Home
Systeembeheer
Consultancy
Connectivity
Training
Development

Klanten

Inloggen

Resources

Sans artikelen
Security artikelen

Software

Linux
Windows









[ terug ]
*************************************************************************
            @RISK: The Consensus Security Vulnerability Alert
January 29, 2009                                          Vol. 8. Week 05
*************************************************************************
@RISK is the SANS community's consensus bulletin summarizing the most
important vulnerabilities and exploits identified during the past week
and providing guidance on appropriate actions to protect your systems
(PART I). It also includes a comprehensive list of all new
vulnerabilities discovered in the past week (PART II).

Summary of Updates and Vulnerabilities in this Consensus
Platform                        Number of Updates and Vulnerabilities
- ------------------------        -------------------------------------
Windows                                          1
Other Microsoft Products                         1
Third Party Windows Apps                         9 (#1, #2)
Linux                                            2
Solaris                                          5 (#4)
Cross Platform                                  39 (#3)
Web Application - Cross Site Scripting           6
Web Application - SQL Injection                 27
Web Application                                 18
Network Device                                   2

*************************************************************************
TRAINING UPDATE
- - SANS 2009 in Orlando in early March - the largest security training
conference and expo in the world. lots of evening sessions:
http://www.sans.org/
- - Looking for training in your own Community?  http://sans.org/community/
For a list of all upcoming events, on-line and live: www.sans.org
*************************************************************************

Table Of Contents
Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)

Widely Deployed Software
(1) CRITICAL: EMC AutoStart Remote Code Execution
(2) HIGH: MW6 Barcode ActiveX Control Buffer OverflowAffected:
(3) MODERATE: FFmpeg 4X Handling Memory Corruption
(4) LOW: Sun Solaris IPv6 Handling Denial of Service

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from
Qualys (www.qualys.com)

 -- Windows
09.5.1 - Microsoft Windows "RunAs" Password Length Local Information Disclosure
 -- Other Microsoft Products
09.5.2 - Microsoft Internet Explorer Unspecified Directory Traversal
 -- Third Party Windows Apps
09.5.3 - AXIS Camera Control ActiveX Control "image_pan_tilt" Buffer Overflow
09.5.4 - EMC AutoStart "ftbackbone.exe" Remote Code Execution
09.5.5 - Merak Media Player ".m3u" File Remote Buffer Overflow
09.5.6 - MediaMonkey ".m3u" File Remote Buffer Overflow
09.5.7 - WFTPD Pro Multiple Command Remote Denial of Service Vulnerabilities
09.5.8 - Nokia Multimedia Player AVI File Null Pointer Dereference Denial of
Service
09.5.9 - MW6 Technologies Barcode ActiveX Control "Supplement" Heap Buffer
Overflow
09.5.10  - FlexCell Grid Control (ActiveX) Multiple Arbitrary File Overwrite
Vulnerabilities
09.5.11  - NCTSoft NCTVideoStudio ActiveX Control "CreateFile()" Heap Buffer
Overflow
 -- Linux
09.5.12  - Linux Kernel "readlink" Local Privilege Escalation
09.5.13  - Linux Kernel "dell_rbu" Local Denial of Service Vulnerabilities
 -- Solaris
09.5.14  - Sun Solaris UltraSPARC T2 And UltraSPARC T2+ Local Denial of Service
09.5.15  - Sun Solaris Pseudo-terminal Driver (pty(7D)) Local Denial of Service
09.5.16  - Sun Solaris "in.iked(1M)" IKE Packet Handling Remote Denial of
Service
09.5.17  - Sun Solaris IPv6 "ipsec_needs_processing_v6()" Remote Denial of
Service
09.5.18  - Sun Solaris "autofs" Kernel Module Local Code Execution
 -- Cross Platform
09.5.19  - Cisco Unified Communications Manager CAPF Service Denial of Service
09.5.20  - Cisco Security Manager IPS Event Viewer Remote Unauthorized TCP Port
Access
09.5.21  - Axis 70U Network Document Server Multiple Input Validation
Vulnerabilities
09.5.22  - OpenOffice ".doc" File Remote Denial of Service
09.5.23  - Apple QuickTime QTVR Movie Remote Buffer Overflow
09.5.24  - Apple QuickTime RTSP URL Remote Heap Buffer Overflow
09.5.25  - Apple QuickTime H.263 Encoded Movie Remote Memory Corruption
09.5.26  - Apple QuickTime AVI Movie Remote Buffer Overflow
09.5.27  - Apple QuickTime Cinepak Encoded Movie Remote Buffer Overflow
09.5.28  - Apple QuickTime MPEG-2 Movie File Remote Buffer Overflow
09.5.29  - Apple QuickTime "jpeg" Atoms Movie File Remote Buffer Overflow
09.5.30  - Fujitsu Systemcast Wizard Lite TFTP Directory Traversal
09.5.31  - Apple QuickTime MPEG-2 Playback Component Remote Memory Corruption
09.5.32  - Sun OpenSolaris "txzonemgr" Insecure Temporary File Handling
09.5.33  - Sun OpenSolaris "conv_lpd" Insecure Temporary File Handling
09.5.34  - Sun Java System Application Server Information Disclosure
09.5.35  - Tor Unspecified Remote Memory Corruption
09.5.36  - FTPShell server ".key" File Buffer Overflow
09.5.37  - GStreamer QuickTime Media File Parsing Multiple Buffer Overflow
Vulnerabilities
09.5.38  - Futomi's CGI Cafe Search CGI Password Reset Security Bypass
09.5.39  - Pidgin "msn_slplink_process_msg()" Denial of Service
09.5.40  - Systrace 64 Bit Aware Linux Kernel Privilege Escalation
09.5.41  - CUPS "/tmp/pdf.log" Insecure Temporary File Creation
09.5.42  - Gnumeric "PySys_SetArgv" Remote Command Execution
09.5.43  - Epiphany "PySys_SetArgv" Remote Command Execution
09.5.44  - Nautilus "PySys_SetArgv" Remote Command Execution
09.5.45  - eog "PySys_SetArgv" Remote Command Execution
09.5.46  - XChat "PySys_SetArgv" Remote Command Execution
09.5.47  - gedit "PySys_SetArgv" Remote Command Execution
09.5.48  - Csound "PySys_SetArgv" Remote Command Execution
09.5.49  - Vim "PySys_SetArgv" Remote Command Execution
09.5.50  - Dia "PySys_SetArgv" Remote Command Execution
09.5.51  - Win FTP Server "LIST" FTP Command Remote Buffer Overflow
09.5.52  - Computer Associates Anti-Virus Engine "arclib.dll" Multiple Scan
Evasion Vulnerabilities
09.5.53  - winetricks "x_showmenu.txt" Insecure Temporary File Creation
09.5.54  - Apple Safari Malformed URI Remote Denial Of Service
09.5.55  - Zinf Multiple PlayList Files Buffer Overflow
09.5.56  - Sun Java System Access Manager Username Enumeration Weakness
09.5.57  - GraphicsMagick Multiple Remote Denial Of Service Vulnerabilities
 -- Web Application - Cross Site Scripting
09.5.58  - BBSXP "error.asp" Cross Site Scripting
09.5.59  - OBLOG "err.asp" Cross Site Scripting
09.5.60  - MacsDesign Studio Web Help Desk Cross Site Scripting
09.5.61  - SAP NetWeaver and Web Dynpro Portal Cross-Site Scripting
09.5.62  - MoinMoin "antispam.py" Cross-Site Scripting
09.5.63  - GameScript "games.php" Cross Site Scripting
 -- Web Application - SQL Injection
09.5.64  - Joomla! and Mambo SOBI2 Component "bid" Parameter SQL Injection
09.5.65  - Joomla! BazaarBuilder Component "cid" Parameter SQL Injection
09.5.66  - Debian "libapache2-mod-auth-mysql" Package Multibyte Character
Encoding SQL Injection
09.5.67  - Prince Clan Chess Club "com_pcchess" Component 'game_id' Parameter
SQL Injection
09.5.68  - OwnRS "autor.php" SQL Injection
09.5.69  - Pardal CMS "comentar.php" SQL Injection
09.5.70  - PHP-Nuke Downloads Module
09.5.71  - Flaxweb Article Manager "category.php" Parameter SQL Injection
09.5.72  - Ewebb Web-Calendar Lite Multiple SQL Injection Vulnerabilities
09.5.73  - KEEP Toolkit "lib/patUser.php" SQL Injection
09.5.74  - Mambo "com_sim" Component "character_ID" Parameter SQL Injection
09.5.75  - LDF "login.asp" SQL Injection
09.5.76  - Lootan "login.asp" SQL Injection
09.5.77  - ITLPoll "index.php" SQL Injection
09.5.78  - ElearningForce Flash Magazine Deluxe Joomla! Component SQL Injection
09.5.79  - Groone GLinks "cat" Parameter SQL Injection
09.5.80  - Wazzum Dating Software "userid" Parameter SQL Injection
09.5.81  - Script Toko Online "cat_id" Parameter SQL Injection
09.5.82  - ShopSystem eSystem Multiple SQL Injection Vulnerabilities
09.5.83  - Max.Blog "show_post.php" SQL Injection
09.5.84  - E-Php Scripts CMS "browsecats.php" SQL Injection
09.5.85  - Shop-inet "show_cat2.php" SQL Injection
09.5.86  - PHP-CMS Project "login.php" SQL Injection
09.5.87  - GLPI Prior to 0.71.4 Unspecified SQL Injection
09.5.88  - Max.Blog "submit_post.php" SQL Injection
09.5.89  - Community CMS "index.php" SQL Injection
09.5.90  - GameScript "page.php" SQL Injection
 -- Web Application
09.5.91  - Joomla! "com_beamospetition" Component SQL Injection and Cross Site
Scripting Vulnerabilities
09.5.92  - ASP Project Management Cookie Authentication Bypass
09.5.93  - OpenGoo "upgrade/index.php" Local File Include
09.5.94  - MemHT Portal Avatar Upload Arbitrary File Upload
09.5.95  - WB News "config[installdir]" Parameter Multiple Remote File Include
Vulnerabilities
09.5.96  - ConPresso CMS Multiple 4.07 Multiple Remote Vulnerabilities
09.5.97  - Simple Machine Forum Package Upload Multiple HTML Injection
Vulnerabilities
09.5.98  - SiteXS CMS "type" Parameter Local File Include
09.5.99  - OpenX "MAX_type" Parameter Local File Include
09.5.100 - NewsCMSLite Insecure Cookie Authentication Bypass
09.5.101 - OpenX 2.6.3 Multiple Input Validation Vulnerabilities
09.5.102 - Pixie CMS Multiple Local File Include Vulnerabilities
09.5.103 - Flaxweb Article Manager Avatar Arbitrary File Upload
09.5.104 - VirtueMart Prior to 1.1.3 Multiple Security Vulnerabilities
09.5.105 - Anantasoft Gazelle CMS Local File Include
09.5.106 - GameScript "page.php" Local File Include
09.5.107 - Horde Products Local File Include and Cross Site Scripting
Vulnerabilities
09.5.108 - Horde IMP Webmail Client Cross Site Scripting And HTML Injection
Vulnerabilities
 -- Network Device
09.5.109 - Sony Ericsson Multiple Phone Models WAP Push Remote Denial of Service
09.5.110 - Siemens SL2-141 ADSL Router Cross-Site Request Forgery
______________________________________________________________________

