Home
Systeembeheer
Consultancy
Connectivity
Training
Development

Klanten

Inloggen

Resources

Sans artikelen
Security artikelen

Software

Linux
Windows









[ terug ]
*************************************************************************
	    @RISK: The Consensus Security Vulnerability Alert
January 22, 2009                                          Vol. 8. Week 04
*************************************************************************
@RISK is the SANS community's consensus bulletin summarizing the most
important vulnerabilities and exploits identified during the past week
and providing guidance on appropriate actions to protect your systems
(PART I). It also includes a comprehensive list of all new
vulnerabilities discovered in the past week (PART II).

Summary of Updates and Vulnerabilities in this Consensus
Platform                        Number of Updates and Vulnerabilities
- ------------------------        -------------------------------------
Windows                                      1
Other Microsoft Products                     1
Third Party Windows Apps                    12 (#2, #3)
Linux                                        2
Solaris                                      2
Unix                                         1
Cross Platform                              25 (#1, #4)
Web Application - Cross Site Scripting       4
Web Application - SQL Injection             23
Web Application                             30
Network Device                               7

******************** Sponsored By Sourcefire, Inc. *********************

SANS Real-time Adaptive Security White Paper 

Real-time Adaptive Security is the next step beyond an IPS
implementation.  It gives you full network visibility, provides context
around events so you know which ones to investigate first, reduces your
false positives dramatically, offers automated impact assessment,
introduces automated IPS tuning, and more.  Let SANS tell you how.
http://www.sans.org/info/37493
*************************************************************************
TRAINING UPDATE
- - SANS 2009 in Orlando in early March - the largest security training
conference and expo in the world. lots of evening sessions:
http://www.sans.org/
- - Looking for training in your own Community?  http://sans.org/community/
For a list of all upcoming events, on-line and live: www.sans.org
*************************************************************************

Table Of Contents
Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)
Widely Deployed Software
(1) CRITICAL: Apple QuickTime Multiple Vulnerabilities
(2) HIGH: Symantec AppStream Client ActiveX Control Multiple Vulnerabilities
(3) HIGH: Fujitsu Systemcast Wizard Lite Buffer Overflow
(4) MODERATE: Ralink Multiple Wireless Interfaces Remote Code Execution

************************  SPONSORED LINKS  ******************************
1) Take part in the SANS 5th Annual Log Management Survey: A Leading
Source for Actionable Data on Key Issues and Trends.
http://www.sans.org/info/37498

2) Visit the SANS Vendor Demo resource page to see the latest INFOSEC
products & solutions in action!
http://www.sans.org/info/37503

*************************************************************************
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from
Qualys (www.qualys.com)

