVE: CVE-2009-0096
Platform: Other Microsoft Products
Title: Microsoft Visio Object Copy Memory Corruption Remote Code
Execution
Description: Microsoft Visio is an application for visualizing and
communicating complex drawings and diagrams. Visio is exposed to a
remote code execution issue because it fails to adequately handle
user-supplied data. The software fails to  properly copy object data
in memory when parsing specially crafted Visio files.
Ref: http://www.microsoft.com/technet/security/Bulletin/MS09-005.mspx
______________________________________________________________________

09.7.6 CVE: CVE-2009-0097
Platform: Other Microsoft Products
Title: Microsoft Visio Memory Corruption Remote Code Execution
Description: Microsoft Visio is an application for visualizing and
communicating complex drawings and diagrams. Visio is exposed to a
remote code execution issue because it fails to adequately handle
user-supplied data. The software fails to  properly allocate memory
when opening a specially crafted Visio file.
Ref: http://www.microsoft.com/technet/security/Bulletin/MS09-005.mspx
______________________________________________________________________

09.7.7 CVE: CVE-2009-0076
Platform: Other Microsoft Products
Title: Microsoft Internet Explorer CSS Memory Corruption Remote Code
Execution
Description: Microsoft Internet Explorer is a browser for the Windows
operating system. Internet Explorer is exposed to a remote code
execution issue because the application fails to handle malicious
web pages containing certain CSS styles. Specifically, the problem
occurs when processing a CSS stylesheet with specific combinations of
style directives, one of which must be "zoom".
Ref: http://www.zerodayinitiative.com/advisories/ZDI-09-012/
______________________________________________________________________

09.7.8 CVE: Not Available
Platform: Third Party Windows Apps
Title: QIP 2005 Malformed Rich Text Message Remote Denial of Service
Description: QIP 2005 is an instant messaging client for the ICQ
protocol; it is available for Microsoft Windows. QIP 2005 is exposed
to a denial of service issue because it fails to handle malformed
messages. A remote attacker may exploit this issue by sending a
maliciously constructed rich text message to the vulnerable client.
QIP 2005 build 8082 is affected.
Ref: http://www.securityfocus.com/archive/1/500656
______________________________________________________________________

09.7.9 CVE: Not Available
Platform: Third Party Windows Apps
Title: FeedDemon "outline" Tag Buffer Overflow
Description: FeedDemon is an RSS newsfeed reader for Microsoft
Windows. FeedDemon is exposed to a remote buffer overflow issue
because it fails to perform adequate checks on user-supplied input
when handling a maliciously crafted OPML (Outline Processor Markup
Language) file. FeedDemon versions 2.7 and earlier are affected.
Ref: http://www.securityfocus.com/archive/1/500686
______________________________________________________________________

09.7.10 CVE: Not Available
Platform: Third Party Windows Apps
Title: Password Door Local Buffer Overflow
Description: Password Door is a password protection application for
Microsoft Windows platforms. The application is exposed to a local
buffer overflow issue because it fails to perform adequate boundary
checks on user-supplied input. The issue affects data supplied to
"PassDoor.exe" and may be triggered when the application processes
header data in excess of 601 characters. Password Door version 8.4 is
affected.
Ref: http://www.securityfocus.com/bid/33634
______________________________________________________________________

09.7.11 CVE: CVE-2009-0305
Platform: Third Party Windows Apps
Title: BlackBerry Application Web Loader ActiveX Control Remote Buffer
Overflow
Description: Research in Motion BlackBerry Application Web Loader
ActiveX control is an application used to load applications onto
BlackBerry devices. The BlackBerry Application Web Loader ActiveX
control is exposed to a remote stack-based buffer overflow issue that
affects the "load()" and "loadJad()" methods of the ActiveX control.
BlackBerry Application Web Loader version 1.0 is affected.
Ref: http://www.kb.cert.org/vuls/id/131100
______________________________________________________________________

09.7.12 CVE: Not Available
Platform: Third Party Windows Apps
Title: Nokia Phoenix Service Software ActiveX Controls Multiple Buffer
Overflow Vulnerabilities
Description: Nokia Phoenix Service Software includes multiple ActiveX
controls used for firmware updates on Nokia phones. The application is
exposed to multiple buffer overflow issues because it fails to perform
adequate boundary checks on user-supplied data. Nokia Phoenix Service
Software version 2008.04.007.32837 is affected.
Ref: http://www.securityfocus.com/archive/1/500829
______________________________________________________________________

09.7.13 CVE: Not Available
Platform: Linux
Title: Linux Kernel "make_indexed_dir()" Local Denial of Service
Description: The Linux kernel is exposed to a local denial of service
issue because it fails to properly handle malformed file system images.
The problem occurs in the "make_indexed_dir()" function of the
"fs/ext3/namei.c" source file. Linux kernel versions prior to
2.6.27.14 are affected.
Ref: http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.14
______________________________________________________________________

09.7.14 CVE: Not Available
Platform: Linux
Title: Linux Kernel "inotify_read()" Local Denial of Service
Description: The Linux kernel is exposed to a local denial of service
issue. Specifically, this issue occurs in the "inotify_read()"
function in the "fs/notify/inotify/inotify_user.c" source code file.
If a user space process supplies an invalid pointer to a "read()"
function, the inotify device mutex may be unlocked twice. The Linux
kernel versions prior to 2.6.28.3 are affected.
Ref: http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.3
______________________________________________________________________

09.7.15 CVE: Not Available
Platform: Linux
Title: Wicd "wicd.conf" Default Configuration Local Information
Disclosure
Description: Wicd (Wireless Interface Connection Daemon) is a tool
used for establishing wired and wireless network connections for
Linux. The application is exposed to a local information disclosure
issue because its default configuration fails to restrict ownership of
its daemon. Wicd versions prior to 1.5.9 are affected.
Ref: http://permalink.gmane.org/gmane.comp.security.oss.general/1465
______________________________________________________________________

09.7.16 CVE: Not Available
Platform: Linux
Title: Linux Kernel Console Selection Local Privilege Escalation
Description: The Linux kernel is exposed to a local privilege
escalation issue in console selection. This issue is caused by an
off-by-two memory error that occurs in the "set_selection()" function
of the "selection.c" source file. Linux kernel versions prior to
2.6.28.4 are affected.
Ref: http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.4
______________________________________________________________________

09.7.17 CVE: Not Available
Platform: Linux
Title: ZeroShell "cgi-bin/kerbynet" Remote Command Execution
Description: ZeroShell is a Linux distribution intended for embedded
systems. It includes a web-based administrative interface. The
application is exposed to an issue that attackers can leverage to
execute arbitrary commands. This issue occurs because the application
fails to adequately sanitize user-supplied input to the "type"
parameter of the "cgi-bin/kerbynet" script. ZeroShell version
1.0beta11 is affected.
Ref: http://www.zeroshell.net/eng/patch-details/#C100
______________________________________________________________________