PART I Critical Vulnerabilities
Part I for this issue has been compiled by Rob King at TippingPoint, a
division of 3Com, as a by-product of that company's continuous effort
to ensure that its intrusion prevention products effectively block
exploits using known vulnerabilities. TippingPoint's analysis is
complemented by input from a council of security managers from twelve
large organizations who confidentially share with SANS the specific
actions they have taken to protect their systems. A detailed description
of the process may be found at
http://www.sans.org/newsletters/cva/#process

*****************************
Widely Deployed Software
*****************************

(1) CRITICAL: EMC AutoStart Remote Code Execution
Affected:
EMC AutoStart versions prior to 5.3 SP2

Description: EMC AutoStart is a popular application failover and restart
system for enterprises. It fails to validate certain data in input, and
implicitly trusts certain user-suppilied values in requests. These
values are treated as pointers to code; a specially chosen value could
lead to arbitrary code execution with the privileges of the vulnerable
process (SYSTEM). Technical details are available for this
vulnerability.

Status: Vendor confirmed, updates available. Users are advised to block
access to TCP port 8042 at the network perimeter, if possible.

References:
Zero Day Initiative Advisory
http://zerodayinitiative.com/advisories/ZDI-09-009/
Product Home Page
http://www.emc.com/products/detail/software/autostart.htm
SecurityFocus BID
http://www.securityfocus.com/bid/33415

**************************************************

(2) HIGH: MW6 Barcode ActiveX Control Buffer OverflowAffected:
MW6 Barcode ActiveX Control

Description: The MW6 Barcode ActiveX control is a popular control used
to create barcodes in a variety of formats. It contains a buffer
overflow in its handling of its "supplement" property. A specially
crafted web page that instantiated this control and set this property
could trigger this buffer overflow, allowing an attacker to execute
arbitrary code with the privileges of the current user. Full technical
details and a proof-of-concept are publicly available for this
vulnerability.

Status: Vendor has not confirmed, no updates available. Users can
mitigate the impact of this vulnerability by disabling the affected
control via Microsoft's "kill bit" mechanism using CLSID
"14D09688-CFA7-11D5-995A-005004CE563B".

References:
Proof-of-Concept
http://milw0rm.com/exploits/7869
Microsoft Knowledge Base Article (details the "kill bit" mechanism)
http://support.microsoft.com/kb/240797
Product Home Page
http://www.mw6tech.com/barcode/barcode.html
SecurityFocus BID
http://www.securityfocus.com/bid/33451

**************************************************

(3) MODERATE: FFmpeg 4X Handling Memory Corruption
Affected:
FFmpeg versions prior to SVN 16846

Description: FFmpeg is a popular media handling library used by a
variety of projects and products. It contains an integer conversion
vulnerability in its parsing of the 4X media format. A specially crafted
4X media file could trigger this vulnerability, leading to a variety of
memory corruption vulnerabilities. These vulnerabilities could be
exploited to execute arbitrary code with the privileges of the
vulnerable process. Full technical details for this vulnerability are
available via source code and patch analysis. The FFmpeg library is used
by popular products such as the VLC Media Player, Mplayer, Xine, and
others. All products using the library are potentially vulnerable. Note
that, depending upon configuration, a malicious media file may be opened
by the vulnerable application upon receipt, without first prompting the
user.

Status: Vendor confirmed, updates available.

References:
Patch Information
http://www.trapkit.de/advisories/TKADV2009-004.txt
Product Home Page
http://ffmpeg.mplayerhq.hu/
SecurityFocus BID
Not yet available.

**************************************************

(4) LOW: Sun Solaris IPv6 Handling Denial of Service
Affected:
Sun Solaris versions 10 and prior

Description: Solaris, Sun's UNIX-based operating system, contains a flaw
in its handling of malformed IPv6 traffic. IPv6 is the next generation
of the Internet Protocol, the protocol used to transmit essentially all
internet traffic. A specially crafted IPv6 packet sent to a vulnerable
host could cause that host to crash, leading to a denial-of-service
condition. Full technical details and a proof-of-concept are publicly
available for this vulnerability.

Status: Vendor confirmed, updates available. A workaround is provided
in the vendor's advisory.

References:
Posting by Kingcope (includes proof-of-concept)
http://lists.grok.org.uk/pipermail/full-disclosure/2009-January/067709.html
Sun Security Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-66-251006-1
Wikipedia Article on IPv6
http://en.wikipedia.org/wiki/IPv6
Product Home Page
http://www.sun.com/solaris
SecurityFocus BID
http://www.securityfocus.com/bid/33435

*******************************************************

Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 5, 2009
This list is compiled by Qualys ( www.qualys.com ) as part of that
company's ongoing effort to ensure its vulnerability management web
service tests for all known vulnerabilities that can be scanned. As of
this week Qualys scans for 5549 unique vulnerabilities. For this special
SANS community listing, Qualys also includes vulnerabilities that cannot
be scanned remotely.

