Home
Systeembeheer
Consultancy
Connectivity
Training
Development

Klanten

Inloggen

Resources

Sans artikelen
Security artikelen

Software

Linux
Windows









[ terug ]
*************************************************************************
            @RISK: The Consensus Security Vulnerability Alert
February 5, 2009                                          Vol. 8. Week 06
*************************************************************************
@RISK is the SANS community's consensus bulletin summarizing the most
important vulnerabilities and exploits identified during the past week
and providing guidance on appropriate actions to protect your systems
(PART I). It also includes a comprehensive list of all new
vulnerabilities discovered in the past week (PART II).

Summary of Updates and Vulnerabilities in this Consensus
Platform                        Number of Updates and Vulnerabilities
- ------------------------        -------------------------------------
Other Microsoft Products                     1
Third Party Windows Apps                     9 (#4, #5, #6)
Linux                                        3
BSD                                          1
Solaris                                      2 (#7)
Novell                                       3 (#1)
Cross Platform                              22 (#2, #3)
Web Application - Cross Site Scripting      11
Web Application - SQL Injection             19
Web Application                             28
Network Device                               2

*********************** Sponsored By PureWire ***************************

ALERT: Hackers Announce Open Season on Web 2.0 Users and Browsers 

Learn how hackers are exploiting your employees Web surfing to gain
entry into your network. New technologies such as AJAX and Silverlight
are fueling attack methods such as; Clickjacking, XSS and Request
Forgery. Recent research shows that 70% of Web sites serving malware are
actually legitimate sites. Download this white paper now!
http://www.sans.org/info/38418
*************************************************************************
TRAINING UPDATE
- - SANS 2009 in Orlando in early March - the largest security training
conference and expo in the world. lots of evening sessions:
http://www.sans.org/
- - Looking for training in your own Community?  http://sans.org/community/
For a list of all upcoming events, on-line and live: www.sans.org
*************************************************************************

Table Of Contents
Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)

Widely Deployed Software
(1) CRITICAL: Novell Netware Groupwise SMTP Command Handling Buffer Overflow
(2) CRITICAL: Multiple Mozilla Products Multiple Vulnerabilities
(3) HIGH: Multiple VNC Clients Multiple Vulnerabilities
(4) HIGH: Free Download Manager Remote Buffer Overflow
(5) HIGH: NewsGator FeedDemon RSS Handling Buffer Overflow
(6) HIGH: Nokia PC Suite Playlist Handling Buffer Overflow
(7) MODERATE: Sun Sun Fire Embedded Lights Out Management Login Bypass

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from
Qualys (www.qualys.com)

 -- Other Microsoft Products
09.6.1 - Microsoft Internet Explorer HTML Form Value Buffer Overflow
 -- Third Party Windows Apps
09.6.2 - Thomson Demo mp3PRO Player/Encoder ".m3u" File Remote Buffer Overflow
09.6.3 - Web on Windows ActiveX "WriteIniFileString/ShellExecute" Arbitrary File
Overwrite
09.6.4 - Synactis ALL In-The-Box ActiveX Control Arbitrary File Overwrite
09.6.5 - Spider Player Multiple Playlist Files Buffer Overflow
09.6.6 - Multiple Kaspersky Products "klim5.sys" Local Privilege Escalation
09.6.7 - BreakPoint Software Hex Workshop ".cmap" File Handling Memory
Corruption
09.6.8 - Nokia Multimedia Player ".m3u" File Heap Buffer Overflow
09.6.9 - Euphonics ".pls" File Buffer Overflow
09.6.10  - BlazeVideo HDTV Player PLF File Heap Buffer Overflow
 -- Linux
09.6.11  - Linux Kernel "inotify" Local Privilege Escalation
09.6.12  - Red Hat Certificate System Security Bypass
09.6.13  - Todd Miller Sudo "Runas_Alias" Supplementary Group Local Privilege
Escalation
 -- BSD
09.6.14  - OpenBSD BGP UPDATE Message Remote Denial of Service
 -- Solaris
09.6.15  - Sun Solaris ip(7P) Kernel Module IP-in-IP Packet Handling Local
Denial of Service
09.6.16  - Sun Solaris ip(7P) Kernel Module Minor Number Allocation Local Denial
of Service
 -- Novell
09.6.17  - Novell GroupWise WebAccess Unspecified HTML Injection
09.6.18  - Novell GroupWise HTTP POST/GET Request Information Disclosure
09.6.19  - Novell GroupWise Internet Agent Unspecified Remote Buffer Overflow
 -- Cross Platform
09.6.20  - W3C Amaya HTML "input" Tag Parameter Buffer Overflow
09.6.21  - W3C Amaya Multiple Buffer Overflow Vulnerabilities
09.6.22  - Autonomy Ultraseek "cs.html" URI Redirection
09.6.23  - FFmpeg "libavformat/4xm.c" Remote Code Execution
09.6.24  - Sun Fire X2100/X2200 M2 Servers Security Bypass and Remote Command
Execution
09.6.25  - Trickle "LD_PRELOAD" Arbitrary Code Execution
09.6.26  - IBM AIX "rmsock" Insecure Log File Handling
09.6.27  - Xerox WorkCentre Web Server Unspecified Remote Command Execution
09.6.28  - IBM WebSphere Application Server Arbitrary File Information
Disclosure
09.6.29  - Gretech GOM Player ".pls" File Remote Buffer Overflow
09.6.30  - PHP "mbstring.func_overload" Web Server Denial of Service
09.6.31  - Enomaly ECP Insecure Temporary File Creation
09.6.32  - VMware ESX VMDK Delta Disk Host Denial of Service
09.6.33  - Free Download Manager Remote Control Server Stack Buffer Overflow
09.6.34  - Free Download Manager Torrent File Parsing Multiple Remote Buffer
Overflow Vulnerabilities
09.6.35  - PSCS VPOP3 Email Message HTML Injection
09.6.36  - Small HTTP server FTP Directory Traversal
09.6.37  - Bugzilla Pseudo Random Number Generator Shared Seed
09.6.38  - NaviCOPA Web Server Remote Buffer Overflow and Source Code
Information Disclosure Vulnerabilities
09.6.39  - Multiple VNC Clients Multiple Integer Overflow Vulnerabilities
09.6.40  - Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2009 -01 to -06 Multiple
Remote Vulnerabilities
09.6.41  - Squid Web Proxy Cache HTTP Version Number Parsing Denial of Service
 -- Web Application - Cross Site Scripting
09.6.42  - HP Select Access Unspecified Cross-Site Scripting
09.6.43  - Piggydb Unspecified Cross-Site Scripting
09.6.44  - htmLawed Multiple Unspecified Cross-Site Scripting Vulnerabilities
09.6.45  - Profense Cross-Site Request Forgery and Cross-Site Scripting
Vulnerabilities
09.6.46  - D-Link DVG-2001s VoIP Phone Adaptor "page_CfgDevInfo_Set" Cross-Site
Scripting
09.6.47  - Google Chrome Cross-Site Scripting and Cross Domain Security Bypass
Vulnerabilities
09.6.48  - Novell GroupWise WebAccess "gw/webacc" Multiple Cross-Site Scripting
Vulnerabilities
09.6.49  - E-Php B2B Trading Marketplace Script Multiple Cross-Site Scripting
Vulnerabilities
09.6.50  - D-Link DIR-300 Cross-Site Scripting and Security Bypass
Vulnerabilities
09.6.51  - Vivvo 404 Error Page Cross-Site Scripting
09.6.52  - Ez PHP Comment Reviewer Name Cross-Site Scripting
 -- Web Application - SQL Injection
09.6.53  - Max.Blog "offline_auth.php" SQL Injection
09.6.54  - SocialEngine "blog.php" SQL Injection
09.6.55  - Domain Technologie Control "client/new_account.php" Multiple SQL
Injection Vulnerabilities
09.6.56  - smartSite CMS "articles.php" SQL Injection
09.6.57  - ASP-DEV XM Events Diary "diary_viewC.asp" SQL Injection
09.6.58  - NetArt Media Car Portal Login SQL Injection
09.6.59  - KTP Computer Customer Database "lname" Parameter SQL Injection
09.6.60  - PLE CMS "login.php" SQL Injection
09.6.61  - SalesCart Login Multiple SQL Injection Vulnerabilities
09.6.62  - Bugs Online "help.asp" SQL Injection
09.6.63  - SkaLinks Administration Login SQL Injection
09.6.64  - e-Vision CMS "iframe.php" SQL Injection
09.6.65  - ClickCart Login Parameters SQL Injection Vulnerabilities
09.6.66  - Online Grades Login Parameters SQL Injection Vulnerabilities
09.6.67  - Multiple Whole Hog Software Products Login SQL Injection
09.6.68  - phpBLASTER "blaster_user" Parameter SQL Injection
09.6.69  - WEBalbum "photo.php" SQL Injection
09.6.70  - MyDesign Sayac "admin.asp" Login Parameters SQL Injection
09.6.71  - DMXReady Online Notebook Manager Login Parameters SQL Injection
Vulnerabilities
 -- Web Application
09.6.72  - Star Articles Multiple Administrative Scripts Authentication Bypass
Vulnerabilities
09.6.73  - Personal Site Manager 0.3 Multiple Remote Vulnerabilities
09.6.74  - Coppermine Photo Gallery "picEditor.php" Remote File Upload
09.6.75  - KTP Computer Customer Database "p" Parameter Local File Include
09.6.76  - SIR GNUBoard Multiple Remote Vulnerabilities
09.6.77  - ReVou SQL Injection and Cross-Site Scripting Vulnerabilities
09.6.78  - BPAutosales "index.php" SQL Injection and Cross-Site Scripting
Vulnerabilities
09.6.79  - BoonEx Orca Topic Title HTML Injection
09.6.80  - Drupal ImageField Module Multiple Vulnerabilities
09.6.81  - OpenHelpdesk "ajax.php" Remote Command Execution
09.6.82  - Multiple Whole Hog Software Products Cookie Authentication Bypass
09.6.83  - Multiple Groone Products "abspath" Parameter Remote File Include
09.6.84  - SMA-DB Cross-Site Scripting and Remote File Include Vulnerabilities
09.6.85  - AJA Portal Multiple Local File Include Vulnerabilities
09.6.86  - Flatnux User Profile "Job" Field HTML Injection
09.6.87  - Sourdough "neededFiles[patForms]" Parameter Remote File Include
09.6.88  - phpSlash "fields" Parameter Remote Command Execution
09.6.89  - CMS Mini "guestbook" Remote Command Execution
09.6.90  - Simple Machines Forum Censored Words HTML Injection
09.6.91  - AJA Portal Rapidshare Module Arbitrary File Upload
09.6.92  - Technote "shop_this_skin_path" Parameter Remote File Include
09.6.93  - Simple Machines Forum "[url]" Tag HTML Injection
09.6.94  - DreamPics Photo/Video Gallery "exhibition_id" SQL Injection
09.6.95  - TxtBlog "admin/index.php" Remote Command Execution
09.6.96  - Flatnux "_FNROOTPATH" Parameter Remote File Include
09.6.97  - Syntax Desktop "synTarget" Parameter Local File Include
09.6.98  - GR Board Multiple Remote File Include Vulnerabilities
09.6.99  - PHPbbBook "bbcode.php" Local File Include
 -- Network Device
09.6.100 - Motorola Wimax Modem CPEi300 Multiple Cross-Site Scripting
           and Directory Traversal Vulnerabilities
09.6.101 - Zoom VoIP Telephone Adapter Cross-Site Request Forgery
______________________________________________________________________