 -- Windows
09.4.1 - Microsoft Windows Mobile OBEX FTP Service Directory Traversal
 -- Other Microsoft Products
09.4.2 - Microsoft IIS HTTP TRACK Method Information Disclosure
 -- Third Party Windows Apps
09.4.3 - RealVNC 4.1.2 "vncviewer.exe" RFB Protocol Remote Code Execution
09.4.4 - Easy Grid ActiveX Multiple Arbitrary File Overwrite Vulnerabilities
09.4.5 - TFTPUtil GUI TFTP GET Request Directory Traversal
09.4.6 - Symantec AppStream Client "LaunchObj" ActiveX Control Arbitrary File
Download
09.4.7 - TFTPUtil GUI Malformed Packet Remote Denial of Service
09.4.8 - TimeTools NTP Time Server Syslog Monitor Remote Denial of Service
09.4.9 - MetaProducts MetaTreeX ActiveX Control "SaveToBMP()" Arbitrary File
Overwrite
09.4.10  - Excel Viewer OCX ActiveX "open()" Buffer Overflow
09.4.11  - JamDTA ActiveX Control "SaveToFile()" Arbitrary File Overwrite
09.4.12  - SmartVMD ActiveX Control "SaveMaskToFile()" Arbitrary File Overwrite
09.4.13  - SmartVMD ActiveX Control "StartVideoSaving()" Method Arbitrary File
Delete
09.4.14  - easyHDR Pro 1.60.2 Multiple Buffer Overflow Vulnerabilities
 -- Linux
09.4.15  - Linux Kernel 64 Bit ABI System Call Parameter Privilege Escalation
09.4.16  - Linux Kernel "keyctl_join_session_keyring()" Denial of Service
 -- Solaris
09.4.17  - Sun OpenSolaris "posix_fallocate(3C)" System Call Local Denial of
Service
09.4.18  - Sun Solaris "lpadmin" and "ppdmgr" Local Denial of Service
 -- Unix
09.4.19  - Red Hat Certificate System Multiple Local Information Disclosure
Vulnerabilities
 -- Cross Platform
09.4.20  - IBM DB2 Remote Denial of Service Vulnerabilities
09.4.21  - Cisco IOS HTTP Server Multiple Cross-Site Scripting Vulnerabilities
09.4.22  - Sun Java System Access Manager Information Disclosure
09.4.23  - Sun Java System Access Manager "sub-realm" Privilege Escalation
09.4.24  - Cisco IronPort Encryption Appliance and PostX Multiple Remote
Vulnerabilities
09.4.25  - Multiple Browsers JavaScript Engine Cross Domain Information
Disclosure
09.4.26  - NetSurf Multiple Memory Corruption Vulnerabilities
09.4.27  - Sun SPARC Enterprise Server Authentication Bypass
09.4.28  - Multiple Avira AntiVir Products "CreateProcess()" Local Privilege
Escalation
09.4.29  - "nfs-utils" Package for Fedora 9 and 10 TCP Wrappers Security Bypass
09.4.30  - Ganglia gmetad "process_path()" Remote Stack Buffer Overflow
09.4.31  - Git Snapshot Generation and Pickaxe Search Arbitrary Command
Injection
09.4.32  - PDFjam Multiple Unspecified Security Vulnerabilities
09.4.33  - Trend Micro Multiple Products Network Security Component Modules
Multiple Vulnerabilities
09.4.34  - ICEsoft Technologies ICEbrowser Remote Denial of Service
09.4.35  - FFmpeg File Parsing Multiple Buffer Overflow Vulnerabilities
09.4.36  - Syslserve Remote Denial of Service
09.4.37  - Sophos TAO/Remote Management System (RMS) GIOP Message Remote Denial
of Service
09.4.38  - dkim-milter "p" flag Remote Denial of Service
09.4.39  - Fujitsu Systemcast Wizard Lite PXE Request Remote Buffer Overflow
09.4.40  - QNX RTOS Malformed ELF Binary File Local Denial Of Service
09.4.41  - Oracle Application Server Oracle Containers for J2EE Directory
Traversal
09.4.42  - OpenSG "OSGHDRImageFileType.cpp" Radiance RGBE File Stack Buffer
Overflow
09.4.43  - xrdp "xrdp_bitmap_def_proc()" Memory Corruption
09.4.44  - Total Video Player "DefaultSkin.ini" Remote Buffer Overflow
 -- Web Application - Cross Site Scripting
09.4.45  - 53KF Web IM "msg" Parameter Cross-Site Scripting
09.4.46  - Apache Jackrabbit "q" Parameter Multiple Cross-Site Scripting
Vulnerabilities
09.4.47  - MoinMoin "AttachFile.py" Cross-Site Scripting
09.4.48  - Horde XSS Filter Cross-Site Scripting
 -- Web Application - SQL Injection
09.4.49  - Netvolution CMS "default.asp" SQL Injection
09.4.50  - Dark Age CMS "login.php" SQL Injection
09.4.51  - Syzygy CMS "login.php" SQL Injection