______________________________________________________________________

09.5.1 CVE: Not Available
Platform: Windows
Title: Microsoft Windows "RunAs" Password Length Local Information
Disclosure
Description: Microsoft Windows is a commercial operating system.
Windows includes a "RunAs" application that can be used to execute a
second application as a different user, generally for performing
privileged operations. RunAs is exposed to a local information
disclosure issue. Specifically, the application will prompt the
current user for the password of the specified user.
Ref: http://www.securityfocus.com/archive/1/500393
______________________________________________________________________

09.5.2 CVE: Not Available
Platform: Other Microsoft Products
Title: Microsoft Internet Explorer Unspecified Directory Traversal
Description: Microsoft Internet Explorer is a web browser for
Microsoft Windows. The application is exposed to a directory traversal
issue because it fails to adequately sanitize user-supplied data. This
issue may be related to the handling of "resource://" URIs or encoded
characters of the form "%5C".
Ref: http://www.securityfocus.com/archive/1/500336
______________________________________________________________________

09.5.3 CVE: CVE-2008-5260
Platform: Third Party Windows Apps
Title: AXIS Camera Control ActiveX Control "image_pan_tilt" Buffer
Overflow
Description: Axis Camera Control is an ActiveX control used to control
Axis network cameras. The application is exposed to a buffer overflow
issue. Specifically, this issue stems from a boundary condition in the
"image_pan_tilt" property of the "AxisCamControl.ocx" ActiveX control.
Axis Camera Control version 2.40.0.0 is affected.
Ref: http://secunia.com/secunia_research/2008-58/
______________________________________________________________________

09.5.4 CVE: Not Available
Platform: Third Party Windows Apps
Title: EMC AutoStart "ftbackbone.exe" Remote Code Execution
Description: EMC AutoStart is an application that allows automatic
application recovery within a short period of time. The application is
exposed to a remote code execution issue. This issue exists in the
"ftbackbone.exe" service listening on TCP port 8042 by default.
Ref: http://www.zerodayinitiative.com/advisories/ZDI-09-009/
______________________________________________________________________

09.5.5 CVE: Not Available
Platform: Third Party Windows Apps
Title: Merak Media Player ".m3u" File Remote Buffer Overflow
Description: Merak Media Player is a multimedia player application
available for Microsoft Windows. Merak Media Player is exposed to a
remote buffer overflow issue because it fails to perform adequate
checks on user-supplied input. Specifically, this issue occurs when
opening a specially-crafted ".m3u" playlist file. Merak Media Player
version 3.2 is affected.
Ref: http://www.securityfocus.com/bid/33419
______________________________________________________________________

09.5.6 CVE: Not Available
Platform: Third Party Windows Apps
Title: MediaMonkey ".m3u" File Remote Buffer Overflow
Description: MediaMonkey is a multimedia player application available
for Microsoft Windows. MediaMonkey is exposed to a remote buffer
overflow issue because it fails to perform adequate checks on
user-supplied input. Specifically, this issue occurs when opening a
specially-crafted ".m3u" playlist file. MediaMonkey version 3.0.6 is
affected.
Ref: http://www.securityfocus.com/archive/1/500381
______________________________________________________________________

09.5.7 CVE: Not Available
Platform: Third Party Windows Apps
Title: WFTPD Pro Multiple Command Remote Denial of Service
Vulnerabilities
Description: WFTPD Pro is an FTP server available for Microsoft
Windows. WFTPD Pro is exposed to multiple remote denial of service
issues because the application fails to handle specially-crafted FTP
commands in a proper manner. WFTPD Pro version 3.30.0.1 is affected.
Ref: http://www.securityfocus.com/bid/33426
______________________________________________________________________

09.5.8 CVE: Not Available
Platform: Third Party Windows Apps
Title: Nokia Multimedia Player AVI File Null Pointer Dereference
Denial of Service
Description: Nokia Multimedia Player is a media player available for
Microsoft Windows platforms. Nokia Multimedia Player is exposed to a
remote denial of service issue that may cause the application to crash
with a NULL-pointer dereference when loading a specially-crafted AVI
movie file. Nokia Multimedia Player version 1.1 is affected.
Ref: http://www.securityfocus.com/archive/1/500386
______________________________________________________________________

09.5.9 CVE: Not Available
Platform: Third Party Windows Apps
Title: MW6 Technologies Barcode ActiveX Control "Supplement" Heap
Buffer Overflow
Description: MW6 Technologies Barcode ActiveX is an ActiveX control
used for creating device-independent barcodes. Barcode ActiveX is
exposed to a heap-based buffer overflow issue that stems from a
boundary condition in the "Supplement" property of the "Barcode.dll"
ActiveX control.
Ref: http://support.microsoft.com/kb/240797
______________________________________________________________________

09.5.10 CVE: Not Available
Platform: Third Party Windows Apps
Title: FlexCell Grid Control (ActiveX) Multiple Arbitrary File
Overwrite Vulnerabilities
Description: FlexCell Grid Control (ActiveX) is an application for
working with spreadsheet data. The application is exposed to two
issues that allow attackers to overwrite files with arbitrary,
attacker-supplied content. Specifically, the "SaveFile()" and
"ExportToXML()" methods of the Grid Control ActiveX control will
overwrite files in an insecure manner. FlexCell Grid Control (ActiveX)
version 5.6.9 is affected.
Ref: http://support.microsoft.com/kb/240797
______________________________________________________________________

09.5.11 CVE: Not Available
Platform: Third Party Windows Apps
Title: NCTSoft NCTVideoStudio ActiveX Control "CreateFile()" Heap
Buffer Overflow
Description: NCTSoft NCTVideoStudio is a collection of ActiveX
controls for building multimedia applications. One included control is
"NCTAudioFile2.dll". The ActiveX control is exposed to a heap-based
buffer overflow issue. Specifically, this issue stems from a boundary
condition in the "CreateFile()" function of the "NCTAudioFile2.dll"
ActiveX control. NCTVideoStudio version 1.6 is affected.
Ref: http://support.microsoft.com/kb/240797
______________________________________________________________________

09.5.12 CVE: Not Available
Platform: Linux
Title: Linux Kernel "readlink" Local Privilege Escalation
Description: The Linux kernel is exposed to a local privilege
escalation issue because the application fails to perform adequate
boundary checks on user-supplied data. This issue occurs in the
"ecryptfs_printk()" function of the "fs/ecryptfs/inode.c" source file.
Linux kernel versions prior to 2.6.24.1 are affected.
Ref: http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.1
______________________________________________________________________

09.5.13 CVE: Not Available
Platform: Linux
Title: Linux Kernel "dell_rbu" Local Denial of Service Vulnerabilities
Description: Linux Kernel is exposed to two denial of service issues
because of errors that affect the "read_rbu_image_type()" and
"read_rbu_packet_size()" functions of the
"drivers/firmware/dell_rbu.c" source file. kernel versions prior to
2.6.27.13 and 2.6.28.2 are affected.
Ref: http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.13
______________________________________________________________________

09.5.14 CVE: Not Available
Platform: Solaris
Title: Sun Solaris UltraSPARC T2 And UltraSPARC T2+ Local Denial of
Service
Description: Sun Solaris is a UNIX-based operating system. Solaris
"sun4v" kernel for Sun UltraSPARC T2 and UltraSPARC T2+ systems is
exposed to a local denial of service issue caused by unspecified
errors. OpenSolaris for Sun UltraSPARC T2 and UltraSPARC T2+ systems
are affected.
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-250066-1
______________________________________________________________________

09.5.15 CVE: Not Available
Platform: Solaris
Title: Sun Solaris Pseudo-terminal Driver (pty(7D)) Local Denial of
Service
Description: Sun Solaris is a UNIX-based operating system. Solaris is
exposed to a local denial of service issue that occurs due to a
race condition error and affects the Solaris pseudo-terminal driver
(pty(7D)) module.
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-249586-1
______________________________________________________________________

09.5.16 CVE: Not Available
Platform: Solaris
Title: Sun Solaris "in.iked(1M)" IKE Packet Handling Remote Denial of
Service
Description: Sun Solaris "in.iked(1M)" is a daemon that uses the
"libike" library to process Internet Key Exchange (IKE) packets. The
application is exposed to a denial of service issue when handling
specially-crafted IKE packets. Remote attackers can deny service to
legitimate users by crashing the "in.iked(1M)" daemon.
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-247406-1
______________________________________________________________________

09.5.17 CVE: Not Available
Platform: Solaris
Title: Sun Solaris IPv6 "ipsec_needs_processing_v6()" Remote Denial of
Service
Description: Sun Solaris is prone to a remote denial of service issue.
The issue occurs when the kernel processes specially crafted IPv6
packets in the "ipsec_needs_processing_v6()" function. Solaris 11 is
vulnerable.
Ref: http://www.securityfocus.com/bid/33435
______________________________________________________________________

09.5.18 CVE: Not Available
Platform: Solaris
Title: Sun Solaris "autofs" Kernel Module Local Code Execution
Description: Sun Solaris is exposed to a local code execution issue
because of an error in the "autofs" kernel module. Attackers can
exploit this issue to cause a denial of service condition. In certain
circumstances, attackers may be able to execute arbitrary code with
the privileges of the "root" user.
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-249966-1
______________________________________________________________________