PART I Critical Vulnerabilities
Part I for this issue has been compiled by Rob King and Rohan Kotian at
TippingPoint, a division of 3Com, as a by-product of that company's
continuous effort to ensure that its intrusion prevention products
effectively block exploits using known vulnerabilities. TippingPoint's
analysis is complemented by input from a council of security managers
from twelve large organizations who confidentially share with SANS the
specific actions they have taken to protect their systems. A detailed
description of the process may be found at
http://www.sans.org/newsletters/cva/#process

*****************************
Widely Deployed Software
*****************************

(1) CRITICAL: Novell Netware Groupwise SMTP Command Handling Buffer Overflow
Affected:
Novell Netware Groupwise SMTP Server versions prior to 8.0 HP1

Description: Novell Netware Groupwise is a popular collaboration and
messaging platform. Its Simple Mail Transfer Protocol (SMTP) component
contains a vulnerability in its handling of the SMTP 'RCPT' command. A
specially crafted RCPT command could trigger a buffer overflow
vulnerability. Successfully exploiting this vulnerability would allow
an attacker to execute arbitrary code with the privileges of the
vulnerable process (usually root or SYSTEM). Technical details are
publicly available for this vulnerability.

Status: Vendor confirmed, updates available. 

References:
Zero Day Initiative Advisory
http://www.zerodayinitiative.com/advisories/ZDI-09-010/
Vendor Advisory
http://www.novell.com/support/viewContent.do?externalId=7002502
Product Home Page
http://www.novell.com/products/groupwise/
SecurityFocus BID
http://www.securityfocus.com/bid/33560

*************************************************************

(2) CRITICAL: Mulitple Mozilla Products Multiple Vulnerabilities
Affected:
Mozilla Firefox versions prior to 3.0.6
Mozilla Thunderbird versions prior to 2.0.0.21
Mozilla SeaMonkey versions prior to 1.1.15

Description: Multiple Mozilla products, including the popular Firefox
web browser, Thunderbird email client, and SeaMonkey application suite,
contain multiple vulnerabilities in their handling of a variety of
inputs. A specially crafted web page or JavaScript script could trigger
one of these vulnerabilities, leading to a variety of exploitable
conditions. Full technical details for these vulnerabilities are
publicly available via source code analysis. Additionally,
cross-site-scripting and information disclosure vulnerabilities were
addressed in this update.

Status: Vendor confirmed, updates available.

References:
Mozilla Security Advisories
http://www.mozilla.org/security/announce/2009/mfsa2009-01.html
http://www.mozilla.org/security/announce/2009/mfsa2009-02.html
http://www.mozilla.org/security/announce/2009/mfsa2009-03.html
http://www.mozilla.org/security/announce/2009/mfsa2009-04.html
http://www.mozilla.org/security/announce/2009/mfsa2009-05.html
http://www.mozilla.org/security/announce/2009/mfsa2009-06.html
Vendor Home Page
http://www.mozilla.org
SecurityFocus BID
http://www.securityfocus.com/bid/33598

*************************************************************

(3) HIGH: Multiple VNC Clients Multiple Vulnerabilities
Affected:
UltraVNC versions prior to  1.0.5.4
TightVNC versions prior to 1.3.10

Description: VNC, or Virtual Network Computing, is a popular protocol
for screen and desktop sharing. Multiple VNC clients contain
vulnerabilities in their handling of the VNC screen sharing protocol. A
malicious server could exploit these vulnerabilities upon access by a
user. Successfully exploiting one of these vulnerabilities would allow
an attacker to execute arbitrary code with the privileges of the current
user. Note that users must first connect to the malicious server to be
vulnerable; however, depending upon configuration, a VNC client may be
opened by clicking on a link in a web page or from an email message.
Full technical details are publicly available for some of these
vulnerabilities via source code analysis. A proof-of-concept for some
of these vulnerabilities is also publicly available.

Status: Vendors confirmed, updates available.

References:
Proof-of-Concept
http://milw0rm.com/exploits/7990
Wikipedia Article on Virtual Network Computing
http://en.wikipedia.org/wiki/Virtual_Network_Computing
Product Home Pages
http://www.tightvnc.com/
http://www.uvnc.com/
SecurityFocus BID
http://www.securityfocus.com/bid/33568

*************************************************************

(4) HIGH: Free Download Manager Remote Buffer Overflow
Affected:
Free Download Manager versions prior to 3.0 build 848

Description: Free Download Manager (FDM) is a popular download and file
transfer management application. It contains a flaw in its handling of
certain HTTP headers during transfer. A specially crafted HTTP response
from a malicious server could trigger a buffer overflow condition.
Successfully exploiting this overflow would allow an attacker to execute
arbitrary code with the privileges of the current user. Full technical
details are publicly available via source code analysis.  Note that a
user would need to connect to a malicious server in order to be
compromised.

Status: Vendor confirmed, updates available.