09.7.18 CVE: Not Available
Platform: Linux
Title: GNOME Evolution S/MIME Email Signature Verification
Description: GNOME Evolution is an email, address book, and calendar
application for users of the GNOME desktop. GNOME Evolution is exposed
to a signature verification issue. This issue occurs because the
application fails to properly verify email signatures included in 
Secure / Multipurpose Internet Mail Extensions (S/MIME) mail messages.
Ref: http://bugzilla.gnome.org/show_bug.cgi?id=564465
______________________________________________________________________

09.7.19 CVE: CVE-2009-0036
Platform: Linux
Title: libvirt "libvirt_proxy.c" Local Privilege Escalation
Description: The "libvirt" library is used to interact with the
virtualization capabilities of recent versions of Linux. The "libvirt"
library is exposed to a local privilege escalation issue because it
fails to perform adequate boundary-checks on user-supplied data.
Ref: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-0036
______________________________________________________________________

09.7.20 CVE: CVE-2009-0206
Platform: HP-UX
Title: HP-UX NFS Unspecified Local Denial of Service
Description: HP-UX is exposed to a local denial of service issue. The
issue stems from an unspecified error in the NFS ONCplus package.
HP-UX version B.11.31 is affected.
Ref: http://www.securityfocus.com/archive/1/500726
______________________________________________________________________

09.7.21 CVE: Not Available
Platform: Solaris
Title: Sun OpenSolaris Process File System Local Code Execution
Description: Sun Solaris is exposed to a local code execution issue
because of an unspecified error. The issue occurs in the process file
system ("proc(4)") when interacting with the "contract(4)" file
system. OpenSolaris based on builds snv_85 through snv_100 are
affected.
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-244026-1
______________________________________________________________________

09.7.22 CVE: Not Available
Platform: Aix
Title: IBM AIX "at" Local Information Disclosure
Description: AIX is a Unix operating system from IBM. The "at" command
is used to execute commands at a specified time. AIX is exposed to a
local information disclosure issue that stems from a design error.
Specifically, the "/usr/bin/at" command in the "bos.rte.cron" fileset
fails to properly drop permissions before reading certain files.
Ref:
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4558
______________________________________________________________________

09.7.23 CVE: Not Available
Platform: Cross Platform
Title: Openfiler "password.html" Password Reset Security Bypass
Description: Openfiler is open source storage appliance software.
The application is exposed to a security bypass issue related to the
password reset feature. An attacker may exploit this issue by setting
the "userauthenticated" global variable through a POST request to the
"account/password.html" script which allows bypassing certain checks
and resetting arbitrary user's password. Openfiler version 2.3 is
affected.
Ref: http://www.securityfocus.com/bid/33605
______________________________________________________________________

09.7.24 CVE: Not Available
Platform: Cross Platform
Title: Trend Micro Interscan Web Security HTTP Proxy Authentication
Information Disclosure
Description: Trend Micro InterScan Web Security Suite is a solution
for Internet gateways to protect networks against web-based attacks.
The application is exposed to an information disclosure when handling
HTTP Proxy Authentication headers.
Ref: http://www.securityfocus.com/archive/1/500760
______________________________________________________________________

09.7.25 CVE: Not Available
Platform: Cross Platform
Title: Non-Creative Software LCPlayer ".qt" File Remote Buffer
Overflow
Description: Non-Creative Software LCPlayer is a multimedia player
application. LCPlayer is exposed to a remote stack-based buffer
overflow issue because it fails to perform adequate checks on
user-supplied input. Specifically, this issue occurs when parsing a
".qt" file containing an overly long URI. LCPlayer version 0.5.4 is
affected.
Ref: http://www.securityfocus.com/archive/1/500660
______________________________________________________________________

09.7.26 CVE: CVE-2009-0211, CVE-2009-0212, CVE-2009-0213,
CVE-2009-0214, CVE-2009-021
Platform: Cross Platform
Title: AREVA e-terrahabitat Multiple Security Vulnerabilities
Description: AREVA e-terrahabitat is a suite of Supervisory Control
And Data Acquisition (SCADA) software. e-terrahabitat is exposed to
multiple issues. AREVA e-terrahabitat versions 5.7 and earlier are
affected.
Ref: http://www.kb.cert.org/vuls/id/337569
______________________________________________________________________

09.7.27 CVE: Not Available
Platform: Cross Platform
Title: ClearBudget Invalid ".htaccess" Unauthorized Access
Description: ClearBudget is an expense management application.
ClearBudget is exposed to an unauthorized access issue because it
fails to properly restrict access to certain directories. ClearBudget
version 0.6.1 is affected.
Ref: http://www.securityfocus.com/bid/33643
______________________________________________________________________

09.7.28 CVE: CVE-2009-0264
Platform: Cross Platform
Title: Fujitsu Systemcast Wizard Lite Registry Tool Buffer Overflow
Description: Fujitsu Systemcast Wizard Lite is a support application
for Fujitsu PRIMEQUEST servers. Systemcast Wizard Lite is exposed to a
buffer overflow issue because it fails to perform adequate boundary
checks on user-supplied input. This issue occurs in the Registry Tool
component. Systemcast Wizard Lite versions 2.0A and earlier are
affected.
Ref: http://www.securityfocus.com/bid/33644
______________________________________________________________________

09.7.29 CVE: Not Available
Platform: Cross Platform
Title: Wireshark 1.0.5 Multiple Denial of Service Vulnerabilities
Description: Wireshark (formerly Ethereal) is an application for
analyzing network traffic; it is available for Microsoft Windows and
Unix like systems. Wireshark is exposed to multiple issues.
Wireshark versions 0.99.6 through 1.0.5 are affected.
Ref: http://www.wireshark.org/security/wnpa-sec-2009-01.html
______________________________________________________________________

09.7.30 CVE: CVE-2009-0205
Platform: Cross Platform
Title: HP OpenView Network Node Manager Unspecified Remote Code
Execution
Description: HP OpenView Network Node Manager is a fault management
application for IP networks. The application is exposed to a remote
code execution issue due to an unspecified error. HP OpenView Network
Node Manager versions 7.01, 7.51 and 7.53 are affected.
Ref:
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01661610
______________________________________________________________________

09.7.31 CVE: CVE-2009-0375, CVE-2009-0376
Platform: Cross Platform
Title: RealNetworks RealPlayer IVR File Parsing Multiple
Vulnerabilities
Description: RealNetworks RealPlayer is an application that allows
users to play various media formats. The application is exposed to
multiple memory corruption issues. RealPlayer version 11 is affected.
Ref: http://www.securityfocus.com/archive/1/500722
______________________________________________________________________

09.7.32 CVE: CVE-2008-4559
Platform: Cross Platform
Title: HP OpenView Network Node Manager Multiple Remote Command
Execution Vulnerabilities
Description: HP OpenView Network Node Manager is a fault management
application for IP networks. Network Node Manager is exposed to
multiple remote command execution issues. Specifically, issues exist
in the "webappmon.exe" and "OpenView5.exe" CGI applications. These
issues occur due to user supplied data not being properly sanitized
before being supplied as command line arguments to external
applications. Network Node Manager version 7.53 under Linux is
affected.
Ref: http://www.securityfocus.com/archive/1/500734
______________________________________________________________________