09.5.19 CVE: CVE-2009-0057
Platform: Cross Platform
Title: Cisco Unified Communications Manager CAPF Service Denial of
Service
Description: Cisco Unified Communications Manager (CUCM) is a
software-based call-processing component of the Cisco IP telephony
solution. The application was formerly named Unified CallManager. CUCM
is exposed to a denial of service issue when handling malformed input.
This issue occurs in the Certificate Authority Proxy Function (CAPF)
service listening on TCP Port 3804.
Ref:
http://www.cisco.com/warp/public/707/cisco-sa-20090121-cucmcapf.shtml
______________________________________________________________________

09.5.20 CVE: CVE-2008-3820
Platform: Cross Platform
Title: Cisco Security Manager IPS Event Viewer Remote Unauthorized TCP
Port Access
Description: Cisco Security Manager is a management application used
to configure security services. This issue occurs when IPS Event
Viewer is launched, resulting in open TCP ports on both the Security
Manager server and IPS Event Viewer client. Security Manager versions
3.0 up to 3.2 are affected.
Ref: http://www.securityfocus.com/archive/1/500249
______________________________________________________________________

09.5.21 CVE: Not Available
Platform: Cross Platform
Title: Axis 70U Network Document Server Multiple Input Validation
Vulnerabilities
Description: The Axis 70U Network Document Server is a document server
device which includes a web-based administration interface. The
administration interface is exposed to multiple issues because it
fails to properly sanitize user-supplied input. The Axis 70U Network
Document Server firmware version 3.0 is affected.
Ref: http://www.securityfocus.com/archive/1/500248
______________________________________________________________________

09.5.22 CVE: Not Available
Platform: Cross Platform
Title: OpenOffice ".doc" File Remote Denial of Service
Description: OpenOffice is a suite of office applications for multiple
operating platforms. OpenOffice is exposed to a remote denial of
service issue when handling a specially-crafted ".doc" file. The
problem occurs when converting Word 97 format files for use in
OpenOffice Word Processor.
Ref: http://permalink.gmane.org/gmane.comp.security.oss.general/1410
______________________________________________________________________

09.5.23 CVE: CVE-2009-0002
Platform: Cross Platform
Title: Apple QuickTime QTVR Movie Remote Buffer Overflow
Description: Apple QuickTime is a media player that supports multiple
file formats. The application is exposed to a heap-based buffer
overflow issue because it fails to perform adequate boundary checks on
user-supplied data. The problem occurs when handling "THKD" atoms in a
malicious QTVR (QuickTime Virtual Reality) movie file. Apple QuickTime
running on Microsoft Windows Vista, Microsoft Windows XP SP2, and Mac
OS X is affected.
Ref: http://www.zerodayinitiative.com/advisories/ZDI-09-005/
______________________________________________________________________

09.5.24 CVE: CVE-2009-0001
Platform: Cross Platform
Title: Apple QuickTime RTSP URL Remote Heap Buffer Overflow
Description: Apple QuickTime is a media player that supports multiple
file formats. Apple QuickTime is exposed to a remote heap-based buffer
overflow issue because the application fails to perform adequate
boundary checks on user-supplied data. This issue occurs when handling
malformed RTSP URLs. Apple QuickTime versions prior to 7.6 are
affected.
Ref: http://www.securityfocus.com/bid/33385
______________________________________________________________________

09.5.25 CVE: CVE-2009-0005
Platform: Cross Platform
Title: Apple QuickTime H.263 Encoded Movie Remote Memory Corruption
Description: Apple QuickTime is a media player that supports multiple
file formats. The application is exposed to a memory corruption issue
because it fails to perform adequate boundary checks on user-supplied
data. The problem occurs when handling a malicious H.263 Encoded movie
file. Apple QuickTime running on Microsoft Windows Vista, Microsoft
Windows XP SP3, and Mac OS X is affected.
Ref: http://support.apple.com/kb/HT3403
______________________________________________________________________

09.5.26 CVE: CVE-2009-0003
Platform: Cross Platform
Title: Apple QuickTime AVI Movie Remote Buffer Overflow
Description: Apple QuickTime is a media player that supports multiple
file formats. The application is exposed to a heap-based buffer
overflow issue because it fails to perform adequate boundary checks on
user-supplied data. The problem occurs when handling AVI movie files.
Apple QuickTime running on Microsoft Windows Vista, Microsoft Windows
XP SP2, and Mac OS X is affected.
Ref: http://www.zerodayinitiative.com/advisories/ZDI-09-006/
______________________________________________________________________

09.5.27 CVE: CVE-2009-0006
Platform: Cross Platform
Title: Apple QuickTime Cinepak Encoded Movie Remote Buffer Overflow
Description: Apple QuickTime is a media player that supports multiple
file formats. The application is exposed to a heap-based buffer
overflow issue because it fails to perform adequate boundary checks on
user-supplied data. The problem occurs when handling a malicious
Cinepak encoded movie file. Apple QuickTime running on Microsoft
Windows Vista, Microsoft Windows XP SP3, and Mac OS X is affected.
Ref: http://www.zerodayinitiative.com/advisories/ZDI-09-007/
______________________________________________________________________

09.5.28 CVE: CVE-2009-0004
Platform: Cross Platform
Title: Apple QuickTime MPEG-2 Movie File Remote Buffer Overflow
Description: Apple QuickTime is a media player that supports multiple
file formats. The application is exposed to a heap-based buffer
overflow issue because it fails to perform adequate boundary checks on
user-supplied data. The problem occurs when handling MPEG-2 video
files with MP3 audio content. Apple QuickTime running on Microsoft
Windows Vista, Microsoft Windows XP SP2 and SP3, and Mac OS X is
affected.
Ref: http://support.apple.com/kb/HT3403
______________________________________________________________________

09.5.29 CVE: Not Available
Platform: Cross Platform
Title: Apple QuickTime "jpeg" Atoms Movie File Remote Buffer Overflow
Description: Apple QuickTime is a media player that supports multiple
file formats. The application is exposed to a heap-based buffer
overflow issue because it fails to perform adequate boundary checks on
user-supplied data. The problem occurs when handling "jpeg" atoms in a
malicious movie file. Apple QuickTime running on Microsoft Windows
Vista, Microsoft Windows XP SP2 and SP3, and Mac OS X is affected.
Ref: http://www.zerodayinitiative.com/advisories/ZDI-09-007/
______________________________________________________________________

09.5.30 CVE: Not Available
Platform: Cross Platform
Title: Fujitsu Systemcast Wizard Lite TFTP Directory Traversal
Description: Fujitsu Systemcast Wizard Lite is a support application
for Fujitsu PRIMEQUEST servers. The application is exposed to a
directory traversal issue because it fails to sufficiently sanitize
user-supplied input to unspecified Trivial File Transfer Protocol
(TFTP) requests. Systemcast Wizard Lite versions 2.0A and earlier are
affected.
Ref:
http://www.fujitsu.com/global/services/computing/server/primequest/products/os/
windows-server-2008-2.html
______________________________________________________________________

09.5.31 CVE: CVE-2009-0008
Platform: Cross Platform
Title: Apple QuickTime MPEG-2 Playback Component Remote Memory
Corruption
Description: Apple QuickTime is a media player that supports multiple
file formats. The component is exposed to a memory corruption issue
because it fails to perform adequate boundary checks on user-supplied
data. The problem occurs when handling malformed MPEG-2 video files.
Apple QuickTime MPEG-2 Playback Component running on Microsoft Windows
Vista and Microsoft Windows XP SP2 and SP3 is affected.
Ref: http://support.apple.com/kb/HT3381
______________________________________________________________________

09.5.32 CVE: Not Available
Platform: Cross Platform
Title: Sun OpenSolaris "txzonemgr" Insecure Temporary File Handling
Description: The "txzonemgr" script provides an interface for managing
labeled zones for the OpenSolaris operating system. The script handles
temporary files in an insecure manner.
Ref: http://opensolaris.org/os/bug_reports/request_sponsor/
______________________________________________________________________

09.5.33 CVE: CVE-2008-5909
Platform: Cross Platform
Title: Sun OpenSolaris "conv_lpd" Insecure Temporary File Handling
Description: Sun OpenSolaris is a UNIX-based operating system.
OpenSolaris handles temporary files in an insecure manner. This issue
affects "conv_lpd". An attacker with local access could potentially
exploit this issue to perform symbolic-link attacks, overwriting
arbitrary files in the context of the affected application.
Ref: http://opensolaris.org/os/bug_reports/request_sponsor/
______________________________________________________________________