References:
Secunia Security Advisory
http://secunia.com/secunia_research/2009-3/
Product Home Page
http://www.freedownloadmanager.org/
SecurityFocus BID
http://www.securityfocus.com/bid/33554

*************************************************************

(5) HIGH: NewsGator FeedDemon RSS Handling Buffer Overflow
Affected:
NewsGator FeedDemon versions 2.7 and prior

Description: NewsGator FeedDemon is a popular Really Simple Syndication
(RSS) reader for Microsoft Windows. RSS is used to syndicate
periodically updated web content, and is popularly used with blogs and
news websites. A specially crafted RSS feed could trigger a buffer
overflow condition in FeedDemon, allowing an attacker to execute
arbitrary code with the privileges of the current user. Full technical
details are publicly available for this vulnerability. Note that a user
must subscribe to a malicious RSS feed to be compromised.

Status: Vendor has not confirmed, no updates available.

References:
Bkis Security Advisory
http://security.bkis.vn/?p=329
Wikipedia Article on RSS
http://en.wikipedia.org/wiki/Really_Simple_Syndication
Product Home Page
http://www.newsgator.com/Individuals/FeedDemon/Default.aspx
SecurityFocus BID
http://www.securityfocus.com/bid/33630

*************************************************************

(6) HIGH: Nokia PC Suite Playlist Handling Buffer Overflow
Affected:
Nokia PC Suite versions 6.x and possibly prior

Description: Nokia PC Suite is a suite of applications used to manage
Nokia mobile devices. It contains a buffer overflow in its multimedia
player component's handling of playlist files. A specially crafted
playlist file could trigger this buffer overflow, allowing an attacker
to execute arbitrary code with the privileges of the current user. Note
that, depending upon configuration, a malicious playlist file may be
opened upon receipt, without first prompting the user. Some technical
details and a proof-of-concept are publicly available for this
vulnerability.

Status: Vendor has not confirmed, no updates available.

References:
Proof-of-Concept
http://downloads.securityfocus.com/vulnerabilities/exploits/33586.py
Vendor Home Page
http://www.nokia.com/
SecurityFocus BID
http://www.securityfocus.com/bid/33586

*************************************************************

(7) MODERATE: Sun Sun Fire Embedded Lights Out Management Login Bypass
Affected:
Sun Sun Fire X2100 M2 Servers with SP/BMC firmware versions 3.19 or prior
Sun Sun Fire X2200 M2 Servers with SP/BMC firmware versions 3.19 or prior

Description: The Sun Fire server series is a popular server platform
from Sun. The X2100 and X2200 series servers provide a Lights Out
Management (LOM) feature, which can be used to perform limited
administration of the system while the system is in a powered-down or
otherwise low power state. This feature can be configured to allow
administration via the network. A flaw in the validation of login
credentials on the X2100 and X2200 series of servers could allow an
unauthorized user to log in to the LOM system and execute arbitrary
commands with administrative privileges.

Status: Vendor confirmed, updates available. Users are advised to
disable network access to the LOM subsystem.

References:
Sun Security Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-66-239886-1
Wikipedia Article on Lights Out Management
http://en.wikipedia.org/wiki/Out-of-band_management
SecurityFocus BID
Not yet available.

*******************************************************

Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 6, 2009
This list is compiled by Qualys ( www.qualys.com ) as part of that
company's ongoing effort to ensure its vulnerability management web
service tests for all known vulnerabilities that can be scanned. As of
this week Qualys scans for 5549 unique vulnerabilities. For this special
SANS community listing, Qualys also includes vulnerabilities that cannot
be scanned remotely.

09.6.1 CVE: Not Available
Platform: Other Microsoft Products
Title: Microsoft Internet Explorer HTML Form Value Buffer Overflow
Description: Microsoft Internet Explorer is a web browser for the
Windows operating system. Internet Explorer is exposed to a buffer
overflow issue because it fails to perform adequate boundary checks on
user-supplied data. The vulnerability occurs when the application
processes an HTML Form request containing an overly long string within the
form input "value" field. Internet Explorer 7 on Windows XP SP3 is
affected.
Ref: http://blogs.technet.com/swi/archive/2009/01/28/stack-overflow-st
ack-exhaustion-not-the-same-as-stack-buffer-overflow.aspx
______________________________________________________________________

09.6.2 CVE: Not Available
Platform: Third Party Windows Apps
Title: Thomson Demo mp3PRO Player/Encoder ".m3u" File Remote Buffer
Overflow
Description: Thomson Demo mp3PRO Player/Encoder is a multimedia player
available for Microsoft Windows. The application is exposed to a
remote buffer overflow issue because it fails to perform adequate
checks on user-supplied input. Thomson Demo mp3PRO Player/Encoder
version 1.1.0 is affected.
Ref: http://www.securityfocus.com/bid/33513
______________________________________________________________________

09.6.3 CVE: Not Available
Platform: Third Party Windows Apps
Title: Web on Windows ActiveX "WriteIniFileString/ShellExecute"
Arbitrary File Overwrite
Description: Web on Windows (WOW) is an ActiveX control that hosts
Microsoft "webbrowser" control. The application is exposed to an issue
that allows attackers to overwrite files with arbitrary,
attacker-supplied content. Web on Windows version 2 is affected.
Ref: http://support.microsoft.com/kb/240797
______________________________________________________________________

09.6.4 CVE: Not Available
Platform: Third Party Windows Apps
Title: Synactis ALL In-The-Box ActiveX Control Arbitrary File
Overwrite
Description: Synactis ALL In-The-Box ActiveX is an application for
creating documents. The application is exposed to a vulnerability that
allows attackers to overwrite arbitrary local files. Specifically, the
"SaveDoc()" method of the "ALL_IN_THE_BOX.OCX" ActiveX control will
overwrite files in an insecure manner. Synactis ALL In-The-Box ActiveX
version 3 is affected.
Ref: http://www.dsecrg.com/pages/vul/show.php?id=62
______________________________________________________________________

09.6.5 CVE: Not Available
Platform: Third Party Windows Apps
Title: Spider Player Multiple Playlist Files Buffer Overflow
Description: Spider Player is a media player for Microsoft Windows.
The application is exposed to an off by one buffer overflow issue
because it fails to bounds check user-supplied data before copying it
into an insufficiently sized buffer. This issue occurs when handling
specially crafted ".asx", ".m3u" or ".pls" playlist files. Spider
Player version 2.3.9.5 is affected.
Ref: http://www.securityfocus.com/bid/33548
______________________________________________________________________

09.6.6 CVE: Not Available
Platform: Third Party Windows Apps
Title: Multiple Kaspersky Products "klim5.sys" Local Privilege
Escalation
Description: Kaspersky Anti-Virus and Internet Security are security
applications for Microsoft Windows. Multiple Kaspersky products are
exposed to a local privilege escalation issue because they fail to
perform adequate boundary checks on user-supplied data. Kaspersky AV
2008 and Kaspersky AV for WorkStations 6.0 are affected.
Ref: http://www.securityfocus.com/archive/1/500606
______________________________________________________________________

09.6.7 CVE: Not Available
Platform: Third Party Windows Apps
Title: BreakPoint Software Hex Workshop ".cmap" File Handling Memory
Corruption
Description: Hex Workshop is a hex editor for the Microsoft Windows
platform. Hex Workshop is exposed to a memory corruption issue. This
issue occurs because the application fails to handle malformed Color
Map (.cmap) files. Hex Workshop version 6 is affected.
Ref: http://www.securityfocus.com/archive/1/500622
______________________________________________________________________

09.6.8 CVE: Not Available
Platform: Third Party Windows Apps
Title: Nokia Multimedia Player ".m3u" File Heap Buffer Overflow
Description: Nokia Multimedia Player is a media player for Microsoft
Windows. The application is exposed to a heap-based buffer overflow
issue because it fails to perform adequate boundary checks on
user-supplied input. This issue occurs when the application fails to
handle malformed ".m3u" files. Nokia Multimedia Player version 1.1 is
affected.
Ref: http://www.securityfocus.com/archive/1/500627
______________________________________________________________________

09.6.9 CVE: Not Available
Platform: Third Party Windows Apps
Title: Euphonics ".pls" File Buffer Overflow
Description: Euphonics is a media player for Microsoft Windows. The
application is exposed to a buffer overflow issue because it fails to
perform adequate boundary checks on user-supplied input. This issue
occurs when the application fails to handle malformed ".pls" files.
Euphonics version 1.0 is affected.
Ref: http://www.securityfocus.com/bid/33589
______________________________________________________________________

09.6.10 CVE: Not Available
Platform: Third Party Windows Apps
Title: BlazeVideo HDTV Player PLF File Heap Buffer Overflow
Description: BlazeVideo HDTV Player is a high definition television
player for Microsoft Windows. BlazeVideo HDTV Player is exposed to a
heap-based buffer overflow issue because the application fails to
properly handle malformed playlist (".plf") files. BlazeVideo HDTV
Player version 3.5 is affected.
Ref: http://www.securityfocus.com/bid/33588
______________________________________________________________________