09.4.52  - Eventing Component for Joomla! "com_eventing" SQL Injection
09.4.53  - Joomla! RD-Autos Component SQL Injection
09.4.54  - Free Bible Search "readbible.php" SQL Injection
09.4.55  - Blue Eye CMS "clanek" Parameter SQL Injection
09.4.56  - LinksPro "OrderDirection" Parameter SQL Injection
09.4.57  - Masir Camp "SearchKeywords" Parameter SQL Injection
09.4.58  - w3bcms "admin/index.php" SQL Injection
09.4.59  - eFAQ Login SQL Injection
09.4.60  - WarHound Walking Club "login.aspx" Multiple SQL Injection
Vulnerabilities
09.4.61  - WarHound Ping IP "admin.aspx" Multiple SQL Injection Vulnerabilities
09.4.62  - eReservations Login SQL Injection
09.4.63  - ActionCalendar "admin.asp" Multiple SQL Injection Vulnerabilities
09.4.64  - BibCiter Multiple SQL Injection Vulnerabilities
09.4.65  - Joomla! and Mambo gigCalendar Component "id" Parameter SQL Injection
09.4.66  - AV Book Library Multiple SQL Injection Vulnerabilities
09.4.67  - Joomla! and Mambo "com_pccookbook" Component "recipe_id" Parameter
SQL Injection
09.4.68  - Joomla! and Mambo "com_news" Component "id" Parameter SQL Injection
09.4.69  - Joomla! WATicketSystem Component "catid" SQL Injection
09.4.70  - AJ Auction Pro OOPD "id" Parameter SQL Injection
09.4.71  - Goople CMS "password" Parameter SQL Injection
 -- Web Application
09.4.72  - phpList "admin/index.php" Local File Include
09.4.73  - PHP Photo Album "preview" Parameter Local File Include
09.4.74  - DMXReady SDK Arbitrary File Download
09.4.75  - Drupal Notify Module Security Bypass
09.4.76  - Drupal Internationalizaion Module Security Bypass
09.4.77  - Drupal Security Bypass Vulnerability and SQL Injection Weakness
09.4.78  - AN Guestbook "country" Parameter HTML Injection
09.4.79  - DMXReady Billboard Manager "upload_document.asp" Arbitrary File
Upload
09.4.80  - MKPortal Multiple Security Vulnerabilities
09.4.81  - Red Hat Squirrelmail Package Session Management
09.4.82  - Ninja Blog Comments HTML Injection
09.4.83  - GNUBoard "common.php" Remote File Include
09.4.84  - Active Auction "search" Parameter SQL Injection and Cross-Site
Scripting Vulnerabilities
09.4.85  - DMXReady Blog Manager "inc_weblogmanager.asp" Cross-Site Scripting
and SQL Injection Vulnerabilities
09.4.86  - Active Bids Multiple SQL Injection and Cross-Site Scripting
Vulnerabilities
09.4.87  - RankEm "rankup.asp" Cookie Manipulation and Cross-Site Scripting
Vulnerabilities
09.4.88  - BlogIt! "index.asp" SQL Injection and Cross-Site Scripting
Vulnerabilities
09.4.89  - Simple PHP Newsletter "olang" Parameter Multiple Local File Include
Vulnerabilities
09.4.90  - Multiple AJ Classifieds Scripts "index.php" Arbitrary File Upload
09.4.91  - WSS-PRO SCMS "index.php" Local File Include
09.4.92  - FhImage "g_desc" Parameter Remote Command Execution
09.4.93  - Enhanced Simple PHP Gallery Directory Traversal
09.4.94  - WebSVN Known Path Access Restriction Security Bypass
09.4.95  - Ninja Blog "cat" Parameter Directory Traversal
09.4.96  - streber Prior to 0.09 Multiple Unspecified Security Vulnerabilities
09.4.97  - Max.Blog "delete.php" Delete Post Authentication Bypass
09.4.98  - Dodo's Quiz Script "dodosquiz.php" Local File Include
09.4.99  - RoundCube Webmail Background Attributes Email Message HTML Injection
09.4.100 - LinPHA Photo Gallery "lib/lang/language.php" Remote Command Execution
09.4.101 - TYPO3 Multiple Remote Vulnerabilities
 -- Network Device
09.4.102 - Cisco ONS Control Card Remote Denial of Service
09.4.103 - Cisco Unified IP Phone 7960G and 7940G RTP Remote Denial of Service
09.4.104 - Multiple Avira Products RAR Handling Remote Denial Of Service
09.4.105 - WowWee Rovio Access Control Multiple Unauthorized Access
Vulnerabilities
09.4.106 - IBM Hardware Management Console (HMC) Unspecified
09.4.107 - Sagem F@st 2404 Router "restoreinfo.cgi" Unauthorized Access
09.4.108 - Multiple Ralinktech Wireless Drivers MAC/BSS/SSID Integer Overflow