09.5.34 CVE: Not Available
Platform: Cross Platform
Title: Sun Java System Application Server Information Disclosure
Description: Sun Java System Application Server is an enterprise
application server. It is available for Solaris, Windows, and Linux
platforms. The application is exposed to a remote information
disclosure issue because it may reveal configuration files in WEB-INF
and META-INF directories to remote unprivileged users.
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-245446-1
______________________________________________________________________

09.5.35 CVE: Not Available
Platform: Cross Platform
Title: Tor Unspecified Remote Memory Corruption
Description: Tor is an implementation of second-generation Onion
Routing, a connection-oriented anonymizing communication service. The
application is exposed to a heap corruption issue because of
unspecified errors. Tor versions prior to 0.2.0.33 are affected.
Ref: http://archives.seul.org/or/announce/Jan-2009/msg00000.html
______________________________________________________________________

09.5.36 CVE: Not Available
Platform: Cross Platform
Title: FTPShell server ".key" File Buffer Overflow
Description: FTPShell Server is an FTP server application available
for Microsoft Windows. The application is exposed to a buffer overflow
issue because it fails to bounds check user-supplied data. This issue
can occur when a specially-crafted ".key" file containing 8000 or more
bytes of data. FTPShell Server version 4.3 is affected.
Ref: http://www.securityfocus.com/bid/33403
______________________________________________________________________

09.5.37 CVE: Not Available
Platform: Cross Platform
Title: GStreamer QuickTime Media File Parsing Multiple Buffer Overflow
Vulnerabilities
Description: GStreamer is a library for constructing graphs of
media-handling components. GStreamer is exposed to multiple buffer
overflow issues because it fails to perform adequate boundary checks
when parsing "stts", "stss", and "ctts" Atoms on user-supplied
QuickTime media files. These issues occur in the
"gst-plugins-good/gst/qtdemux/qtdemux.c" source file. GStreamer
"gst-plugins-good" versions prior to 0.10.12 are affected.
Ref: http://www.securityfocus.com/archive/1/500317
______________________________________________________________________

09.5.38 CVE: Not Available
Platform: Cross Platform
Title: Futomi's CGI Cafe Search CGI Password Reset Security Bypass
Description: Futomi's CGI Cafe Search CGI is a CGI-based application.
The application is exposed to a security bypass issue related to the
password-reset feature. This issue is the result of a failure to
restrict access to the "PasswdChange()" function of the "admin.cgi"
script when the parameter "a" is set to "pass_new". Futomi's CGI Cafe
Search CGI versions up to and including 1.1.2 are affected.
Ref: http://www.securityfocus.com/bid/33409
______________________________________________________________________

09.5.39 CVE: CVE-2008-2955
Platform: Cross Platform
Title: Pidgin "msn_slplink_process_msg()" Denial of Service
Description: Pidgin is a multiplatform instant-messaging client that
supports multiple messaging protocols. Pidgin is exposed to a denial
of service issue because it fails to properly sanitize user-supplied
input. Pidgin version 2.4.1 is affected.
Ref: http://www.securityfocus.com/archive/1/493682
______________________________________________________________________

09.5.40 CVE: Not Available
Platform: Cross Platform
Title: Systrace 64 Bit Aware Linux Kernel Privilege Escalation
Description: Systrace is an application used to provide access control
restrictions on system calls. Systrace is available for Linux, BSD and
Mac OS X. Systrace is exposed to a local privilege escalation issue
when running on a 64-bit aware Linux kernel. Systrace versions prior
to 1.6f are affected.
Ref: http://scary.beasts.org/security/CESA-2009-001.html
______________________________________________________________________

09.5.41 CVE: CVE-2009-0032
Platform: Cross Platform
Title: CUPS "/tmp/pdf.log" Insecure Temporary File Creation
Description: CUPS (Common UNIX Printing System) is a widely used set
of printing utilities for UNIX-based systems. CUPS creates temporary
files in an insecure manner. The issue occurs because the application
script creates the "/tmp/pdf.log" file in an insecure manner. CUPS
1.3.9 is vulnerable; other versions may also be affected.
Ref: http://www.securityfocus.com/bid/33418
______________________________________________________________________

09.5.42 CVE: Not Available
Platform: Cross Platform
Title: Gnumeric "PySys_SetArgv" Remote Command Execution
Description: Gnumeric is an open-source spreadsheet application for
the GNOME desktop environment. The application is exposed to a remote
command execution issue because it may include Python files from an
unsafe location. The problem occurs because the application's Python
interface
("gnumeric-N.V.R/plugins/python-loader/gnm-py-interpreter.c") calls
"PySys_SetArgv" with a parameter that doesn't resolve to a filename.
Ref: https://bugzilla.redhat.com/show_bug.cgi?id=481572
______________________________________________________________________

09.5.43 CVE: Not Available
Platform: Cross Platform
Title: Epiphany "PySys_SetArgv" Remote Command Execution
Description: Epiphany is a web browser available for the GNOME
desktop. The application is exposed to a remote command execution
issue because it may include Python files from an unsafe location. The
problem occurs because the application's Python interface
("epiphany-N.V.R/src/ephy-python.c") calls "PySys_SetArgv" with a
parameter that doesn't resolve to a filename.
Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504363
______________________________________________________________________

09.5.44 CVE: Not Available
Platform: Cross Platform
Title: Nautilus "PySys_SetArgv" Remote Command Execution
Description: Nautilus is a file management application for the GNOME
desktop. The application is exposed to a remote command execution
issue because it may include Python files from an unsafe location. The
problem occurs because the application's Python interface calls
"PySys_SetArgv" with a parameter that doesn't resolve to a filename.
Ref: https://bugzilla.redhat.com/show_bug.cgi?id=481570
______________________________________________________________________

09.5.45 CVE: Not Available
Platform: Cross Platform
Title: eog "PySys_SetArgv" Remote Command Execution
Description: eog (Eye of GNOME) is an open-source image viewer for the
GNOME desktop environment. The application is exposed to a remote
command execution issue because it may include Python files from an
unsafe location. The problem occurs because the application's Python
interface "PySys_SetArgv" in the "eog-python-module.c" source file
doesn't resolve to a filename.
Ref: https://bugzilla.redhat.com/show_bug.cgi?id=481553
______________________________________________________________________

09.5.46 CVE: Not Available
Platform: Cross Platform
Title: XChat "PySys_SetArgv" Remote Command Execution
Description: XChat is an open-source Internet Relay Chat (IRC) client
available for multiple platforms. The application is exposed to a
remote command execution issue because it may include Python files
from an unsafe location. The problem occurs because the application's
Python module calls "PySys_SetArgv" with a parameter that doesn't
resolve to a filename.
Ref: https://bugzilla.redhat.com/show_bug.cgi?id=481560
______________________________________________________________________

09.5.47 CVE: Not Available
Platform: Cross Platform
Title: gedit "PySys_SetArgv" Remote Command Execution
Description: gedit is an open-source text editor application for the
GNOME desktop environment. The application is exposed to a remote
command execution issue because it may include Python files from an
unsafe location. The problem occurs because the application's Python
interface "PySys_SetArgv()" doesn't resolve to a filename.
Ref: https://bugzilla.redhat.com/show_bug.cgi?id=481556
______________________________________________________________________

09.5.48 CVE: Not Available
Platform: Cross Platform
Title: Csound "PySys_SetArgv" Remote Command Execution
Description: Csound is a sound design, music synthesis, and signal
processing application. The application is exposed to a remote command
execution issue because it may include Python files from an unsafe
location. The problem occurs because the application's Python interface
("frontends/CsoundVST/ScoreGeneratorVst.cpp") calls "PySys_SetArgv"
with a parameter that doesn't resolve to a filename.
Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504359
______________________________________________________________________

09.5.49 CVE: Not Available
Platform: Cross Platform
Title: Vim "PySys_SetArgv" Remote Command Execution
Description: Vim is an open-source text editor application. The
application is exposed to a remote command execution issue because it
may include Python files from an unsafe location. The problem occurs
because the application's Python interface calls "PySys_SetArgv" with a
parameter that doesn't resolve to a filename. Vim versions prior to
7.2.045 are affected.
Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=493937
______________________________________________________________________

09.5.50 CVE: Not Available
Platform: Cross Platform
Title: Dia "PySys_SetArgv" Remote Command Execution
Description: Dia is a GTK+ based diagram creation application
available for Linux, Unix and Windows. The application is exposed to a
remote command execution issue because it may include Python files
from an unsafe location. The problem occurs because the application's
Python interface (dia-0.96.1.orig/plug-ins/python/python.c') calls
"PySys_SetArgv" with a parameter that doesn't resolve to a filename.
Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504251
______________________________________________________________________