09.6.11 CVE: CVE-2008-5182
Platform: Linux
Title: Linux Kernel "inotify" Local Privilege Escalation
Description: The Linux kernel is exposed to a local privilege
escalation issue due to a race condition error in the "inotify"
functionality. Specifically, the issue occurs in the Linux kernel
"inotify" watch removal and umount implementation. Linux kernel 2.6
versions prior to 2.6.28-rc5 are affected.
Ref: https://rhn.redhat.com/errata/RHSA-2009-0225.html
______________________________________________________________________

09.6.12 CVE: CVE-2008-5082
Platform: Linux
Title: Red Hat Certificate System Security Bypass
Description: Red Hat Certificate System (RHCS) is an enterprise level
Public Key Infrastructure (PKI) deployment manager. Red Hat
Certificate System is exposed to a security bypass issue.
Specifically, the issue occurs because the Token Processing System
(TPS) component fails to properly verify the challenge response
received when enrolling a new security token. Red Hat Certificate
System version 7.3 is affected.
Ref: http://rhn.redhat.com/errata/RHSA-2009-0007.html
______________________________________________________________________

09.6.13 CVE: CVE-2009-0034
Platform: Linux
Title: Todd Miller Sudo "Runas_Alias" Supplementary Group Local
Privilege Escalation
Description: Todd Miller Sudo is a widely used Linux/UNIX command that
allows users to securely run commands as the superuser or as other
users. The "sudo" utility is exposed to a local privilege escalation
issue because it fails to correctly validate certain non-default rules
in the "sudoer" configuration file. This issue occurs in the
"sudo/parse.c" source file. "sudo" versions 1.6.9 p17 to 1.6.9 p19 are
affected.
Ref: https://issues.rpath.com/browse/RPL-2954
______________________________________________________________________

09.6.14 CVE: Not Available
Platform: BSD
Title: OpenBSD BGP UPDATE Message Remote Denial of Service
Description: OpenBSD is exposed to a remote denial of service issue.
This issue occurs due to an error while processing BGP UPDATE messages
with an invalid AS attribute. OpenBSD versions 4.4 and 4.3 are
affected.
Ref: http://www.openbsd.org/errata44.html
______________________________________________________________________

09.6.15 CVE: Not Available
Platform: Solaris
Title: Sun Solaris ip(7P) Kernel Module IP-in-IP Packet Handling Local
Denial of Service
Description: Sun Solaris is a UNIX based operating system. Solaris is
exposed to a local denial of service issue. Specifically, the issue
stems from an unspecified error and affects the Solaris ip(7P) kernel
module. The issue arises when a specially-crafted IP-in-IP packet is
processed.
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-240086-1
______________________________________________________________________

09.6.16 CVE: Not Available
Platform: Solaris
Title: Sun Solaris ip(7P) Kernel Module Minor Number Allocation Local
Denial of Service
Description: Sun Solaris is a UNIX based operating system. Solaris is
exposed to a local denial of service issue in the Solaris "ip(7P)"
kernel module. The problem occurs due to an issue when allocating
minor numbers, and may allow a local attacker to open a large number
of sockets, resulting in denial of service conditions to 32-bit
applications.
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-248026-1
______________________________________________________________________

09.6.17 CVE: CVE-2009-0273
Platform: Novell
Title: Novell GroupWise WebAccess Unspecified HTML Injection
Description: Novell GroupWise WebAccess is a secure mobile option for
GroupWise collaboration software. The application is exposed to an
HTML injection issue because it fails to properly sanitize
user-supplied input before using it in dynamically generated content.
The issue occurs in HTML email or HTML attachments.
Ref: http://www.securityfocus.com/archive/1/500572
______________________________________________________________________

09.6.18 CVE: CVE-2009-0274
Platform: Novell
Title: Novell GroupWise HTTP POST/GET Request Information Disclosure
Description: Novell GroupWise is a cross-platform collaborative
software product. Novell GroupWise is exposed to an information
disclosure when handling HTTP POST requests. An attacker can exploit
this issue to convert HTTP POST requests into HTTP GET requests.
Ref: http://www.novell.com/support/viewContent.do?externalId=7002322
______________________________________________________________________

09.6.19 CVE: Not Available
Platform: Novell
Title: Novell GroupWise Internet Agent Unspecified Remote Buffer
Overflow
Description: Novell GroupWise is collaboration software available for
a number of platforms, including Linux and Microsoft Windows.
GroupWise includes an Internet Agent process which acts as a mail
transfer agent. The Internet Agent is exposed to a remote buffer
overflow  issue that occurs when handling malformed arguments.
Ref: http://www.novell.com/support/viewContent.do?externalId=7002502
______________________________________________________________________

09.6.20 CVE: Not Available
Platform: Cross Platform
Title: W3C Amaya HTML "input" Tag Parameter Buffer Overflow
Description: W3C Amaya is a freely available web browser and editor
that runs on multiple platforms. Amaya is exposed to a remote buffer
overflow issue because it fails to perform adequate checks on
user-supplied input. Amaya versions 11.0 and earlier are affected.
Ref: http://www.securityfocus.com/archive/1/500492
______________________________________________________________________

09.6.21 CVE: Not Available
Platform: Cross Platform
Title: W3C Amaya Multiple Buffer Overflow Vulnerabilities
Description: W3C Amaya is a freely available web browser and editor
that runs on multiple platforms. Amaya is exposed to multiple buffer
overflow issues because it fails to perform adequate checks on
user-supplied input. Amaya versions prior to 11.1 are affected.
Ref: http://www.securityfocus.com/archive/1/500492
______________________________________________________________________

09.6.22 CVE: Not Available
Platform: Cross Platform
Title: Autonomy Ultraseek "cs.html" URI Redirection
Description: Autonomy Ultraseek is a search engine. Ultraseek has also
been known as Verity. The application is exposed to a remote URI
redirection issue because it fails to properly sanitize user-supplied
input "url" parameter of the "cs.html" script.
Ref: http://www.kb.cert.org/vuls/id/202753
______________________________________________________________________

09.6.23 CVE: Not Available
Platform: Cross Platform
Title: FFmpeg "libavformat/4xm.c" Remote Code Execution
Description: FFmpeg is an application used to record, convert, and
stream audio and video. The application is exposed to a remote code
execution issue because it fails to adequately validate user-supplied
input. This issue occurs in the "libavformat/4xm.c" source file, and
occurs because of a NULL pointer dereference error. FFmpeg trunk
revision versions prior to 16846 are vulnerable.
Ref: http://www.trapkit.de/advisories/TKADV2009-004.txt
______________________________________________________________________

09.6.24 CVE: Not Available
Platform: Cross Platform
Title: Sun Fire X2100/X2200 M2 Servers Security Bypass and Remote
Command Execution
Description: Sun Fire X2100 M2 and X2200 M2 Servers are exposed to a
security bypass issue and a remote command execution issue.
Specifically, these issues occur in Embedded Lights Out Manager (ELOM).
Sun Fire X2100/X2200 M2 Servers firmware versions prior to 3.20 are
vulnerable.
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-239886-1
______________________________________________________________________

09.6.25 CVE: Not Available
Platform: Cross Platform
Title: Trickle "LD_PRELOAD" Arbitrary Code Execution
Description: Trickle is a portable userspace bandwidth shaper. Trickle
is exposed to an arbitrary code execution issue that exists in the
"trickle.c" source file. This issue results from a design error that
may allow local attackers to load malicious library from the current
working directory using the "LD_PRELOAD" provided that the file is
named "trickle-overload.so".
Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=513456
______________________________________________________________________

09.6.26 CVE: Not Available
Platform: Cross Platform
Title: IBM AIX "rmsock" Insecure Log File Handling
Description: IBM AIX is a UNIX based operating system. The "rmsock"
and "rmsock64" utilities, used to manage sockets are prone to a log
file handling issue. By default these utilities are setuid root. AIX
versions 5.2, 5.3, and 6.1 are affected.
Ref: http://aix.software.ibm.com/aix/efixes/security/rmsock_advisory.asc
______________________________________________________________________