09.7.33 CVE: CVE-2008-4562
Platform: Cross Platform
Title: HP OpenView Network Node Manager "ovlaunch" Buffer Overflow
Description: HP OpenView Network Node Manager is a fault management
application for IP networks. The "ovlaunch" CGI application is used to
launch the remote user interface. Network Node Manager is exposed to a
buffer overflow issue because the application fails to properly
bounds check user-supplied data. The problem occurs in "ovlaunch".
Network Node Manager version 7.53 running on Microsoft Windows is
affected.
Ref:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=772
______________________________________________________________________

09.7.34 CVE: CVE-2009-0475
Platform: Cross Platform
Title: OpenCORE "pvmp3_huffman_parsing.cpp" Remote Buffer Underflow
Description: OpenCORE is an open source multimedia decoding subsystem.
The library is exposed to a remote buffer underflow issue because it
fails to perform adequate boundary checks on user-supplied data.
Specifically, the vulnerability resides in the
"pvmp3_huffman_parsing.cpp" source file.
Ref: http://review.source.android.com/Gerrit#change,8815
______________________________________________________________________

09.7.35 CVE: Not Available
Platform: Cross Platform
Title: PyCrypto ARC2 Module Buffer Overflow
Description: PyCrypto (Python Cryptography Toolkit) is a set of
cryptographic modules for the Python programming language. PyCrypto is
exposed to a buffer overflow issue because it fails to adequately
verify user-supplied input. This issue resides in the ARC2 module.
This issue can be triggered with specially crafted ARC2 keys in excess
of 128 bytes.
Ref:
http://gitweb2.dlitz.net/?p=crypto/pycrypto-2.x.git;a=commitdiff;h=
d1c4875e1f220652fe7ff8358f56dee3b2aba31b
______________________________________________________________________

09.7.36 CVE: Not Available
Platform: Cross Platform
Title: Trend Micro InterScan Web Security Suite Multiple Security
Bypass Vulnerabilities
Description: Trend Micro InterScan Web Security Suite is a solution
for internet gateways to protect networks against web-based attacks.
The application is exposed to multiple security bypass issues that
stem from access control errors in multiple JSP pages. InterScan Web
Security Suite version 3.1 for Windows is affected.
Ref:
http://www.trendmicro.com/ftp/documentation/readme/
iwss_31_win_en_readme_CP_1237_EN.txt
______________________________________________________________________

09.7.37 CVE: Not Available
Platform: Cross Platform
Title: Open Handset Alliance Android Multiple Local Vulnerabilities
Description: Open Handset Alliance Android (previously Google Android)
is a software stack and operating system for mobile phones. Android is
exposed to multiple issues. Android version 1.0 as shipped with the
T-Mobile G1 phone is affected.
Ref: http://www.securityfocus.com/bid/33695
______________________________________________________________________

09.7.38 CVE: CVE-2007-4321
Platform: Cross Platform
Title: Fail2ban "wuftpd.conf" Remote Denial of Service
Description: Fail2ban is an application designed to monitor
authentication failure messages and block hosts that attempt
brute force attacks against network services. The application is
designed to monitor log entries made by the network services when
authentication failures occur. When failures are logged, the
application adds the source IP address of attacking computers directly
as a firewall rule or inserts the address into the block list.
Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514163
______________________________________________________________________

09.7.39 CVE: CVE-2009-0432, CVE-2009-0433, CVE-2009-0434,
CVE-2009-0435, CVE-2009-0436, CVE-2009-0438, CVE-2008-4284,
CVE-2008-4283
Platform: Cross Platform
Title: IBM WebSphere Application Server Multiple Vulnerabilities
Description: IBM WebSphere Application Server (WAS) is an application
server used for service oriented architecture. IBM WebSphere
Application Server is exposed to multiple issues. A local attacker
could exploit this vulnerability using unspecified attack vectors to
have an unknown impact on the system.
Ref: http://xforce.iss.net/xforce/xfdb/48526
______________________________________________________________________

09.7.40 CVE: Not Available
Platform: Cross Platform
Title: Sun Java System Directory Server LDAP Request Denial of Service
Description: Sun Java System Directory Server is an LDAP (Lightweight
Directory Access Protocol) server distributed with multiple Sun
products. Sun Java System Directory Server is exposed to a denial of
service issue. Specifically, this vulnerability occurs when processing
specially crafted LDAP requests and stems from an unspecified issue in
the LDAP SDK (Software Development Kit) for C.
Ref:
http://www.sun.com/software/products/directory_srvr_ee/dir_srvr/index.xml
______________________________________________________________________

09.7.41 CVE: Not Available
Platform: Cross Platform
Title: Varnish HTTP Request Parsing Denial of Service
Description: Varnish is an HTTP accelerator application. Varnish is
exposed to a remote denial of service issue caused by an unspecified
error when processing a malformed HTTP request. Successfully
exploiting this issue allows remote attackers to crash the affected
application, denying further service to legitimate users. Varnish
versions prior to 2.0.1 are affected.
Ref: http://www.securityfocus.com/bid/33712
______________________________________________________________________

09.7.42 CVE: Not Available
Platform: Cross Platform
Title: Tor Multiple Denial of Service Vulnerabilities
Description: Tor is an implementation of second generation Onion
Routing, a connection oriented anonymizing communication service. Tor
is exposed to multiple denial of service issues. Tor versions prior to
0.2.0.34 are affected.
Ref: http://archives.seul.org/or/announce/Feb-2009/msg00000.html
______________________________________________________________________

09.7.43 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Team "online.asp" Cross-Site Scripting Vulnerability
Description: Team is a web-based bulletin board application
implemented in ASP. The application is exposed to a cross-site
scripting issue because it fails to sufficiently sanitize
user-supplied input to the "lookname" parameter in the "online.asp"
script.
Ref: http://www.securityfocus.com/bid/33614
______________________________________________________________________

09.7.44 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Moodle Forum Unspecified Cross-Site Request Forgery
Description: Moodle is a content manager for online courseware. Moodle
is exposed to a cross-site request forgery issue. This issue affects the
application's forum. Moodle versions 1.9 up to but not including 1.9.4;
versions 1.8 up to but not including 1.8.8; and versions 1.7 up to but
not including 1.7.7 are affected.
Ref: http://www.securityfocus.com/bid/33615
______________________________________________________________________

09.7.45 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Power System Of Article Management Multiple Cross-Site
Scripting Vulnerabilities
Description: Power System Of Article Management is a web-based
application implemented in ASP. The application is exposed to multiple
cross-site scripting issues because it fails to sufficiently sanitize
user-supplied input. Issues have been reported in the "ComeUrl"
parameter of the "userchklogin.asp" and "userlogin.asp" scripts. Power
System Of Article Management version 3.0 is affected.
Ref: http://www.milw0rm.com/exploits/7981
______________________________________________________________________