09.5.51 CVE: Not Available
Platform: Cross Platform
Title: Win FTP Server "LIST" FTP Command Remote Buffer Overflow
Description: Win FTP Server is a multithreaded FTP server for
Microsoft Windows platform. Win FTP Server is exposed to a remote
buffer overflow issue. Specifically, the issue occurs when an overly
large string with first character as asterisk is provided to the
"LIST" FTP command. Win FTP Server version 2.3.0 is affected.
Ref: http://www.securityfocus.com/bid/33454
______________________________________________________________________

09.5.52 CVE: CVE-2009-0042
Platform: Cross Platform
Title: Computer Associates Anti-Virus Engine "arclib.dll" Multiple
Scan Evasion Vulnerabilities
Description: Computer Associates Anti-Virus engine is anti-virus scan
engine included in various Computer Associates products. Computer
Associates Anti-Virus engine is exposed to an issue that may allow
certain compressed archives to bypass the scan engine. Products with
"arclib.dll" prior to version 7.3.0.15 are affected.
Ref: http://www.securityfocus.com/archive/1/500417
______________________________________________________________________

09.5.53 CVE: Not Available
Platform: Cross Platform
Title: winetricks "x_showmenu.txt" Insecure Temporary File Creation
Description: winetricks is a script used to manage runtime libraries
for Wine. The script creates a temporary file in an insecure manner.
An attacker with local access could perform symbolic-link attacks,
overwriting a temporary file in the context of the affected
application. winetricks versions prior to 20081223 are affected.
Ref: http://www.securityfocus.com/bid/33474
______________________________________________________________________

09.5.54 CVE: Not Available
Platform: Cross Platform
Title: Apple Safari Malformed URI Remote Denial Of Service
Description: Apple Safari is a web browser available for multiple
operating platforms. The browser is exposed to a denial of service
issue because it fails to adequately sanitize user-supplied input.
This issue occurs when handling malformed HTTP URIs. Apple Safari for
Windows version 3.2.1 is affected.
Ref:
http://lostmon.blogspot.com/2009/01/safari-for-windows-321-remote-http-uri.html
______________________________________________________________________

09.5.55 CVE: Not Available
Platform: Cross Platform
Title: Zinf Multiple PlayList Files Buffer Overflow
Description: Zinf is a media player application available for Linux
and Microsoft Windows. Zinf is exposed to a buffer overflow issue
because it fails to bounds check user-supplied data before copying it
into an insufficiently sized buffer. This issue occurs when handling
specially-crafted ".gqmpeg" or ".m3u" playlist files. Zinf version
2.2.1 is affected.
Ref: http://www.securityfocus.com/bid/33482
______________________________________________________________________

09.5.56 CVE: Not Available
Platform: Cross Platform
Title: Sun Java System Access Manager Username Enumeration Weakness
Description: Sun Java System Access Manager is an application for
managing secure access to web applications. The application is exposed
to a username enumeration weakness because of a design error in the
application when verifying user-supplied input.
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-242026-1
______________________________________________________________________

09.5.57 CVE: Not Available
Platform: Cross Platform
Title: GraphicsMagick Multiple Remote Denial of Service
Vulnerabilities
Description: GraphicsMagick is an image processing application
available for multiple platforms. It was originally derived from
ImageMagick version 5.5.2. The application is exposed to multiple denial of
service issues because of unspecified errors in the components
responsible for processing bitmap (BMP) and device-independent bitmap
(DIB) files. GraphicsMagick versions prior to 1.3.5 are affected.
Ref: http://www.graphicsmagick.org/Changelog.html
______________________________________________________________________

09.5.58 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: BBSXP "error.asp" Cross-Site Scripting
Description: BBSXP is a BBS application. The application is exposed to
a cross-site scripting issue because it fails to sufficiently sanitize
user-supplied input. This issue affects the "message" parameter in the
"error.asp" script. BBSXP versions 5.13 and earlier are affected.
Ref: http://www.securityfocus.com/archive/1/500336
______________________________________________________________________

09.5.59 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: OBLOG "err.asp" Cross-Site Scripting
Description: OBLOG is a web-log application implemented in ASP. The
application is exposed to a cross-site scripting issue because it
fails to sufficiently sanitize user-supplied input. This issue affects
the "message" parameter in the "err.asp" script.
Ref: http://www.securityfocus.com/archive/1/500349
______________________________________________________________________

09.5.60 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: MacsDesign Studio Web Help Desk Cross-Site Scripting
Description: Web Help Desk is an online help desk application. It is
implemented as a Java servlet. Web Help Desk is exposed to a
cross-site scripting issue because it fails to sufficiently sanitize
user-supplied data. This issue arises when an attacker supplies script
code through "Helpdesk.woa" in a URL. Web Help Desk versions prior to
9.1.18 are affected.
Ref:
http://updates.webhelpdesk.com/weblog/updates/StableReleases/2009/01/23/
911812309.html
______________________________________________________________________

09.5.61 CVE: CVE-2008-3358
Platform: Web Application - Cross Site Scripting
Title: SAP NetWeaver and Web Dynpro Portal Cross-Site Scripting
Description: SAP NetWeaver is a platform for enterprise applications;
Web Dynpro is the development environment within SAP NetWeaver. SAP
NetWeaver and Web Dynpro Java are exposed to a cross-site scripting
issue because the software fails to sufficiently sanitize
user-supplied data.
Ref: http://www.securityfocus.com/archive/1/500415
______________________________________________________________________

09.5.62 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: MoinMoin "antispam.py" Cross-Site Scripting
Description: MoinMoin is a freely available, open-source wiki written
in Python. It is available for Unix and Linux platforms. The
application is exposed to cross-site scripting attacks because it
fails to sufficiently sanitize user-supplied input to the
"security/antispam.py" source file. MoinMoin versions 1.7.3 and 1.8.1
are  affected.
Ref: http://hg.moinmo.in/moin/1.8/rev/89b91bf87dad
______________________________________________________________________

09.5.63 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: GameScript "games.php" Cross-Site Scripting
Description: GameScript is a PHP-based gaming content management
system. The application is exposed to a cross-site scripting issue
because it fails to sufficiently sanitize user-supplied input. This
issue affects the "search" parameter in the "games.php" script.
GameScript version 4.6 is affected.
Ref: http://www.securityfocus.com/bid/33487
______________________________________________________________________

09.5.64 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! and Mambo SOBI2 Component "bid" Parameter SQL Injection
Description: SOBI2 (Sigsiu Online Business Index 2) is a component for
Joomla! and Mambo that lets users create and manage business catalogs.
The application is exposed to an SQL injection issue because it fails
to sufficiently sanitize user-supplied data to the "bid" parameter of
the "com_sobi2" component before using it in an SQL query. SOBI2 RC
version 2.8.2 is affected.
Ref: http://www.securityfocus.com/bid/33378
______________________________________________________________________

09.5.65 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! BazaarBuilder Component "cid" Parameter SQL Injection
Description: BazaarBuilder component is an ecommerce module for the
Joomla! content manager.
The component is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "cid" parameter before
using it an SQL query.
Ref: http://www.securityfocus.com/bid/33380
______________________________________________________________________

09.5.66 CVE: CVE-2008-2384
Platform: Web Application - SQL Injection
Title: Debian "libapache2-mod-auth-mysql" Package Multibyte Character
Encoding SQL Injection
Description: The "libapache2-mod-auth-mysql" package is an Apache
module for MySQL database authentication. The application is exposed
to an SQL injection issue because it fails to sufficiently sanitize
user-supplied data before being used in an SQL query. This issue
occurs when using multibyte character encoding.
Ref: http://permalink.gmane.org/gmane.comp.security.oss.general/1411
______________________________________________________________________

09.5.67 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Prince Clan Chess Club "com_pcchess" Component "game_id"
Parameter SQL Injection
Description: The "com_pcchess" component is a chess module for the
Joomla! and Mambo content managers. The application is exposed to an
SQL injection issue because it fails to sufficiently sanitize
user-supplied data to the "game_id" parameter of the "com_pcchess"
module before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/33394
______________________________________________________________________

09.5.68 CVE: Not Available
Platform: Web Application - SQL Injection
Title: OwnRS "autor.php" SQL Injection
Description: OwnRS is a PHP-based content manager. The application is
exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "id" parameter of the "autor.php"
script. OwnRS version 1.2 is affected.
Ref: http://www.securityfocus.com/bid/33402
______________________________________________________________________