09.6.27 CVE: Not Available
Platform: Cross Platform
Title: Xerox WorkCentre Web Server Unspecified Remote Command Execution
Description: Xerox WorkCentre is a web capable printer and
photocopier. WorkCentre is exposed to an unspecified remote command
execution issue because it fails to sanitize user-supplied input. This
issue occurs in the web server.
Ref: http://www.securityfocus.com/bid/33531
______________________________________________________________________

09.6.28 CVE: Not Available
Platform: Cross Platform
Title: IBM WebSphere Application Server Arbitrary File Information
Disclosure
Description: IBM WebSphere Application Server is designed to
facilitate the creation of various enterprise web applications.
WebSphere Application Server is exposed to an information disclosure
issue because it retrieves arbitrary files. WebSphere Application
Server version 6.0.1 for z/OS is affected.
Ref: http://www-01.ibm.com/support/docview.wss?uid=swg1PK79232
______________________________________________________________________

09.6.29 CVE: Not Available
Platform: Cross Platform
Title: Gretech GOM Player ".pls" File Remote Buffer Overflow
Description: Gretech GOM Player is a multimedia player application.
GOM Player is exposed to a remote stack-based buffer overflow issue
because it fails to perform adequate checks on user-supplied input.
Specifically, this issue occurs when parsing malformed ".pls" files.
GOM Player version 2.0.12 is affected.
Ref: http://www.securityfocus.com/bid/33536
______________________________________________________________________

09.6.30 CVE: Not Available
Platform: Cross Platform
Title: PHP "mbstring.func_overload" Web server Denial of Service
Description: PHP is a general purpose scripting language that is
especially suited for web development and can be embedded into HTML.
PHP is exposed to a denial of service issue because it fails to limit
global scope for certain settings relating to unicode text operations.
Ref: https://bugzilla.redhat.com/show_bug.cgi?id=479272
______________________________________________________________________

09.6.31 CVE: CVE-2008-4990
Platform: Cross Platform
Title: Enomaly ECP Insecure Temporary File Creation
Description: Enomaly ECP (Elastic Computing Platform) is a management
interface for virtual cloud infrastructure. ECP creates temporary
files in an insecure manner. The issue occurs because the
"enomalism2.sh" script creates "/tmp/enomalism2.pid" in an insecure
manner. ECP versions prior to 2.1.1 are vulnerable.
Ref: http://www.securityfocus.com/archive/1/500573
______________________________________________________________________

09.6.32 CVE: CVE-2008-4914
Platform: Cross Platform
Title: VMware ESX VMDK Delta Disk Host Denial of Service
Description: VMware ESX is a set of server emulation applications
available for several platforms. VMware ESX is exposed to a denial of
service issue because it fails to handle exceptional conditions. The
problem occurs when a corrupted VMDK delta disk is loaded in a guest
operating system.
Ref: http://www.securityfocus.com/bid/33549
______________________________________________________________________

09.6.33 CVE: CVE-2009-0183
Platform: Cross Platform
Title: Free Download Manager Remote Control Server Stack Buffer
Overflow
Description: Free Download Manager is a download accelerator and
manager application. The application is exposed to a remote
stack based buffer overflow issue because it fails to perform adequate
boundary checks on user-supplied input. This issue occurs in the
Remote Control Server when processing an overly long "Authorization"
header in HTTP requests.
Ref: http://secunia.com/secunia_research/2009-3/
______________________________________________________________________

09.6.34 CVE: CVE-2009-0184
Platform: Cross Platform
Title: Free Download Manager Torrent File Parsing Multiple Remote
Buffer Overflow Vulnerabilities
Description: Free Download Manager is a download accelerator and
manager application. Free Download Manager is exposed to multiple
remote buffer overflow issues because it fails to perform adequate
boundary checks on user-supplied input. Multiple stack-based and
heap-based buffer overflows occur when the application parses torrent
files with overly long file names, tracker URIs or comments.
Ref: http://secunia.com/secunia_research/2009-5/
______________________________________________________________________

09.6.35 CVE: Not Available
Platform: Cross Platform
Title: PSCS VPOP3 Email Message HTML Injection
Description: PSCS VPOP3 is a webmail server. The application is
exposed to an HTML injection issue because it fails to properly
sanitize user-supplied input before using it in dynamically generated
content. Specifically, the application fails to properly sanitize
"script" and "iframe" HTML tags contained in email messages.
Ref:
http://discuss.pscs.co.uk/fusionbb/showtopic.php?fid/10/tid/14928/pid/19323
______________________________________________________________________

09.6.36 CVE: Not Available
Platform: Cross Platform
Title: Small HTTP server FTP Directory Traversal
Description: Small HTTP server is an application that includes an HTTP
server, FTP server, a mail server and various other services. Small
HTTP is exposed to a directory traversal issue because it fails to
sufficiently sanitize user-supplied input. The vulnerability occurs in
the FTP server. Small HTTP Server version 3.05.84 is affected.
Ref: http://www.securityfocus.com/bid/33570
______________________________________________________________________

09.6.37 CVE: Not Available
Platform: Cross Platform
Title: Bugzilla Pseudo Random Number Generator Shared Seed
Description: Bugzilla is an opensource bug tracking
software package. Bugzilla is exposed to an issue due to the shared
use of a pseudo random number generator (PRNG) seed. Specifically,
when Bugzilla is run under mod_perl, the PRNG seed function "srand()"
is called at compile time. This results in the same seed being shared
between child web server processes. Bugzilla versions 3.0.7, 3.2.1, and
3.3.2 when run under mod_perl are affected.
Ref: http://www.bugzilla.org/security/3.0.7/
______________________________________________________________________

09.6.38 CVE: Not Available
Platform: Cross Platform
Title: NaviCOPA Web Server Remote Buffer Overflow and Source Code
Information Disclosure Vulnerabilities
Description: NaviCOPA Web Server is a web server application for
Microsoft Windows operating systems. The application is exposed to
multiple issues. Attackers can exploit the information disclosure
issue to retrieve arbitrary source code in the context of the
web server process. NaviCOPA Web Server version 3.01 is affected.
Ref: http://www.securityfocus.com/archive/1/500626
______________________________________________________________________

09.6.39 CVE: CVE-2009-0388
Platform: Cross Platform
Title: Multiple VNC Clients Multiple Integer Overflow Vulnerabilities
Description: Virtual Network Computing (VNC) is used to provide remote
access to computers. Multiple VNC client applications are exposed to
integer overflow issues because they fail to properly validate data
supplied by the VNC server. Specifically, these issues result from
trusting data supplied by the server before using it to construct
static buffers.
Ref: http://www.securityfocus.com/archive/1/500632
______________________________________________________________________

09.6.40 CVE: CVE-2009-0352, CVE-2009-0353, CVE-2009-0354,
CVE-2009-0355, CVE-2009-0356, CVE-2009-0357, CVE-2009-0358
Platform: Cross Platform
Title: Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2009 -01 to -06
Multiple Remote Vulnerabilities
Description: The Mozilla Foundation has released multiple advisories
regarding security vulnerabilities in Mozilla Firefox, Thunderbird,
and SeaMonkey. These issues can be exploited to cause the application
to crash, arbitrary code execution may also be possible.
Ref: http://www.mozilla.org/security/announce/2009/mfsa2009-02.html
______________________________________________________________________

09.6.41 CVE: Not Available
Platform: Cross Platform
Title: Squid Web Proxy Cache HTTP Version Number Parsing Denial of
Service
Description: Squid is an opensource proxy server available for a
number of platforms. Squid is exposed to a remote denial of service
issue due to an unspecified error when processing requests with
malformed HTTP version numbers. Squid versions prior to 2.7.STABLE5,
3.0.STABLE12 and 3.1.0.4 are affected.
Ref: http://www.squid-cache.org/Advisories/SQUID-2009_1.txt
______________________________________________________________________

09.6.42 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: HP Select Access Unspecified Cross-Site Scripting
Description: HP OpenView Select Access provides identity management
services to regulate user access to various network resources. The
application is exposed to a cross-site scripting issue due to an
unspecified error. HP Select Access versions 6.1 and 6.2 are affected.
Ref:
https://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01658614&admit
=109447626+1233252952039+28353475
______________________________________________________________________

09.6.43 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Piggydb Unspecified Cross-Site Scripting
Description: Piggydb is a web-based application implemented in Java.
Piggydb is exposed to an unspecified cross-site scripting issue
because it fails to properly sanitize user-supplied input. Piggydb
versions prior to 3.3 are affected.
Ref: http://piggydb.devjavu.com/wiki/changelog#v3.3
______________________________________________________________________