09.7.46 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Multiple Scripts For Sites EZ Products "directory.php" Cross-Site
Scripting
Description: Scripts For Sites distribute multiple web-based PHP
applications. Multiple Scripts For Sites products are exposed to a
cross-site scripting issue because they fail to sufficiently sanitize
user-supplied data to the "email" field of the "directory.php" script
when "ax" is set to "remind".
Ref: http://www.securityfocus.com/bid/33688
______________________________________________________________________

09.7.47 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Moodle "Login As" Cross-Site Scripting
Description: Moodle is a content manager for online courseware. The
application is exposed to a cross-site scripting issue because it
fails to sufficiently sanitize user-supplied input. This issue occurs
if "teacher" or "administrator" users utilize the "Login As" feature
to visit "MyMoodle" or "Blog" pages of that user.
Ref: http://moodle.org/security/
______________________________________________________________________

09.7.48 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Mahara Forum Post Cross-Site Scripting
Description: Mahara is a Perl based eportfolio application. The
application is exposed to a cross-site scripting issue because it
fails to sanitize user-supplied input. This issue occurs in forum
posts. Mahara versions prior to 1.0.9 are affected.
Ref: http://mahara.org/interaction/forum/topic.php?id=198
______________________________________________________________________

09.7.49 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Views Bulk Operations Unspecified Cross-Site Scripting
Description: Views bulk operations is a third party plugin module for
the Drupal content management system for performing bulk updates of
nodes. The application is exposed to a cross-site scripting issue
because it fails to sufficiently sanitize user-supplied input.
Ref: http://drupal.org/node/369223
______________________________________________________________________

09.7.50 CVE: CVE-2008-3821
Platform: Web Application - Cross Site Scripting
Title: Cisco IOS HTTP Server Multiple Cross-Site Scripting
Vulnerabilities
Description: Cisco IOS HTTP Server is a web server for the Cisco IOS
operating system. The application is exposed to multiple cross-site
scripting issues because it fails to sanitize user-supplied input.
Specifically, these issues affect the "level/15/exec/-/" and "exec/"
scripts. Cisco IOS version 12.4(23) is affected.
Ref:
http://www.cisco.com/en/US/products/products_security_response09186a0080a5c501.
html
______________________________________________________________________

09.7.51 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: htmLawed CSS Expressions Unspecified Cross-Site Scripting
Description: htmLawed is a PHP script for input text processing.
htmLawed is exposed to a cross-site scripting issue because it fails
to sanitize user-supplied input to an unspecified parameter. The issue
is related to handling dynamic crafted CSS expressions. htmLawed
versions prior to 1.1.6 are affected.
Ref:
http://www.bioinformatics.org/phplabware/internal_utilities/htmLawed/
htmLawed_README.htm#s4.3
______________________________________________________________________

09.7.52 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Scripts for Sites EZ Baby "password.php" Cross-Site Scripting
Description: Scripts for Sites EZ Baby is a web application. The
application is exposed to a cross-site scripting issue because it
fails to sufficiently sanitize user-supplied input. This issue affects
the "u2" parameter in the "password.php" script when submitted via an
HTTP POST request.
Ref: http://www.securityfocus.com/bid/33635
______________________________________________________________________

09.7.53 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Kipper Local File Include and Cross-Site Scripting
Vulnerabilities
Description: Kipper is a PHP based template manager. The application
is exposed to multiple issues because it fails to properly sanitize
user-supplied input. Kipper version 2.01 is affected.
Ref: http://www.securityfocus.com/bid/33640
______________________________________________________________________

09.7.54 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: EZ Reminder "password.php" Cross-Site Scripting
Description: EZ Reminder is a PHP-based reminder script. The
application is exposed to a cross-site scripting issue because it
fails to sufficiently sanitize user-supplied input. This issue affects
the email box when editing a user password through the "password.php"
script.
Ref: http://www.securityfocus.com/bid/33641
______________________________________________________________________

09.7.55 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Phorum Unspecified Cross-Site Scripting
Description: Phorum is a web-based forum application. Phorum is
exposed to an unspecified cross-site scripting issue because it fails
to properly sanitize user-supplied input. Phorum version 5.2.10-RC1 is
affected.
Ref: http://www.phorum.org/phorum5/read.php?64,136129
______________________________________________________________________

09.7.56 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: MediaWiki "config/index.php" Multiple Cross-Site Scripting
Vulnerabilities
Description: MediaWiki is a PHP based wiki application. The
application is exposed to multiple cross-site scripting issues because
it fails to sufficiently sanitize user-supplied data to unspecified
parameters of the "config/index.php" script. MediaWiki versions prior
to 1.13.4, 1.12.4, and 1.6.12 are affected.
Ref:
http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_13_4/phase3/RELEASE-NOTES
______________________________________________________________________

09.7.57 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: AdaptCMS Lite Cross-Site Scripting and Remote File Include
Vulnerabilities
Description: AdaptCMS Lite is a PHP based content manager. The
application is exposed to multiple issues because it fails to
sufficiently sanitize user-supplied input. An attacker can exploit
these issues to execute malicious PHP code in the context of the
web server process. AdaptCMS Lite version 1.4 is affected.
Ref: http://www.securityfocus.com/bid/33698
______________________________________________________________________

09.7.58 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Pebble Unspecified Cross-Site Scripting
Description: Pebble is an open source blogging tool implemented in
Java and XML. The application is exposed to a cross-site scripting
issue because it fails to sufficiently sanitize user-supplied input to
an unspecified parameter. The issue affects Pebble versions prior to
2.3.2.
Ref: http://sourceforge.net/project/shownotes.php?release_id=660130
______________________________________________________________________

09.7.59 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Zeroboard Xpress Engine "func.inc.php" Cross-Site Scripting
Description: Xpress Engine is a PHP-based content manager. The
application is exposed to a cross-site scripting issue because it
fails to sufficiently sanitize user-supplied input through the
"/config/func.inc.php" script. Xpress Engine version 1.1.15 is
affected.
Ref: http://www.securityfocus.com/bid/33703
______________________________________________________________________

09.7.60 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Novell QuickFinder Server Multiple Cross-Site Scripting
Vulnerabilities
Description: Novell QuickFinder Server is a web-based search solution
for enterprises. The application is exposed to multiple cross-site
scripting issues because it fails to sufficiently sanitize
user-supplied input to the "adminurl" parameter of the "AdminServlet"
script and POST parameters of the "AdminServlet" script.
Ref: http://www.securityfocus.com/archive/1/500825
______________________________________________________________________

09.7.61 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Sajax "Sajax.php" Cross-Site Scripting
Description: Sajax is a PHP-based tool for Ajax enabled web sites. The
application is exposed to a cross-site scripting issue because it
fails to sufficiently sanitize user-supplied input through a URI to the
"sajax_get_common_js()" function in the "php/Sajax.php" script. Sajax
version 0.12 is affected.
Ref: http://www.securityfocus.com/bid/33711
______________________________________________________________________