09.5.69 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Pardal CMS "comentar.php" SQL Injection
Description: Pardal CMS is a PHP-based content manager. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "id" parameter of the
"comentar.php" script. Pardal CMS version 0.2.0 is affected.
Ref: http://www.securityfocus.com/bid/33404
______________________________________________________________________

09.5.70 CVE: Not Available
Platform: Web Application - SQL Injection
Title: PHP-Nuke Downloads Module
Description: Downloads is a module for the PHP-Nuke content manager.
The component is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "url" parameter before
using it in an SQL query.
Ref: http://www.securityfocus.com/archive/1/500335
______________________________________________________________________

09.5.71 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Flaxweb Article Manager "category.php" Parameter SQL Injection
Description: Flaxweb Article Manager is used to manage news sites. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "cat_id" parameter of
the "category.php" script before using it in an SQL query. Flaxweb
Article Manager version 1.1 is affected.
Ref: http://www.securityfocus.com/bid/33422
______________________________________________________________________

09.5.72 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Ewebb Web-Calendar Lite Multiple SQL Injection Vulnerabilities
Description: Ewebb Web-Calendar Lite is a web-based application
implemented in ASP. The application is exposed to multiple SQL
injection issues because it fails to sufficiently sanitize
user-supplied data to the "Login" and "Password" fields. Ewebb
Web-Calendar Lite version 1.0 is affected.
Ref: http://www.securityfocus.com/bid/33423
______________________________________________________________________

09.5.73 CVE: Not Available
Platform: Web Application - SQL Injection
Title: KEEP Toolkit "lib/patUser.php" SQL Injection
Description: KEEP Toolkit is used to manage and publish educational
content. The application is exposed to an SQL injection issue because
it fails to sufficiently sanitize user-supplied data to the
"lib/patUser.php" script before using it in an SQL query. KEEP Toolkit
versions prior to 2.5.1 are affected.
Ref: http://www.securityfocus.com/bid/33425
______________________________________________________________________

09.5.74 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Mambo "com_sim" Component "character_ID" Parameter SQL
Injection
Description: "com_sim" is a component for Mambo content manager. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "character_ID"
parameter before using it in an SQL query. "com_sim" component version
0.8 is affected.
Ref: http://www.milw0rm.com/exploits/7860
______________________________________________________________________

09.5.75 CVE: Not Available
Platform: Web Application - SQL Injection
Title: LDF "login.asp" SQL Injection
Description: LDF  is a web-based application implemented in ASP. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "user" parameter of
the "login.asp" script.
Ref: http://www.securityfocus.com/archive/1/500387
______________________________________________________________________

09.5.76 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Lootan "login.asp" SQL Injection
Description: Lootan is a web-based application implemented in ASP. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "username" parameter
of the "login.asp" script.
Ref: http://www.securityfocus.com/bid/33439
______________________________________________________________________

09.5.77 CVE: Not Available
Platform: Web Application - SQL Injection
Title: ITLPoll "index.php" SQL Injection
Description: ITLPoll is a web-based polling and survey application.
The application is exposed to an SQL injection issue because it fails
to sufficiently sanitize user-supplied data to the "id" parameter of
the "index.php" script. ITLPoll version 2.7 Stable 2 is affected.
Ref: http://www.securityfocus.com/bid/33452
______________________________________________________________________

09.5.78 CVE: Not Available
Platform: Web Application - SQL Injection
Title: ElearningForce Flash Magazine Deluxe Joomla! Component SQL
Injection
Description: Flash Magazine Deluxe is a content publishing module for
the Joomla! content manager. The component is exposed to an SQL
injection issue because it fails to sufficiently sanitize
user-supplied data to the "mag_id" parameter before using it an SQL
query.
Ref: http://www.securityfocus.com/bid/33455
______________________________________________________________________

09.5.79 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Groone GLinks "cat" Parameter SQL Injection
Description: Groone GLinks is a PHP-based links manager. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "cat" parameter of the
"index.php" script before using it an SQL query.
Ref: http://www.securityfocus.com/bid/33460
______________________________________________________________________

09.5.80 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Wazzum Dating Software "userid" Parameter SQL Injection
Description: Wazzum Dating Software is a PHP-based application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "userid" parameter of
the "profile_view.php" script before using it an SQL query.
Ref: http://www.securityfocus.com/bid/33461
______________________________________________________________________

09.5.81 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Script Toko Online "cat_id" Parameter SQL Injection
Description: Script Toko Online is a PHP-based application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "cat_id" parameter of
the "shop_display_products.php" script before using it an SQL query.
Script Toko Online version 5.01 is affected.
Ref: http://www.securityfocus.com/bid/33462
______________________________________________________________________

09.5.82 CVE: Not Available
Platform: Web Application - SQL Injection
Title: ShopSystem eSystem Multiple SQL Injection Vulnerabilities
Description: eSystem is an ASP-based application. The application is
exposed to multiple SQL injection issues because it fails to
sufficiently sanitize user-supplied data before using it in an SQL
query. A successful exploit may allow an attacker to compromise the
application, access or modify data, or exploit latent vulnerabilities
in the underlying database.
Ref: http://www.securityfocus.com/bid/33463
______________________________________________________________________

09.5.83 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Max.Blog "show_post.php" SQL Injection
Description: Max.Blog is a PHP-based content management system. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "id" parameter of the
"show_post.php" script before using it an SQL query. Max.Blog version
1.0.6 is affected.
Ref: http://www.securityfocus.com/archive/1/500418
______________________________________________________________________

09.5.84 CVE: Not Available
Platform: Web Application - SQL Injection
Title: E-Php Scripts CMS "browsecats.php" SQL Injection
Description: E-Php Scripts CMS is a web-based content manager. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "cid" parameter of the
"browsecats.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/33470
______________________________________________________________________

09.5.85 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Shop-inet "show_cat2.php" SQL Injection
Description: Shop-inet is a PHP-based ecommerce application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "grid" parameter of
the "show_cat2.php" script before using it an SQL query. Shop-inet
version 4 is affected.
Ref: http://www.securityfocus.com/bid/33471
______________________________________________________________________

09.5.86 CVE: Not Available
Platform: Web Application - SQL Injection
Title: PHP-CMS Project "login.php" SQL Injection
Description: PHP-CMS Project is a web-based content manager. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "username" parameter
of the "admin/login.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/33473
______________________________________________________________________

09.5.87 CVE: Not Available
Platform: Web Application - SQL Injection
Title: GLPI Prior to 0.71.4 Unspecified SQL Injection
Description: GLPI is an information management application. The
application is exposed to an unspecified SQL injection issue because
it fails to properly sanitize user-supplied input to before using it
in an SQL query. GLPI versions prior to 0.71.4 are affected.
Ref:
http://www.glpi-project.org/spip.php?page=annonce&id_breve=161&lang=en
______________________________________________________________________

09.5.88 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Max.Blog "submit_post.php" SQL Injection
Description: Max.Blog is a PHP-based content management system. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "draft" parameter of
the "submit_post.php" script before using it an SQL query. Max.Blog
version 1.0.6 is affected.
Ref: http://www.securityfocus.com/archive/1/500438
______________________________________________________________________

09.5.89 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Community CMS "index.php" SQL Injection
Description: Community CMS is a PHP-based content manager. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "id" parameter of the
"index.php" script before using it in an SQL query. Community CMS
versions 0.4 and earlier are affected.
Ref: http://www.securityfocus.com/bid/33484
______________________________________________________________________

09.5.90 CVE: Not Available
Platform: Web Application - SQL Injection
Title: GameScript "page.php" SQL Injection
Description: GameScript is a PHP-based gaming content management
system. The application is exposed to an SQL injection issue because
it fails to sufficiently sanitize user-supplied data to the "user"
parameter of the "page.php" script before using it in an SQL query.
GameScript version 4.6 is affected.
Ref: http://www.securityfocus.com/bid/33486
______________________________________________________________________

09.5.91 CVE: Not Available
Platform: Web Application
Title: Joomla! "com_beamospetition" Component SQL Injection and
Cross-Site Scripting Vulnerabilities
Description: "com_beamospetition" is a component for the Joomla!
content manager. The application is exposed to multiple input
validation issues. "com_beamospetition" version 1.0.12 is affected.
Ref: http://www.securityfocus.com/archive/1/500250
______________________________________________________________________