______________________________________________________________________

PART I Critical Vulnerabilities
Part I for this issue has been compiled by Rob King at TippingPoint, a
division of 3Com, as a by-product of that company's continuous effort
to ensure that its intrusion prevention products effectively block
exploits using known vulnerabilities. TippingPoint's analysis is
complemented by input from a council of security managers from twelve
large organizations who confidentially share with SANS the specific
actions they have taken to protect their systems. A detailed description
of the process may be found at
http://www.sans.org/newsletters/cva/#process

*****************************
Widely Deployed Software
*****************************

(1) CRITICAL: Apple QuickTime Multiple Vulnerabilities
Affected:
Apple QuickTime versions prior to 7.6

Description: QuickTime is Apple's streaming media framework for their
Mac OS X and Microsoft's Windows operating systems. It contains multiple
vulnerabilities in its handling of a variety of media files and Real
Time Streaming Protocol (RTSP) URLs. A specially crafted media file or
URL could trigger one of these vulnerabilities. Successfully exploiting
one of these vulnerabilities would allow an attacker to execute
arbitrary code with the privileges of the current user. Note that, by
default, most QuickTime-supported media files are opened upon receipt,
without first prompting the user. QuickTime is installed by default on
all Apple Mac OS systems, and is installed as part of a variety of Apple
products for Microsoft Windows, including iTunes.

Status: Vendor confirmed, updates available.

References:
Zero Day Initiative Advisories
http://zerodayinitiative.com/advisories/ZDI-09-007/
http://zerodayinitiative.com/advisories/ZDI-09-006/
http://zerodayinitiative.com/advisories/ZDI-09-005/
Apple Security Advisory
http://support.apple.com/kb/HT3403
Product Home Page
http://www.apple.com/quicktime
SecurityFocus BIDs
http://www.securityfocus.com/bid/33386
http://www.securityfocus.com/bid/33389
http://www.securityfocus.com/bid/33393
http://www.securityfocus.com/bid/33384
http://www.securityfocus.com/bid/33390
http://www.securityfocus.com/bid/33387
http://www.securityfocus.com/bid/33388
http://www.securityfocus.com/bid/33385

***************************************************

(2) HIGH: Symantec AppStream Client ActiveX Control Multiple Vulnerabilities
Affected:
Symantec AppStream Client versions prior to 5.2.2 SP3 MP1

Description: AppStream is a popular enterprise application and data
streaming application from Symantec. Part of its functionality is
provided by an ActiveX control. This control contains multiple
vulnerabilities in its handling of a variety of methods. A specially
crafted web page that instantiated this control could exploit one of
these vulnerabilities to execute arbitrary code with the privileges of
the current user. Some technical details for these vulnerabilities are
publicly available.

Status: Vendor confirmed, updates available. Users can mitigate the
impact of this vulnerability by disabling the affected control via
Microsoft's "kill bit" mechanism using CLSID
"3356DB7C-58A7-11D4-AA5C-006097314BF8". Note that this could affect
normal application functionality.

References:
US-CERT Vulnerability Note
http://www.kb.cert.org/vuls/id/194505
Secunia Security Advisory
http://secunia.com/advisories/33582/
Microsoft Knowledge Base Article (details the "kill bit" mechanism)
http://support.microsoft.com/kb/240797
Product Home Page
http://www.appstream.com/
SecurityFocus BID
http://www.securityfocus.com/bid/33247

***************************************************

(3) HIGH: Fujitsu Systemcast Wizard Lite Buffer Overflow
Affected:
Fujitsu Systemcast Wizard Lite versions prior to 2.0

Description: Fujitsu Systemcast Wizard Lite is a software setup
component and part of the PRIMEQUEST software suite from Fujitsu. It
contains a buffer overflow vulnerability in its handling of
Pre-Execution Environment (PXE) requests. A specially crafted request
could trigger this buffer overflow. Successfully exploiting this buffer
overflow would allow an attacker to execute arbitrary code with the
privileges of the vulnerable application (often SYSTEM). Full technical
details are publicly available for this vulnerability.

Status: Vendor confirmed, updates available.

References:
Wintercore Security Advisory
http://www.wintercore.com/advisories/advisory_W010109.html
Fujitsu Tools Download Page
http://www.fujitsu.com/global/services/computing/server/primequest/downloads/
tools/
SecurityFocus BID
http://www.securityfocus.com/bid/33342

***************************************************

(4) MODERATE: Ralink Multiple Wireless Interfaces Remote Code Execution
Affected:
Ralink multiple wireless network interface devices

Description: Ralink is a popular manufacturer of wireless network
interface devices and chipsets. Several of its drivers, for multiple
platforms, are reported to be vulnerable to integer overflows in their
processing of wireless network data. A specially crafted 802.11 (WiFi)
network frame could trigger one of these vulnerabilities. Successfully
exploiting one of these vulnerabilities would allow an attacker to
execute arbitrary code with kernel-level privileges. The attacker need
not be a member of the same wireless network as the victim, but merely
needs to be within wireless networking range. Some technical details are
publicly available for this vulnerability. Note that this vulnerability
has not yet been confirmed.