09.7.62 CVE: Not Available
Platform: Web Application - SQL Injection
Title: YapBB "forumhop.php" SQL Injection
Description: YapBB (Yet Another PHP Bulletin Board) is a PHP-based
bulletin board application. The application is exposed to an SQL
injection issue because it fails to sufficiently sanitize
user-supplied data to the "forumID" parameter of the "forumhop.php"
script before using it in an SQL query. YapBB version 1.2 is affected.
Ref: http://www.securityfocus.com/bid/33620
______________________________________________________________________

09.7.63 CVE: Not Available
Platform: Web Application - SQL Injection
Title: ProFTPD Character Encoding SQL Injection
Description: ProFTPD is an FTP server implementation that is available
for Unix and Linux platforms. It can be integrated with multiple
database servers. ProFTPD is exposed to an SQL injection issue because
it fails to sufficiently sanitize user-supplied data before using it
in an SQL query. ProFTPD versions 1.3.1 and later are affected.
Ref: http://bugs.proftpd.org/show_bug.cgi?id=3173
______________________________________________________________________

09.7.64 CVE: Not Available
Platform: Web Application - SQL Injection
Title: BusinessSpace "id" Parameter SQL Injection
Description: BusinessSpace is web-based collaboration software for
teams, groups and companies. The application is exposed to an SQL
injection issue because it fails to sufficiently sanitize
user-supplied data to the "id" parameter before using it an SQL query.
BusinessSpace version 1.2 is affected.
Ref: http://www.securityfocus.com/bid/33692
______________________________________________________________________

09.7.65 CVE: Not Available
Platform: Web Application - SQL Injection
Title: A Better Member-Based ASP Photo Gallery "view.asp" SQL
Injection
Description: A Better Member-Based ASP Photo Gallery is an ASP-based
photo gallery application. The application is exposed to an SQL
injection issue because it fails to sufficiently sanitize
user-supplied data to the "entry" parameter of the "view.asp" script.
Ref: http://www.securityfocus.com/bid/33693
______________________________________________________________________

09.7.66 CVE: Not Available
Platform: Web Application - SQL Injection
Title: PHP Director "searching" Parameter SQL Injection
Description: PHP Director is a video content manager. The application
is exposed to an SQL injection issue because the application fails to
sufficiently sanitize user-supplied input to the "searching" parameter
of the "index.php" script. PHP Director version 0.2 is affected.
Ref: http://www.securityfocus.com/bid/33694
______________________________________________________________________

09.7.67 CVE: Not Available
Platform: Web Application - SQL Injection
Title: CafeEngine "catid" Parameter SQL Injection
Description: CafeEngine is a PHP-based application for managing cafe
or restaurant web pages. The application is exposed to an SQL
injection issue because it fails to sufficiently sanitize
user-supplied data to the "catid" parameter of the "index.php" script
before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/33655
______________________________________________________________________

09.7.68 CVE: Not Available
Platform: Web Application - SQL Injection
Title: PHP-Calendar SQL Credentials Information Disclosure
Description: PHP-Calendar is web-based calendar application
implemented in PHP. PHP-Calendar is exposed to an information
disclosure issue because it fails to restrict access to multiple
scripts. HP-Calendar versions 1.1 and earlier are affected.
Ref: http://www.securityfocus.com/bid/33656
______________________________________________________________________

09.7.69 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Ilch CMS "HTTP_X_FORWARDED_FOR" SQL Injection
Description: Ilch CMS is PHP-based content manager. The application is
exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied input in the "HTTP_X_FORWARDED_FOR" HTTP
header. This issue occurs in the "getip()" function of the
"include/includes/func/statistics.php" script. Ilch CMS versions 1.1L
and earlier are affected.
Ref: http://www.ilch.de/news-188.html
______________________________________________________________________

09.7.70 CVE: CVE-2009-0297
Platform: Web Application - SQL Injection
Title: ClickAuction "login_check.asp" Multiple SQL Injection
Vulnerabilities
Description: ClickAuction is a web-based auction application
implemented in ASP. The application is exposed to multiple SQL
injection issues because it fails to sufficiently sanitize
user-supplied data to the "txtEmail" and "txtPassword" parameters of
the "login_check.asp" script.
Ref: http://www.securityfocus.com/bid/33671
______________________________________________________________________

09.7.71 CVE: Not Available
Platform: Web Application - SQL Injection
Title: ilchClan "statistic.php" SQL Injection
Description: ilchClan is a PHP based application. The application is
exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "X-Forwarded-For" HTTP header value
in "thegetip()" function of the "include/includes/func/statistic.php"
script before using it an SQL query. ilchClan version 1.1L is
affected.
Ref: http://www.ilch.de/news-188.html
______________________________________________________________________

09.7.72 CVE: Not Available
Platform: Web Application - SQL Injection
Title: FlexCMS "catId" Parameter SQL Injection
Description: FlexCMS is a web-based content management system. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "catId" parameter
before using it an SQL query.
Ref: http://www.securityfocus.com/bid/33696
______________________________________________________________________

09.7.73 CVE: Not Available
Platform: Web Application - SQL Injection
Title: If-CMS "id" Parameter SQL Injection
Description: If-CMS is web-based content management software
implemented in PHP. The application is exposed to an SQL injection
issue because it fails to sufficiently sanitize user-supplied data to
the "id" parameter of the "frame.php" script before using it an SQL
query. If-CMS version 2.07 is affected.
Ref: http://www.securityfocus.com/bid/33697
______________________________________________________________________

09.7.74 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Halite News "halite.php" SQL Injection
Description: Halite News, also known as Fluorine CMS, is a web-based
content management system. The application is exposed to an SQL
injection issue because it fails to sufficiently sanitize
user-supplied data to the "id" parameter of the "halite.php" script
before using it in an SQL query. Halite News version 0.1 rc 1 is
affected.
Ref: http://www.securityfocus.com/bid/33727
______________________________________________________________________

09.7.75 CVE: Not Available
Platform: Web Application - SQL Injection
Title: MyNews "login.php" SQL Injection
Description: MyNews is a web-based news reader. The application is
exposed to an SQL injection  issue because it fails to sufficiently
sanitize user-supplied data to "username" and "password" textboxes
when logging in to the affected application via the "login.php"
script. MyNews Beta version 0.10 is affected.
Ref: http://www.securityfocus.com/bid/33728
______________________________________________________________________

09.7.76 CVE: Not Available
Platform: Web Application - SQL Injection
Title: w3b|cms Multiple SQL Injection Vulnerabilities
Description: w3b|cms is a PHP-based content manager. The application
is exposed to multiple SQL injection issues because it fails to
sufficiently sanitize user-supplied data before using it in an SQL
query.
Ref: http://www.securityfocus.com/bid/33706
______________________________________________________________________