09.6.44 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: htmLawed Multiple Unspecified Cross-Site Scripting
Vulnerabilities
Description: htmLawed is a PHP script for input text processing.
htmLawed is exposed to multiple cross-site scripting issues because it
fails to sanitize user-supplied input to unspecified parameters. The
issues are related to handling of dynamic crafted CSS expressions.
htmLawed versions prior to 1.1.4 are affected.
Ref: http://www.securityfocus.com/bid/33507
______________________________________________________________________

09.6.45 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Profense Cross-Site Request Forgery and Cross-Site Scripting
Vulnerabilities
Description: Profense is a web application firewall. The routers are
exposed to multiple remote issues. The attacker can exploit the
HTML injection issue to execute arbitrary script code in the context
of the affected site. Profense version 2.6.2 is affected.
Ref: http://www.securityfocus.com/bid/33523
______________________________________________________________________

09.6.46 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: D-Link DVG-2001s VoIP Phone Adaptor "page_CfgDevInfo_Set"
Cross-Site Scripting
Description: D-Link DVG-2001s is a VoIP phone adaptor device. The
device's web-based interface is exposed to a cross-site scripting
issue because it fails to properly sanitize user-supplied input to the
"Forms/page_CfgDevInfo_Set" script. D-Link DVG-2001s with firmware
version 1.00.007 is affected.
Ref: http://www.securityfocus.com/bid/33526
______________________________________________________________________

09.6.47 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Google Chrome Cross-Site Scripting and Cross Domain Security
Bypass Vulnerabilities
Description: Google Chrome is a web browser. Google Chrome is exposed
to multiple issues. The issue will allow the attacker to bypass the
same origin policy and gain access to potentially sensitive
information; other attacks may also be possible. Google Chrome
versions prior to 1.0.154.46 are affected.
Ref:
http://googlechromereleases.blogspot.com/2009/01/stable-beta-update-yahoo-mail-
and.html
______________________________________________________________________

09.6.48 CVE: CVE-2009-0273
Platform: Web Application - Cross Site Scripting
Title: Novell GroupWise WebAccess "gw/webacc" Multiple Cross-Site
Scripting Vulnerabilities
Description: Novell GroupWise WebAccess is a secure mobile option for
GroupWise collaboration software. The application is exposed to
multiple cross-site scripting issues because it fails to sufficiently
sanitize user-supplied input to the "User.id" and "Library.queryText"
parameters of the "gw/webacc" script. This issue occurs when the
parameters are submitted through an HTTP POST request.
Ref:
http://www.novell.com/support/search.do?usemicrosite=true&searchString=7002321
______________________________________________________________________

09.6.49 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: E-Php B2B Trading Marketplace Script Multiple Cross-Site
Scripting Vulnerabilities
Description: E-Php B2B Trading Marketplace Script is a web-based
application. The application is exposed to multiple cross-site
scripting issues because it fails to sufficiently sanitize
user-supplied input.
Ref: http://www.securityfocus.com/bid/33551
______________________________________________________________________

09.6.50 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: D-Link DIR-300 Cross-Site Scripting and Security Bypass
Vulnerabilities
Description: D-Link DIR-300 is a wireless router. The device is
exposed to multiple issues. D-Link DIR-300 with firmware version
1.04-tomi-1.1.2 is affected.
Ref: http://www.securityfocus.com/bid/33556
______________________________________________________________________

09.6.51 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Vivvo 404 Error Page Cross-Site Scripting
Description: Vivvo is a PHP-based content manager. The application is
exposed to a cross-site scripting issue because it fails to sanitize
user-supplied input. This issue occurs in the 404 error page. Vivvo
versions prior to 4.1.1 are affected.
Ref: http://www.vivvo.net/changelog.php
______________________________________________________________________

09.6.52 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Ez PHP Comment Reviewer Name Cross-Site Scripting
Description: Ez PHP Comment is a web-based application. The
application is exposed to a cross-site scripting issue because it
fails to sanitize user-supplied input to the Reviewer's Name textbox.
Ref: http://www.securityfocus.com/bid/33587
______________________________________________________________________

09.6.53 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Max.Blog "offline_auth.php" SQL Injection
Description: Max.Blog is a PHP-based content management system. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "username" parameter
of the "offline_auth.php" script before using it an SQL query.
Max.Blog version 1.0.6 is affected.
Ref: http://www.securityfocus.com/archive/1/500470
______________________________________________________________________

09.6.54 CVE: Not Available
Platform: Web Application - SQL Injection
Title: SocialEngine "blog.php" SQL Injection
Description: SocialEngine is a PHP-based platform for social
networking. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"category_id" parameter of the "blog.php" script before using it in an
SQL query.
Ref: http://www.securityfocus.com/bid/33495
______________________________________________________________________

09.6.55 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Domain Technologie Control "client/new_account.php" Multiple
SQL Injection Vulnerabilities
Description: Domain Technologie Control is a GPL control panel for
hosting. The application is exposed to multiple SQL injection issue
because it fails to sufficiently sanitize user-supplied data before
using it in an SQL query. Domain Technologie Control versions prior to
0.29.16 are affected.
Ref:
http://freshmeat.net/projects/dtc/?branch_id=22759&release_id=292973
______________________________________________________________________

09.6.56 CVE: Not Available
Platform: Web Application - SQL Injection
Title: smartSite CMS "articles.php" SQL Injection
Description: smartSite CMS is a content manager application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "var" parameter of the
"articles.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/33497
______________________________________________________________________

09.6.57 CVE: CVE-2008-5924
Platform: Web Application - SQL Injection
Title: ASP-DEV XM Events Diary "diary_viewC.asp" SQL Injection
Description: ASP-DEV XM Events Diary is an ASP based content manager.
The application is exposed to an SQL injection issue because it fails
to sufficiently sanitize user-supplied data to the "cat" parameter of
the "diary_viewC.asp" script before using it in an SQL query.
Ref: http://www.asp-dev.com/main.asp?page=42
______________________________________________________________________

09.6.58 CVE: Not Available
Platform: Web Application - SQL Injection
Title: NetArt Media Car Portal Login SQL Injection
Description: NetArt Media Car Portal is a web-based vehicle
classifieds application. The application is exposed to an SQL
injection issue because it fails to sufficiently sanitize
user-supplied data to "username" and "password" textboxes when logging
in to the affected application. NetArt Media Car Portal version 1.0 is
affected.
Ref: http://www.securityfocus.com/bid/33521
______________________________________________________________________

09.6.59 CVE: CVE-2008-5954
Platform: Web Application - SQL Injection
Title: KTP Computer Customer Database "lname" Parameter SQL Injection
Description: KTP Computer Customer Database is a web-based
application. The application is exposed to an SQL injection issue
because it fails to adequately sanitize user-supplied input to the
"lname" parameter if the "p" and "a" parameters are set to "login".
Ref: http://www.securityfocus.com/bid/33520
______________________________________________________________________

09.6.60 CVE: Not Available
Platform: Web Application - SQL Injection
Title: PLE CMS "login.php" SQL Injection
Description: PLE CMS is a content management system for Pre Lecture
Exercises (PLE). The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"school" parameter of the "login.php" script before using it in an SQL
query. PLE CMS version 1.0 - beta 4.2 is affected.
Ref: http://www.securityfocus.com/bid/33524
______________________________________________________________________

09.6.61 CVE: Not Available
Platform: Web Application - SQL Injection
Title: SalesCart Login Multiple SQL Injection Vulnerabilities
Description: SalesCart is ASP-based ecommerce application. The
application is exposed to multiple SQL injection issues because it
fails to sufficiently sanitize user-supplied data.
Ref: http://www.securityfocus.com/bid/33534
______________________________________________________________________

09.6.62 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Bugs Online "help.asp" SQL Injection
Description: Bugs Online is an ASP based bug tracking application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "stype" parameter of
the "help.asp" script before using it in an SQL query. Bugs Online
version 2.14 is affected.
Ref: http://www.securityfocus.com/archive/1/500571
______________________________________________________________________

09.6.63 CVE: Not Available
Platform: Web Application - SQL Injection
Title: SkaLinks Administration Login SQL Injection
Description: SkaLinks is a PHP-based link exchange script. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "Admin name" textbox
when logging in to the affected application through the administration
login page. SkaLinks version 1.5 is affected.
Ref: http://www.securityfocus.com/bid/33546
______________________________________________________________________