Status: Vendor has not confirmed, no updates available.

References:
Posting by Aviv
http://www.securityfocus.com/archive/1/500168
Vendor Home Page
http://www.ralinktech.com
SecurityFocus BID
http://www.securityfocus.com/bid/33340

*******************************************************

Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 4, 2009

This list is compiled by Qualys ( www.qualys.com ) as part of that
company's ongoing effort to ensure its vulnerability management web
service tests for all known vulnerabilities that can be scanned. As of
this week Qualys scans for 5549 unique vulnerabilities. For this special
SANS community listing, Qualys also includes vulnerabilities that cannot
be scanned remotely.

_____________________________________________________________________

09.4.1 CVE: Not Available
Platform: Windows
Title: Microsoft Windows Mobile OBEX FTP Service Directory Traversal
Description: OBEX FTP service is a file transfer protocol service
available for mobile devices running Microsoft Windows Mobile. This
service is implemented in the Microsoft Bluetooth stack. Windows
Mobile is exposed to a directory traversal issue in the OBEX FTP
service because the application fails to sufficiently sanitize
user-supplied data to the "-c" command-line parameter. Windows Mobile
versions 5.0 and 6.0 are affected.
Ref: http://www.securityfocus.com/archive/1/500199
______________________________________________________________________

09.4.2 CVE: CVE-2003-1567
Platform: Other Microsoft Products
Title: Microsoft IIS HTTP TRACK Method Information Disclosure
Description: Microsoft Internet Information Service (IIS) is a
webserver available for Microsoft Windows. IIS is exposed to an
information disclosure issue because the undocumented TRACK method
echoes the contents of HTTP requests in its responses to clients. IIS
version 5.0 is vulnerable.
Ref: http://www.kb.cert.org/vuls/id/288308
______________________________________________________________________

09.4.3 CVE: CVE-2008-4770
Platform: Third Party Windows Apps
Title: RealVNC 4.1.2 "vncviewer.exe" RFB Protocol Remote Code
Execution
Description: RealVNC (Virtual Network Computing) allows users to
access remote computers for administration purposes. RealVNC Viewer is
exposed to a remote code execution issue because it fails to properly
validate server-supplied RFB protocol data. RealVNC version 4.1.2 is
affected.
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-248526-1
______________________________________________________________________

09.4.4 CVE: Not Available
Platform: Third Party Windows Apps
Title: Easy Grid ActiveX Multiple Arbitrary File Overwrite
Vulnerabilities
Description: Easy Grid ActiveX is a spreadsheet ActiveX control. Easy
Grid ActiveX control is exposed to multiple issues that allow
attackers to overwrite files with arbitrary, attacker-supplied
content. Easy Grid ActiveX version 3.51 is affected.
Ref: http://support.microsoft.com/kb/240797
______________________________________________________________________

09.4.5 CVE: Not Available
Platform: Third Party Windows Apps
Title: TFTPUtil GUI TFTP GET Request Directory Traversal
Description: TFTPUtil GUI is a TFTP application available for
Microsoft Windows. The application is exposed to a directory traversal
issue because it fails to sufficiently sanitize user-supplied input to
TFTP GET requests. TFTPUtil GUI 1.2.0 and 1.3.0 are vulnerable; other
versions may also be affected.
Ref: http://www.securityfocus.com/archive/1/500106
______________________________________________________________________

09.4.6 CVE: CVE-2008-4388
Platform: Third Party Windows Apps
Title: Symantec AppStream Client "LaunchObj" ActiveX Control Arbitrary
File Download
Description: Symantec AppStream Client is an application that allows
users to deploy and manage application licenses. AppStream Client is
exposed to an issue that can allow malicious files to be downloaded
and saved to arbitrary locations on an affected computer. This issue
occurs because the application fails to validate user-supplied data.
Ref: http://www.symantec.com/avcenter/security/Content/2009.01.15.html
______________________________________________________________________