09.7.77 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Banking@Home "Login.asp" Multiple SQL Injection Vulnerabilities
Description: Banking@Home is a web-based application implemented in
ASP. The application is exposed to multiple SQL injection issues
because it fails to sufficiently sanitize user-supplied data to the
"username" and "password" parameters of the "Login.asp" script.
Banking@Home version 2.1 is affected.
Ref: http://www.securityfocus.com/archive/1/500824
______________________________________________________________________

09.7.78 CVE: Not Available
Platform: Web Application - SQL Injection
Title: ProFTPD "mod_sql_mysql" Username SQL Injection
Description: ProFTPD is an FTP server implementation that is available
for Unix and Linux platforms. It can be integrated with multiple
database servers. ProFTPD is exposed to an SQL injection issue because
it fails to sufficiently sanitize user-supplied data before using it
in an SQL query.
Ref: http://www.securityfocus.com/archive/1/500823
______________________________________________________________________

09.7.79 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Auth PHP "login.php" SQL Injection
Description: Auth PHP is a web-based application implemented in PHP.
The application is exposed to an SQL injection issue because it fails
to sufficiently sanitize user-supplied data to the "username" and
"password" parameters of the "login.php" script before using them in
an SQL query. Auth PHP version 1.0 is affected.
Ref: http://www.securityfocus.com/bid/33723
______________________________________________________________________

09.7.80 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Bluebird "login.php" Multiple SQL Injection Vulnerabilities
Description: Bluebird is a web-based application implemented in PHP.
The application is exposed to multiple SQL injection issues because it
fails to sufficiently sanitize user-supplied data to the "username"
and "passwd" parameters of the "login.php" script. Bluebird
Pre-Release is affected.
Ref: http://www.securityfocus.com/bid/33725
______________________________________________________________________

09.7.81 CVE: Not Available
Platform: Web Application
Title: Jaws Multiple Local File Include Vulnerabilities
Description: Jaws is a web-based application framework and
content management application. The application is exposed to multiple
local file include issues because it fails to properly sanitize
user-supplied input. Jaws version 0.8.8 is affected.
Ref: http://www.securityfocus.com/bid/33607
______________________________________________________________________

09.7.82 CVE: Not Available
Platform: Web Application
Title: Moodle Log Table HTML Injection
Description: Moodle is an open source application for managing online
courseware. It is freely available under the GNU Public license for
Unix and variants, and for Microsoft Windows. The application is
exposed to an HTML injection issue because it fails to properly
sanitize user-supplied input before using it in dynamically generated
content.
Ref:
http://cvs.moodle.org/moodle/course/lib.php?r1=1.538.2.66&r2=1.538.2.67
______________________________________________________________________

09.7.83 CVE: Not Available
Platform: Web Application
Title: Moodle Calendar Export Unspecified Information Disclosure
Description: Moodle is a content manager for online courseware. The
application is exposed to an unspecified information disclosure issue
related to the calendar export feature. Moodle versions 1.9 up to but
not including 1.9.4, and versions 1.8 up to but not including 1.8.8 are
affected.
Ref: http://moodle.org/security/
______________________________________________________________________

09.7.84 CVE: Not Available
Platform: Web Application
Title: Moodle "/user/pix.php" Information Disclosure
Description: Moodle is a content manager for online courseware. The
application is exposed to an information disclosure issue because it
fails to restrict access to the "/user/pix.php" script. Moodle
versions 1.9 up to but not including 1.9.4, and versions 1.8 up to but not
including 1.8.8 are affected.
Ref: http://moodle.org/security/
______________________________________________________________________

09.7.85 CVE: Not Available
Platform: Web Application
Title: Bitrix Site Manager Multiple Input Validation Vulnerabilities
Description: Bitrix Site Manager is a PHP-based content manager. The
application is exposed multiple input validation issues. An attacker
may leverage these issues to gain unauthorized access to the affected
application, execute arbitrary script code in the browser of an
unsuspecting user in the context of the affected site and steal
cookie-based authentication credentials.
Ref: http://www.securityfocus.com/bid/33689
______________________________________________________________________

09.7.86 CVE: Not Available
Platform: Web Application
Title: rgboard Multiple Input Validation Vulnerabilities
Description: rgboard is a web-based application. The application is
exposed to multiple input validation issues. A remote attacker can
exploit these issues to obtain sensitive information or execute
malicious PHP code in the context of the web server process. rgboard
version 4 is affected.
Ref: http://www.securityfocus.com/archive/1/500662
______________________________________________________________________

09.7.87 CVE: Not Available
Platform: Web Application
Title: MetaBBS Administration Settings Authentication Bypass
Description: MetaBBS is PHP-based forum software. The application is
exposed to an issue that lets attackers modify user passwords because
it fails to adequately secure access to administrative functions of
the "admin/settings/index.php" script. MetaBBS version 0.11 is
affected.
Ref: http://www.securityfocus.com/archive/1/500666
______________________________________________________________________

09.7.88 CVE: Not Available
Platform: Web Application
Title: GR Blog Multiple Administrative Scripts Authentication Bypass
Vulnerabilities
Description: GR Blog is a PHP-based blogging application. The
application is exposed to multiple authentication bypass issues
because it fails to perform adequate authentication checks. GR Blog
version 1.1.4 is affected.
Ref: http://www.securityfocus.com/bid/33629
______________________________________________________________________

09.7.89 CVE: Not Available
Platform: Web Application
Title: ESET Remote Administrator HTML Injection
Description: ESET Remote Administrator is a web-based application used
to manage ESET's products in a networked environment. The application
is exposed to an HTML injection issue because it fails to properly
sanitize user-supplied input before using it in dynamically generated
content. This issue occurs in the "Additional Report Settings"
interface. ESET Remote Administrator versions prior to 3.0.105 are
affected.
Ref: http://www.eset.eu/support/changelog-eset-remote-administrator-3
______________________________________________________________________

09.7.90 CVE: Not Available
Platform: Web Application
Title: Drupal Link Module HTML Injection
Description: Link is a third party component for Drupal used to
provide added functionality to the Content Construction Kit (CCK)
module. The application is exposed to an HTML injection issue because
it fails to properly sanitize user-supplied input to the "Help" field
before using the input in dynamically generated content. The Link
module version 5.x-2.5 is affected.
Ref:
http://archives.neohapsis.com/archives/fulldisclosure/2009-02/0036.html
______________________________________________________________________

09.7.91 CVE: Not Available
Platform: Web Application
Title: ClearBudget Local File Include and Authentication Bypass
Vulnerabilities
Description: ClearBudget is PHP-based finance and budgeting
application. The application is exposed to multiple input validation
issues. An attacker can exploit the authentication bypass
vulnerability to gain unauthorized access to the affected application.
ClearBudget version 0.6.1 is affected.
Ref: http://www.securityfocus.com/bid/33645
______________________________________________________________________