09.5.92 CVE: Not Available
Platform: Web Application
Title: ASP Project Management Cookie Authentication Bypass
Description: ASP Project Management is an ASP-based project management
application. The application is exposed to an authentication bypass
issue because it fails to adequately verify user-supplied input used
for cookie-based authentication. ASP Project Management version 1.0 is
affected.
Ref: http://www.securityfocus.com/bid/33401
______________________________________________________________________

09.5.93 CVE: Not Available
Platform: Web Application
Title: OpenGoo "upgrade/index.php" Local File Include
Description: OpenGoo is a web-based office suite. The application is
exposed to a local file include issue because it fails to properly
sanitize user-supplied input to the "form_data[script_class]"
parameter of the "upgrade/index.php" script. OpenGoo version 1.1 is
affected.
Ref: http://www.securityfocus.com/bid/33421
______________________________________________________________________

09.5.94 CVE: Not Available
Platform: Web Application
Title: MemHT Portal Avatar Upload Arbitrary File Upload
Description: MemHT Portal is a content manager. The application is
exposed to an issue that lets attackers upload arbitrary files. The
problem occurs because the avatar upload component fails to properly
validate contents of an uploaded file. MemHT Portal versions 4.0.1 and
earlier are affected.
Ref: http://www.securityfocus.com/bid/33424
______________________________________________________________________

09.5.95 CVE: Not Available
Platform: Web Application
Title: WB News "config[installdir]" Parameter Multiple Remote File
Include Vulnerabilities
Description: WB News is a web-based news script. The application is
exposed to multiple remote file include issues because it fails to
sufficiently sanitize user-supplied input. WB News version 2.0.1 is
affected.
Ref: http://www.securityfocus.com/bid/33434
______________________________________________________________________

09.5.96 CVE: Not Available
Platform: Web Application
Title: ConPresso CMS Multiple 4.07 Multiple Remote Vulnerabilities
Description: ConPresso CMS is a PHP-based content manager. The
application is exposed to mulitple remote issues. An attacker may exploit
these issues to execute arbitrary script code within the context of
the affected browser and within the context of another frame, steal
cookie-based  authentication credentials, hijack a user's session and
gain unauthorized access to the affected application. ConPresso CMS
version 4.07 is affected.
Ref: http://www.securityfocus.com/archive/1/500379
______________________________________________________________________

09.5.97 CVE: Not Available
Platform: Web Application
Title: Simple Machine Forum Package Upload Multiple HTML Injection
Vulnerabilities
Description: Simple Machines Forum (SMF) is an open-source web forum
that is written in PHP. It will run on most Unix and Linux variants as
well as Microsoft Windows. The application is exposed to multiple HTML
injection issues because it fails to properly sanitize user-supplied
input before using it in dynamically generated content. These issues
occur in the "Sources/PackageGet.php" script. Simple Machine Forum
version 1.1.7 is affected.
Ref: http://www.securityfocus.com/bid/33450
______________________________________________________________________

09.5.98 CVE: Not Available
Platform: Web Application
Title: SiteXS CMS "type" Parameter Local File Include
Description: SiteXS CMS is a PHP-based content manager. The
application is exposed to a local file include issue because it fails
to properly sanitize user-supplied input to the "type" parameter of
the "post.php" script. SiteXS CMS version 0.1.1 and earlier are
affected.
Ref: http://www.securityfocus.com/bid/33457
______________________________________________________________________

09.5.99 CVE: Not Available
Platform: Web Application
Title: OpenX "MAX_type" Parameter Local File Include
Description: OpenX is a web-based ad server implemented in PHP. The
application is exposed to a local file include issue because it fails
to properly sanitize user-supplied input to the "MAX_type" parameter
of the "www/delivery/fc.php" script. OpenX version 2.6.3 is affected.
Ref: http://secunia.com/secunia_research/2009-4/
______________________________________________________________________

09.5.100 CVE: Not Available
Platform: Web Application
Title: NewsCMSLite Insecure Cookie Authentication Bypass
Description: NewsCMSLite is a web-based content management system
implemented in ASP. The application is exposed to an authentication
bypass issue because it uses a hard-coded value for comparison in
cookie-based authentication.
Ref: http://www.securityfocus.com/archive/1/500407
______________________________________________________________________

09.5.101 CVE: Not Available
Platform: Web Application
Title: OpenX 2.6.3 Multiple Input Validation Vulnerabilities
Description: OpenX is a web-based ad server implemented in PHP. The
application is exposed to multiple input validation issues. OpenX
version 2.6.3 is affected.
Ref: http://secunia.com/secunia_research/2009-4/
______________________________________________________________________

09.5.102 CVE: Not Available
Platform: Web Application
Title: Pixie CMS Multiple Local File Include Vulnerabilities
Description: Pixie CMS is PHP-based content manager. The application
is exposed to multiple local file include issues because it fails to
properly sanitize user-supplied input. Pixie CMS version 1.0 is
affected.
Ref: http://www.securityfocus.com/bid/33475
______________________________________________________________________

09.5.103 CVE: Not Available
Platform: Web Application
Title: Flaxweb Article Manager Avatar Arbitrary File Upload
Description: Flaxweb Article Manager is a content manager application.
The application is exposed to an issue that lets attackers upload
arbitrary files. The problem occurs because the avatar upload
component fails to properly validate contents of an uploaded file.
Flaxweb Article Manager version 1.1 is affected.
Ref: http://www.securityfocus.com/bid/33476
______________________________________________________________________

09.5.104 CVE: Not Available
Platform: Web Application
Title: VirtueMart Prior to 1.1.3 Multiple Security Vulnerabilities
Description: VirtueMart is a web-based shopping application. The
application is exposed to multiple security issues. Attackers can
exploit these issues to compromise the application, access or modify
data, exploit latent vulnerabilities in the underlying database,
execute arbitrary script code in the browser of an unsuspecting user,
steal cookie-based authentication credentials, and execute arbitrary
commands in the context of the webserver process.
Ref: http://www.waraxe.us/advisory-71.html
______________________________________________________________________

09.5.105 CVE: Not Available
Platform: Web Application
Title: Anantasoft Gazelle CMS Local File Include
Description: Gazelle CMS is a web-based content manager. The
application is exposed to a local file include issue because it fails
to properly sanitize user-supplied input to the "template" parameter.
Ref: http://www.securityfocus.com/bid/33483
______________________________________________________________________

09.5.106 CVE: Not Available
Platform: Web Application
Title: GameScript "page.php" Local File Include
Description: GameScript is a PHP-based gaming content management
system. The application is exposed to a local file include issue
because it fails to properly sanitize user-supplied input to the
"page" parameter of the "page.php" script. GameScript version 4.6 is
affected.
Ref: http://www.securityfocus.com/bid/33488
______________________________________________________________________

09.5.107 CVE: Not Available
Platform: Web Application
Title: Horde Products Local File Include and Cross-Site Scripting
Vulnerabilities
Description: Horde products are exposed to the multiple issues because
they fail to properly sanitize user-supplied input. Horde versions
prior to 3.2.4 and 3.3.3 and Horde Groupware versions prior to 1.1.5
are affected.
Ref: http://lists.horde.org/archives/announce/2009/000486.html
______________________________________________________________________

09.5.108 CVE: Not Available
Platform: Web Application
Title: Horde IMP Webmail Client Cross-Site Scripting and HTML
Injection Vulnerabilities
Description: IMP is a set of PHP scripts designed to implement a
web-based IMAP email interface. Horde IMP Webmail Client is exposed to
multiple cross-site scripting and HTML injection issues because it
fails to sufficiently sanitize user-supplied data. IMP versions prior
to 4.2.2 and 4.3.3 are affected.
Ref: http://lists.horde.org/archives/announce/2009/000484.html
______________________________________________________________________

09.5.109 CVE: Not Available
Platform: Network Device
Title: Sony Ericsson Multiple Phone Models WAP Push Remote Denial of
Service
Description: Sony Ericsson provides various mobile phones and other
devices. Multiple Sony Ericsson phones are exposed to a denial of
service issue because they fail to handle specially crafted network
traffic. This issue can occur when the device receives WAP Push
packets via SMS, or via UDP port 2948.
Ref: http://www.securityfocus.com/archive/1/500382
______________________________________________________________________

09.5.110 CVE: Not Available
Platform: Network Device
Title: Siemens SL2-141 ADSL Router Cross-Site Request Forgery
Description: The Siemens SL2-141 ADSL router is a network device
designed for home use. The router is exposed to a cross-site
request forgery issue. Although the device requires authenticated
requests include a generated token, attackers may enumerate all
possible values for this token.
Ref: http://www.securityfocus.com/bid/33437
______________________________________________________________________
[ terug ]