09.4.7 CVE: Not Available
Platform: Third Party Windows Apps
Title: TFTPUtil GUI Malformed Packet Remote Denial of Service
Description: TFTPUtil GUI is a TFTP server application available for
Microsoft Windows. The application is exposed to a remote denial of
service issue that occurs when handling TFTP server requests
containing an excessively large filename. TFTPUtil GUI versions 1.2.0
and 1.3.0 are affected.
Ref: http://www.securityfocus.com/archive/1/500107
______________________________________________________________________

09.4.8 CVE: Not Available
Platform: Third Party Windows Apps
Title: TimeTools NTP Time Server Syslog Monitor Remote Denial of
Service
Description: TimeTools NTP Time Server Syslog Monitor is an
application for Windows platforms for managing syslog entries. The
application is exposed to a remote denial of service issue because it
fails to handle user-supplied input.
Ref: http://www.securityfocus.com/archive/1/500108
______________________________________________________________________

09.4.9 CVE: Not Available
Platform: Third Party Windows Apps
Title: MetaProducts MetaTreeX ActiveX Control "SaveToBMP()" Arbitrary
File Overwrite
Description: MetaTreeX is an ActiveX control for displaying
information in graphs on a web page. The application is exposed to an
issue that allows attackers to overwrite files with arbitrary,
attacker-supplied content. MetaTreeX ActiveX control version 1.5.100
is affected.
Ref: http://support.microsoft.com/kb/240797
______________________________________________________________________

09.4.10 CVE: Not Available
Platform: Third Party Windows Apps
Title: Excel Viewer OCX ActiveX "open()" Buffer Overflow
Description: Excel Viewer OCX is an ActiveX control that allows users
to view and interact with Microsoft Excel documents in Win Forms or
webpages. The application is exposed to a buffer overflow issue
because it fails to properly bounds check user-supplied data before
copying it into an insufficiently sized memory buffer. Excel Viewer
OCX versions 3.1 and 3.2 are affected.
Ref: http://www.securityfocus.com/bid/33327
______________________________________________________________________

09.4.11 CVE: Not Available
Platform: Third Party Windows Apps
Title: JamDTA ActiveX Control "SaveToFile()" Arbitrary File Overwrite
Description: JamDTA is ActiveX control that allows users to create
DTA/DTAUS files that contain information about money transfers. The
application is exposed to an issue that allows attackers to overwrite
files with arbitrary, attacker-supplied content. JamDTA version 4.0.4
is affected.
Ref: http://support.microsoft.com/kb/240797
______________________________________________________________________

09.4.12 CVE: Not Available
Platform: Third Party Windows Apps
Title: SmartVMD ActiveX Control "SaveMaskToFile()" Arbitrary File
Overwrite
Description: SmartVMD ActiveX control is a video motion detection
control. The application is exposed to an issue that allows attackers
to overwrite files with arbitrary, attacker-supplied content. SmartVMD
version 1.1 is affected.
Ref: http://www.securityfocus.com/bid/33348
______________________________________________________________________

09.4.13 CVE: Not Available
Platform: Third Party Windows Apps
Title: SmartVMD ActiveX Control "StartVideoSaving()" Method Arbitrary
File Delete
Description: SmartVMD is an application for video motion detection.
The ActiveX control is exposed to an issue that lets attackers delete
arbitrary files on the affected computer. SmartVMD version 1.1 is
affected.
Ref: http://www.securityfocus.com/bid/33346
______________________________________________________________________

09.4.14 CVE: Not Available
Platform: Third Party Windows Apps
Title: easyHDR Pro 1.60.2 Multiple Buffer Overflow Vulnerabilities
Description: easyHDR Pro is an image processing application available
for Microsoft Windows. The application is exposed to multiple buffer
overflow issues because it fails to perform adequate boundary checks
on user-supplied data. easyHDR Pro version 1.60.2 is affected.
Ref: http://www.securityfocus.com/archive/1/500192
______________________________________________________________________

09.4.15 CVE: CVE-2009-0029
Platform: Linux
Title: Linux Kernel 64 Bit ABI System Call Parameter Privilege
Escalation
Description: The Linux Kernel is exposed to a local privilege
escalation issue because the software fails to properly validate
userland arguments to 64-bit Application Binary Interface (ABI) system
calls. Linux version 2.6 on some 64-bit architectures, including s390,
PowerPC, SPARC64, and MIPS is affected.
Ref: https://bugzilla.redhat.com/show_bug.cgi?id=479969
______________________________________________________________________