09.7.92 CVE: Not Available
Platform: Web Application
Title: txtBB User Profile "Miasto" Field HTML Injection
Description: txtBB is a web-based content manager written in PHP.
txtBB is exposed to an HTML injection issue because it fails to
sufficiently sanitize user-supplied input. Specifically, this issue
affects the "Miasto" field of a user profile. txtBB version 1.0 RC3 is
affected.
Ref: http://www.securityfocus.com/bid/33646
______________________________________________________________________

09.7.93 CVE: Not Available
Platform: Web Application
Title: WikkiTikkiTavi "upload.php" Arbitrary File Upload
Description: WikkiTikkiTavi is a wiki engine implemented in PHP. The
application is exposed to an issue that lets attackers upload
arbitrary files. The issue occurs because the software fails to
adequately sanitize file extensions before uploading files via the
"upload.php" script. WikkiTikkiTavi version 1.11 is affected.
Ref: http://www.securityfocus.com/bid/33647
______________________________________________________________________

09.7.94 CVE: Not Available
Platform: Web Application
Title: Mailist "send.php" Local File Include
Description: Mailist is a PHP-based subscription mailing list. The
application is exposed to a local file include issue because it fails
to properly sanitize user-supplied input to the "load" parameter of
the "send.php" script. Mailist version 3.0 is affected.
Ref: http://www.securityfocus.com/bid/33648
______________________________________________________________________

09.7.95 CVE: Not Available
Platform: Web Application
Title: Zeroboard Multiple Remote Vulnerabilities
Description: Zeroboard is a bulletin board system. The application is
exposed to multiple issues. Zeroboard version 4 pl8 is affected.
Ref: http://www.securityfocus.com/bid/33649
______________________________________________________________________

09.7.96 CVE: Not Available
Platform: Web Application
Title: Taridnt UP Remote File Upload
Description: Taridnt UP is a web-based application. The application is
exposed to a remote file upload issue because it fails to sufficiently
sanitize the contents of a file before uploading it. Taridnt UP
version 1.0 is affected.
Ref: http://www.securityfocus.com/bid/33691
______________________________________________________________________

09.7.97 CVE: CVE-2008-4560
Platform: Web Application
Title: HP OpenView Network Node Manager Multiple Information
Disclosure Vulnerabilities
Description: HP OpenView Network Node Manager (NNM) is used to perform
remote administration of HP computer hardware. HP OpenView Network
Node Manager is exposed to multiple information disclosure issues that
occur in various CGI applications. HP OpenView Network Node Manager
version 7.53 is affected.
Ref:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=771
______________________________________________________________________

09.7.98 CVE: Not Available
Platform: Web Application
Title: SilverNews Multiple Input Validation Vulnerabilities
Description: SilverNews is a PHP-based content manager. The
application is exposed to multiple input validation issues. An
attacker can exploit these issues to execute arbitrary code within
the context of the web server, compromise the application, access or
modify data, exploit latent vulnerabilities in the underlying database, 
or gain access to sensitive information. SilverNews version 2.04 is
affected.
Ref: http://www.securityfocus.com/bid/33669
______________________________________________________________________

09.7.99 CVE: Not Available
Platform: Web Application
Title: phpYabs "Azione" Parameter Remote File Include
Description: phpYabs is web-based application. The application is
exposed to a remote file include issue because it fails to properly
sanitize user-supplied input to the "Azione" parameter of the
"moduli/libri/index.php" script. phpYabs version 0.1.2 is affected.
Ref: http://www.securityfocus.com/bid/33670
______________________________________________________________________

09.7.100 CVE: Not Available
Platform: Web Application
Title: PyBlosxom Atom Flavor Multiple XML Injection Vulnerabilities
Description: PyBlosxom is a file based weblog system. The application
is exposed to multiple XML injection issues because it fails to
properly sanitize user-supplied input before using it in dynamically
generated content. Specifically, these issues exist in the Atom
flavour in "head.atom" when handling URLs. PyBlosxom version 1.4.3 is
affected.
Ref: http://www.helith.net/txt/netgear_ssl312_remote_dos.txt
______________________________________________________________________

09.7.101 CVE: Not Available
Platform: Web Application
Title: Drupal "install.php" Local File Include
Description: Drupal is a PHP-based content manager. The application is
exposed to a local file include issue because it fails to properly
sanitize user-supplied input to the "profile" parameter of the
"install.php" script. Drupal version 6.9 is affected.
Ref: http://www.securityfocus.com/archive/1/500759
______________________________________________________________________

09.7.102 CVE: Not Available
Platform: Web Application
Title: Hedgehog-CMS "specialacts.php" Arbitrary File Upload
Description: Hedgehog-CMS is a web-based content management system.
The application is exposed to an issue that lets attackers upload
arbitrary files. The issue occurs because the software fails to
adequately sanitize file extensions before uploading files via the
"specialacts.php" script. Hedgehog-CMS version 1.21 is affected.
Ref: http://www.securityfocus.com/bid/33699
______________________________________________________________________

09.7.103 CVE: Not Available
Platform: Web Application
Title: WebFrame Local and Remote File Include Vulnerabilities
Description: WebFrame is a PHP-based framework application. The
application is exposed to multiple input validation issues. A remote
attacker can exploit these issues to obtain sensitive information or
execute malicious PHP code in the context of the web server process.
WebFrame version 0.76 is affected.
Ref: http://www.securityfocus.com/bid/33701
______________________________________________________________________

09.7.104 CVE: Not Available
Platform: Web Application
Title: YANOCC "lang_check.php" Local File Include
Description: YANOCC (Yet Another NOCC) is a web-based email client
implemented in PHP. The application is exposed to a local file include
issue because it fails to properly sanitize user-supplied input to the
"lang" parameter of the "lang_check.php" script. YANOCC version 0.1.0
is affected.
Ref: http://www.securityfocus.com/bid/33704
______________________________________________________________________

09.7.105 CVE: Not Available
Platform: Web Application
Title: Potato News "user" Cookie Parameter Local File Include
Description: Potato News is a PHP-based news script. The application
is exposed to a local file include issue because it fails to properly
sanitize user-supplied input to the "user" cookie parameter that is
processed by the "admin.php" script. Potato News version 1.0.0 is
affected.
Ref: http://www.securityfocus.com/bid/33729
______________________________________________________________________

09.7.106 CVE: Not Available
Platform: Web Application
Title: Thyme "export.php" Local File Include
Description: Thyme is a PHP based photo calendar application. The
application is exposed to a local file include issue because it fails
to properly sanitize user-supplied input to the "export_to" parameter
of the "export.php" script. Thyme version 1.3 is affected.
Ref: http://www.securityfocus.com/bid/33731
______________________________________________________________________

09.7.107 CVE: Not Available
Platform: Web Application
Title: SnippetMaster Webpage Editor Cross-Site Scripting and Remote
File Include Vulnerabilities
Description: SnippetMaster Webpage Editor is a web site content editing
tool. The application is exposed to multiple issues because it fails
to sufficiently sanitize user-supplied input. SnippetMaster Webpage
Editor version 2.2.2 is affected.
Ref: http://www.securityfocus.com/bid/33705
______________________________________________________________________