09.6.64 CVE: Not Available
Platform: Web Application - SQL Injection
Title: e-Vision CMS "iframe.php" SQL Injection
Description: e-Vision CMS is a PHP based content manager. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "id" parameter of the
"iframe.php" script before using it in an SQL query. e-Vision CMS
version 2.0 is affected.
Ref: http://www.securityfocus.com/bid/33547
______________________________________________________________________

09.6.65 CVE: Not Available
Platform: Web Application - SQL Injection
Title: ClickCart Login Parameters SQL Injection Vulnerabilities
Description: ClickCart is a web-based application implemented in ASP.
The application is exposed to multiple SQL injection issues because it
fails to sufficiently sanitize user-supplied data to the "Email" and
"Password" fields in the "customer_login.asp" script. ClickCart
version 6.0 is affected.
Ref: http://www.securityfocus.com/bid/33575
______________________________________________________________________

09.6.66 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Online Grades Login Parameters SQL Injection Vulnerabilities
Description: Online Grades is a PHP-based application. The application
is exposed to multiple SQL injection issues because it fails to
sufficiently sanitize user-supplied data to the "uname" and "pass"
parameters in the "parents/login.php". Online Grades version 3.2.4 is
affected.
Ref: http://www.securityfocus.com/bid/33576
______________________________________________________________________

09.6.67 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Multiple Whole Hog Software Products Login SQL Injection
Description: Ware Support is an online help desk application. Password
Protect is a password protection application. The applications are
exposed to an SQL injection issue because they fail to sufficiently
sanitize user-supplied data to the "username" and "password" textboxes
when logging in to the affected applications.
Ref: http://www.securityfocus.com/bid/33564
______________________________________________________________________

09.6.68 CVE: Not Available
Platform: Web Application - SQL Injection
Title: phpBLASTER "blaster_user" Parameter SQL Injection
Description: phpBLASTER is a PHP-based content manager. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "blaster_user" cookie
parameter as supplied through the "mainfile.php" script before using
it in an SQL query. phpBLASTER version 1.0 RC1 is affected.
Ref: http://www.securityfocus.com/bid/33567
______________________________________________________________________

09.6.69 CVE: Not Available
Platform: Web Application - SQL Injection
Title: WEBalbum "photo.php" SQL Injection
Description: WEBalbum is a PHP-based photo album application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "id" parameter of the
"photo.php" script before using it in an SQL query. WEBalbum version
2.4b is affected.
Ref: http://www.securityfocus.com/bid/33590
______________________________________________________________________

09.6.70 CVE: Not Available
Platform: Web Application - SQL Injection
Title: MyDesign Sayac "admin.asp" Login Parameters SQL Injection
Description: MyDesign Sayac is a web-based application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "Username" and
"Password" textboxes when logging in to the application through the
"admin.asp" script. MyDesign Sayac version 2.0 is affected.
Ref: http://www.securityfocus.com/bid/33593
______________________________________________________________________

09.6.71 CVE: Not Available
Platform: Web Application - SQL Injection
Title: DMXReady Online Notebook Manager Login Parameters SQL Injection
Vulnerabilities
Description: DMXReady Online Notebook Manager is a web-based
application used to create, edit and manage online documents. The
application is exposed to multiple SQL injection issues because it
fails to sufficiently sanitize user-supplied data to the "username"
and "password" fields in the login page. DMXReady Online Notebook
Manager version 1.1 is affected.
Ref: http://www.dmxready.com/productdetails.asp?mid=5&ItemID=175
______________________________________________________________________

09.6.72 CVE: Not Available
Platform: Web Application
Title: Star Articles Multiple Administrative Scripts Authentication
Bypass Vulnerabilities
Description: star Articles is a PHP-based content manager. The
application is exposed to multiple authentication bypass issues
because it fails to perform adequate authentication checks. Star
Articles version 6.0 is affected.
Ref: http://www.securityfocus.com/bid/33511
______________________________________________________________________

09.6.73 CVE: Not Available
Platform: Web Application
Title: Personal Site Manager 0.3 Multiple Remote Vulnerabilities
Description: Personal Site Manager is a PHP-based content manager. The
application is exposed to multiple remote issues. Personal Site
Manager version 0.3 is affected.
Ref: http://www.securityfocus.com/bid/33512
______________________________________________________________________

09.6.74 CVE: Not Available
Platform: Web Application
Title: Coppermine Photo Gallery "picEditor.php" Remote File Upload
Description: Coppermine Photo Gallery is a PHP-based image gallery
application. The application is exposed to a remote file upload issue
because it fails to sufficiently sanitize user-supplied input to the
"img_dir" parameter of the "picEditor.php" script. Coppermine Photo
Gallery version 1.4.19 is affected.
Ref: http://www.securityfocus.com/bid/33514
______________________________________________________________________

09.6.75 CVE: CVE-2008-5953
Platform: Web Application
Title: KTP Computer Customer Database "p" Parameter Local File Include
Description: KTP Computer Customer Database is a PHP based web
application. The application is exposed to a local file include issue
because it fails to properly sanitize user-supplied input to the "p"
parameter of the "index.php" script.
Ref: http://www.securityfocus.com/bid/33518
______________________________________________________________________

09.6.76 CVE: Not Available
Platform: Web Application
Title: SIR GNUBoard Multiple Remote Vulnerabilities
Description: SIR GNUBoard is a web-based forum application. The
application is exposed to multiple security issues. Attackers can
exploit these issues to compromise the application, access or modify
data, exploit latent issues in the underlying database, or learn the
location of uploaded files. GNUBoard version 4.31.04 is affected.
Ref: http://www.securityfocus.com/bid/33538
______________________________________________________________________

09.6.77 CVE: Not Available
Platform: Web Application
Title: ReVou SQL Injection and Cross-Site Scripting Vulnerabilities
Description: ReVou is a microblogging application. The application is
exposed to multiple input validation issues. Exploiting these issues
could allow an attacker to steal cookie-based authentication
credentials, compromise the application, access or modify data, or
exploit latent vulnerabilities in the underlying database.
Ref: http://www.securityfocus.com/bid/33540
______________________________________________________________________

09.6.78 CVE: Not Available
Platform: Web Application
Title: BPAutosales "index.php" SQL Injection and Cross-Site Scripting
Vulnerabilities
Description: BPowerHouse BPAutosales is an ecommerce web application.
The application is exposed to multiple input validation issues.
BPAutosales version 1.0.1 is affected.
Ref: http://www.securityfocus.com/bid/33543
______________________________________________________________________

09.6.79 CVE: Not Available
Platform: Web Application
Title: BoonEx Orca Topic Title HTML Injection
Description: BoonEx Orca is a web-based forum application. The
application is exposed to an HTML injection issue because it fails to
properly sanitize user-supplied input before using it in dynamically
generated content. Orca version 2.0.2 is affected.
Ref: http://www.securityfocus.com/bid/33545
______________________________________________________________________

09.6.80 CVE: Not Available
Platform: Web Application
Title: Drupal ImageField Module Multiple Vulnerabilities
Description: ImageField is a module for the Drupal content manager.
The module is exposed to multiple issues. Successful exploits
require the "administer content types" permissions. ImageField version
5.x-2.2 is affected.
Ref: http://justin.madirish.net/node/338
______________________________________________________________________

09.6.81 CVE: Not Available
Platform: Web Application
Title: OpenHelpdesk "ajax.php" Remote Command Execution
Description: OpenHelpdesk is a PHP based web application. The
application is exposed to an issue that attackers can leverage to
execute arbitrary PHP commands. This issue occurs because the
application fails to adequately sanitize user-supplied input to the
"function" parameter of the "ajax.php" script before passing it to an
"eval()" function. OpenHelpdesk version 1.0.100 is affected.
Ref: http://www.securityfocus.com/bid/33574
______________________________________________________________________

09.6.82 CVE: Not Available
Platform: Web Application
Title: Multiple Whole Hog Software Products Cookie Authentication
Bypass
Description: Ware Support is an online help desk application. Password
Protect is a password protection application. The applications are
exposed to an authentication bypass issue because they fail to
adequately verify user-supplied input used for cookie-based
authentication.
Ref: http://www.securityfocus.com/bid/33577
______________________________________________________________________

09.6.83 CVE: Not Available
Platform: Web Application
Title: Multiple Groone Products "abspath" Parameter Remote File
Include
Description: Groone GLinks is a links manager. Groone GBook is a
guestbook application. The applications are exposed to a remote file
include issue because they fail to properly sanitize user-supplied
input to the "abspath" parameter of the "includes/header.php" script.
Ref: http://www.securityfocus.com/bid/33578
______________________________________________________________________