09.7.108 CVE: Not Available
Platform: Web Application
Title: Hedgehog-CMS Local File Include and PHP code Injection
Vulnerabilities
Description: Hedgehog-CMS is a PHP based content manager. The
application is exposed to multiple issues because it fails to properly
sanitize user-supplied input. Hedgehog-CMS version 1.21 is affected.
Ref: http://www.securityfocus.com/bid/33710
______________________________________________________________________

09.7.109 CVE: Not Available
Platform: Web Application
Title: TYPO3 Cross-Site Scripting and Information Disclosure
Vulnerabilities
Description: TYPO3 is a PHP-based content manager. The application is
exposed to multiple remote issues. Attackers may leverage these issues
to execute arbitrary script code in the browser of an unsuspecting
user in the context of the affected site, steal cookie-based
authentication credentials, and obtain sensitive information.
Ref:
http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-002/
______________________________________________________________________

09.7.110 CVE: Not Available
Platform: Web Application
Title: Q-News "settings.php" Remote Command Execution
Description: Q-News is a PHP-based Quick News generator. The
application is exposed to an issue that attackers can leverage to
execute arbitrary PHP commands. This issue occurs because the
application fails to adequately sanitize user-supplied input to the
"cmd" parameter of the "settings.php" script. Q-News version 2.0 is
affected.
Ref: http://www.securityfocus.com/bid/33717
______________________________________________________________________

09.7.111 CVE: Not Available
Platform: Web Application
Title: Papoo "message_class.php" Local File Include
Description: Papoo is a web-based content management system
implemented in PHP. The application is exposed to a local file include
issue because it fails to properly sanitize user-supplied input to the
"pfadhier" parameter of the "lib/classes/message_class.php" script.
Papoo version 3.6 is affected; other versions may also be vulnerable.
Ref: http://www.securityfocus.com/bid/33718
______________________________________________________________________

09.7.112 CVE: CVE-2009-0058, CVE-2009-0059, CVE-2009-0061,
CVE-2009-0062
Platform: Network Device
Title: Multiple Cisco Wireless LAN Controllers Multiple Remote
Vulnerabilities
Description: Cisco Wireless LAN controllers are used to control
various wireless LAN functions. Multiple Cisco Wireless LAN
Controllers are exposed to multiple issues.
Ref: http://www.cisco.com/warp/public/707/cisco-sa-20090204-wlc.shtml
______________________________________________________________________

09.7.113 CVE: CVE-2008-4419
Platform: Network Device
Title: HP Multiple LaserJet Printers Unspecified Directory Traversal
Description: HP LaserJet printers are network attached printers. The
devices' embedded web server, HP-ChaiSOE/1.0, is exposed to an
unspecified directory traversal issue because it fails to sufficiently
sanitize user-supplied input.
Ref: http://www.securityfocus.com/archive/1/500724
______________________________________________________________________

09.7.114 CVE: Not Available
Platform: Network Device
Title: 3Com OfficeConnect Wireless Cable/DSL Gateway "SaveCfgFile"
Access Validation
Description: The 3Com OfficeConnect Wireless Cable/DSL Gateway is a
Wi-Fi networking router. The device is exposed to an access validation
issue because of a lack of authentication when users access the
"SaveCfgFile" CGI application. The 3Com OfficeConnect Wireless
Cable/DSL Gateway firmware version 1.2.0 is affected.
Ref: http://www.securityfocus.com/archive/1/500762
______________________________________________________________________

09.7.115 CVE: Not Available
Platform: Network Device
Title: Rockwell Automation ControlLogix 1756-ENBT/A EtherNet/IP Bridge
URI Redirection
Description: Rockwell Automation ControlLogix 1756-ENBT/A EtherNet/IP
Bridge is a logic control device. The web interface is used to display
log file and status information. Rockwell Automation ControlLogix
1756-ENBT/A EtherNet/IP Bridge is exposed to a remote URI redirection
issue because the device's web interface fails to sufficiently
sanitize user-supplied input.
Ref: http://rockwellautomation.custhelp.com/cgi-bin/rockwellautomation
.cfg/php/enduser/std_adp.php?p_faqid=57729
______________________________________________________________________

09.7.116 CVE: Not Available
Platform: Network Device
Title: Automation ControlLogix 1756-ENBT/A EtherNet/IP Bridge Multiple
Cross-Site Scripting Vulnerabilities
Description: Rockwell Automation ControlLogix 1756-ENBT/A EtherNet/IP
Bridge is a logic control device. The web interface is used to display
log files and status information. The application is exposed to
multiple cross-site scripting issues because the device's web
interface fails to sufficiently sanitize user-supplied input data.
Ref:
http://rockwellautomation.custhelp.com/cgi-bin/rockwellautomation.cfg/php/
enduser/std_adp.php?p_faqid=57729
______________________________________________________________________

09.7.117 CVE: Not Available
Platform: Network Device
Title: NetGear SSL312 CGI Binary Remote Denial of Service
Description: NetGear SSL312 is an SSL VPN concentrator. The appliance
is exposed to a remote denial of service issue that occurs in the
"cgi-bin/single_cgi" CGI-binary. An attacker can exploit the issue
using the web interface of the appliance. Successful exploitation
allows remote attackers to cause denial of service conditions.
Ref: http://www.helith.net/txt/netgear_ssl312_remote_dos.txt
______________________________________________________________________

09.7.118 CVE: Not Available
Platform: Network Device
Title: Nokia N95 Malformed JPEG Denial of Service
Description: Nokia N95 is a smartphone developed by Nokia. Nokia N95
is exposed to a denial of service issue that occurs in the devices web
browser. This issue occurs when handling malformed JPEG files. A
successful exploit of this issue allows remote attackers to crash the
browser on the affected device, denying service to legitimate users.
Ref: http://www.securityfocus.com/archive/1/500752
______________________________________________________________________

09.7.119 CVE: Not Available
Platform: Network Device
Title: Avaya DECT Products Information Disclosure Weakness
Description: Digital Enhanced Cordless Telecommunications (DECT) is a
standard for wireless telephones. IP DECT and ISDN DECT are the two
Avaya telephony systems that use DECT. An information disclosure
weakness exists in DECT. Successful exploitation of this issue will
allow attackers to obtain sensitive information.
Ref: http://support.avaya.com/elmodocs2/security/ASA-2009-021.htm
______________________________________________________________________

09.7.120 CVE: Not Available
Platform: Network Device
Title: Swann DVR4 SecuraNet Directory Traversal
Description: Swann DVR4 SecuraNet is a hardware device used for
recording remote cameras. It includes an embedded web server. The
web server is exposed to a directory traversal issue because it fails
to sufficiently sanitize user-supplied input. Specifically, the
application fails to sanitize directory traversal strings contained in
the URL.
Ref: http://www.securityfocus.com/bid/33716
______________________________________________________________________
[ terug ]