09.6.84 CVE: Not Available
Platform: Web Application
Title: SMA-DB Cross-Site Scripting and Remote File Include
Vulnerabilities
Description: SMA-DB is a PHP-based web application. Since it fails to
sufficiently sanitize user-supplied input, the application is exposed
to multiple issues. SMA-DB version 0.3.12 is affected.
Ref: http://www.securityfocus.com/bid/33562
______________________________________________________________________

09.6.85 CVE: Not Available
Platform: Web Application
Title: AJA Portal Multiple Local File Include Vulnerabilities
Description: AJA Portal is a web portal application. The application
is exposed to multiple local file include issues because it fails to
properly sanitize user-supplied input. AJA Portal version 1.2 is
affected.
Ref: http://www.securityfocus.com/bid/33565
______________________________________________________________________

09.6.86 CVE: Not Available
Platform: Web Application
Title: Flatnux User Profile "Job" Field HTML Injection
Description: Flatnux is a web-based content manager.
Flatnux is exposed to an HTML injection issue because it fails to
sufficiently sanitize user-supplied input. Specifically, this issue
affects the "Job" field of a user profile.
Ref: http://www.securityfocus.com/bid/33566
______________________________________________________________________

09.6.87 CVE: Not Available
Platform: Web Application
Title: Sourdough "neededFiles[patForms]" Parameter Remote File Include
Description: Sourdough is a web application frame work for PHP5. The
application is exposed to a remote file include issue because it fails
to properly sanitize user-supplied input to the
"neededFiles[patForms]" parameter of the
"thirdparty/patForms/examples/example_clientside_javascript.php"
script. Sourdough version 0.3.5 is affected.
Ref: http://www.securityfocus.com/bid/33569
______________________________________________________________________

09.6.88 CVE: Not Available
Platform: Web Application
Title: phpSlash "fields" Parameter Remote Command Execution
Description: phpSlash is a PHP-based web application. The application
is exposed to an issue that attackers can leverage to execute
arbitrary commands. This issue occurs because the application fails to
adequately sanitize user-supplied input to the "fields" parameter of
the "index.php" script. phpSlash version 0.8.1.1 is vulnerable; other
versions may also be affected.
Ref: http://www.securityfocus.com/bid/33572
______________________________________________________________________

09.6.89 CVE: Not Available
Platform: Web Application
Title: CMS Mini "guestbook" Remote Command Execution
Description: CMS Mini is a PHP-based content manager. The application
is exposed to an issue that attackers can leverage to execute
arbitrary commands in the context of the application. This issue
occurs in the "guestbook" module. CMS Mini version 0.2.2 is affected.
Ref: http://www.securityfocus.com/bid/33573
______________________________________________________________________

09.6.90 CVE: Not Available
Platform: Web Application
Title: Simple Machines Forum Censored Words HTML Injection
Description: Simple Machines Forum (SMF) is an opensource web forum.
The application is exposed to an HTML injection issue because it fails
to properly sanitize user-supplied input before using it in
dynamically generated content. Simple Machines Forum version 1.1.7 is
affected.
Ref: http://www.securityfocus.com/archive/1/500624
______________________________________________________________________

09.6.91 CVE: Not Available
Platform: Web Application
Title: AJA Portal Rapidshare Module Arbitrary File Upload
Description: AJA Portal Rapidshare Module is a web-based application.
The application is exposed to an issue that lets attackers upload
arbitrary files. The problem occurs because the application fails to
verify the contents of files before uploading them to the web server.
Ref: http://www.securityfocus.com/bid/33591
______________________________________________________________________

09.6.92 CVE: Not Available
Platform: Web Application
Title: Technote "shop_this_skin_path" Parameter Remote File Include
Description: Technote is a PHP based web application. The application
is exposed to a remote file include issue because it fails to
sufficiently sanitize user-supplied input to the "shop_this_skin_path"
parameter of the "skin_shop/standard/2_view_body/body_default.php"
script. Technote version 7.2 is affected.
Ref: http://www.securityfocus.com/bid/33592
______________________________________________________________________

09.6.93 CVE: Not Available
Platform: Web Application
Title: Simple Machines Forum "[url]" Tag HTML Injection
Description: Simple Machines Forum (SMF) is an opensource web forum
that is written in PHP. The application is exposed to an HTML
injection issue because it fails to properly sanitize user-supplied
input before using it in dynamically generated content.
Ref: http://www.securityfocus.com/bid/33595
______________________________________________________________________

09.6.94 CVE: Not Available
Platform: Web Application
Title: DreamPics Photo/Video Gallery "exhibition_id" SQL Injection
Description: DreamPics Photo/Video Gallery is a PHP based video and
photo album application. The application is exposed to an SQL
injection issue because it fails to sufficiently sanitize
user-supplied data to the "exhibition_id" parameter of the "index.php"
script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/33596
______________________________________________________________________

09.6.95 CVE: Not Available
Platform: Web Application
Title: TxtBlog "admin/index.php" Remote Command Execution
Description: TxtBlog is a PHP based web application. The application
is exposed to an issue that attackers can leverage to execute
arbitrary PHP commands. This issue occurs because the application
fails to adequately sanitize user-supplied input to the "blog"
parameter of the "admin/index.php" script when the "page" parameter is
set to "create". This data is later saved to a file with a ".php"
extension. TxtBlog version 1.0 Alpha is affected.
Ref: http://www.securityfocus.com/bid/33597
______________________________________________________________________

09.6.96 CVE: Not Available
Platform: Web Application
Title: Flatnux "_FNROOTPATH" Parameter Remote File Include
Description: Flatnux is a web-based content manager written in PHP.
The application is exposed to a remote file include issue because it
fails to properly sanitize user-supplied input to the "_FNROOTPATH"
parameter of the "include/theme.php" script. Flatnux version
2009-01-27 is affected.
Ref: http://www.securityfocus.com/bid/33599
______________________________________________________________________

09.6.97 CVE: Not Available
Platform: Web Application
Title: Syntax Desktop "synTarget" Parameter Local File Include
Description: Syntax Desktop is a content manager implemented in PHP.
The application is exposed to a local file include issue because it
fails to properly sanitize user-supplied input to the "synTarget"
parameter of the "admin/modules/aa/preview.php" script. Syntax Desktop
version 2.7 is affected.
Ref: http://www.securityfocus.com/bid/33601
______________________________________________________________________

09.6.98 CVE: Not Available
Platform: Web Application
Title: GR Board Multiple Remote File Include Vulnerabilities
Description: GR Board is a web-based application implemented in PHP.
The application is exposed to multiple remote file include issues
because it fails to sufficiently sanitize user-supplied input. GR
Board version 1.8 is affected.
Ref: http://www.securityfocus.com/bid/33602
______________________________________________________________________

09.6.99 CVE: Not Available
Platform: Web Application
Title: PHPbbBook "bbcode.php" Local File Include
Description: PHPbbBook is a guest book application implemented in PHP.
The application is exposed to a local file include issue because it
fails to properly sanitize user-supplied input to the "l" parameter of
the "bbcode.php" script. PHPbbBook version 1.3 is affected.
Ref: http://sourceforge.net/projects/syntax-desktop/
______________________________________________________________________

09.6.100 CVE: Not Available
Platform: Network Device
Title: Motorola Wimax Modem CPEi300 Multiple Cross-Site Scripting and
Directory Traversal Vulnerabilities
Description: Motorola Wimax Modem CPEi300 is a modem developed by
Motorola. Motorola Wimax Modem CPEi300 is exposed to cross-site
scripting and a directory traversal issues because it fails to
sufficiently sanitize user-supplied input to the "page" parameter of
the "sysconf.cgi" script.
Ref: http://www.securityfocus.com/archive/1/500545
______________________________________________________________________

09.6.101 CVE: Not Available
Platform: Network Device
Title: Zoom VoIP Telephone Adapter Cross-Site Request Forgery
Description: Zoom VoIP Telephone Adapter is used to make internet
telephone calls. Zoom VoIP Telephone Adapter is exposed to a
cross-site request forgery issue that may allow attackers to change
VoIP provider information and perform other unauthorized actions
through the "callwzd.html" script. Zoom VoIP Telephone Adapter ATA1+1
version 1.2.5 is affected.
Ref: http://www.securityfocus.com/bid/33528
______________________________________________________________________
[ terug ]