09.4.16 CVE: CVE-2009-0031
Platform: Linux
Title: Linux Kernel "keyctl_join_session_keyring()" Denial of Service
Description: The Linux kernel is exposed to a denial of service issue
because it fails to manage memory in a proper manner. This issue
occurs because of a memory leak in the "keyctl_join_session_keyring()"
function of the "security/keys/keyctl.c" source file. Linux kernel
2.6.x versions are affected.
Ref:
http://git2.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=
0d54ee1c7850a954026deec4cd4885f331da35cc
______________________________________________________________________

09.4.17 CVE: Not Available
Platform: Solaris
Title: Sun OpenSolaris "posix_fallocate(3C)" System Call Local Denial
of Service
Description: Sun OpenSolaris is a UNIX-based operating system.
OpenSolaris is exposed to a local denial of service issue.
Specifically, an unspecified problem occurs in the
"posix_fallocate(3C)" system call that can allow local users to panic
the system, effectively denying service to legitimate users.
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-239188-1
______________________________________________________________________

09.4.18 CVE: Not Available
Platform: Solaris
Title: Sun Solaris "lpadmin" and "ppdmgr" Local Denial of Service
Description: Sun Solaris is a UNIX-based operating system. Solaris is
exposed to a local denial of service issue. Specifically, an
unspecified problem exists in the "lpadmin(1M)" and "ppdmgr(1M)" print
utilities in certain unspecified circumstances.
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-249306-1
______________________________________________________________________

09.4.19 CVE: CVE-2008-2367, CVE-2008-2368
Platform: Unix
Title: Red Hat Certificate System Multiple Local Information
Disclosure Vulnerabilities
Description: Red Hat Certificate System (RHCS) is an enterprise-level
Public Key Infrastructure (PKI) deployment manager. The application is
exposed to multiple information disclosure issues because of insecure
storage of authentication credentials.
Ref: https://bugzilla.redhat.com/show_bug.cgi?id=452000
______________________________________________________________________

09.4.20 CVE: Not Available
Platform: Cross Platform
Title: IBM DB2 Remote Denial of Service Vulnerabilities
Description: IBM DB2 is a Database Management System. The application
is exposed to multiple remote denial of service issues. Specifically,
the issues occur when processing a malformed "CONNECT" data stream or
other unspecified malformed data streams. IBM DB2 versions prior to 9.1
FP6a and 9.5 FP3a are affected.
Ref: http://www-01.ibm.com/support/docview.wss?uid=swg21363936
______________________________________________________________________

09.4.21 CVE: CVE-2008-3821
Platform: Cross Platform
Title: Cisco IOS HTTP Server Multiple Cross-Site Scripting
Vulnerabilities
Description: Cisco IOS HTTP Server is a webserver for the Cisco IOS
operating system. The application is exposed to multiple cross-site
scripting issues because it fails to sufficiently sanitize
user-supplied input.
Ref: http://www.cisco.com/warp/public/707/cisco-sr-20090114-http.shtml
______________________________________________________________________

09.4.22 CVE: Not Available
Platform: Cross Platform
Title: Sun Java System Access Manager Information Disclosure
Description: Sun Java System Access Manager is an application for
managing secure access to web applications. It was formerly called Sun
Java System Identity Server. The application is exposed to a remote
information disclosure issue because the application may reveal
passwords to remote users who have privileges to access the
administration console.
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-242166-1
______________________________________________________________________

09.4.23 CVE: Not Available
Platform: Cross Platform
Title: Sun Java System Access Manager "sub-realm" Privilege Escalation
Description: Sun Java System Access Manager is an application for
managing secure access to web applications. It was formerly called Sun
Java System Identity Server. Sun Java System Access Manager is exposed
to a privilege escalation issue. Successfully exploiting this issue
may result in the complete compromise of affected applications.
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-249106-1
______________________________________________________________________

09.4.24 CVE: CVE-2009-0053, CVE-2009-0054, CVE-2009-0055,
CVE-2009-0056
Platform: Cross Platform
Title: Cisco IronPort Encryption Appliance and PostX Multiple Remote
Vulnerabilities
Description: Cisco IronPort Encryption Appliance and PostX are email
encryption applications for use with IronPort appliances. The
applications are exposed to multiple issues.
Ref:
http://www.cisco.com/warp/public/707/cisco-sa-20090114-ironport.shtml
______________________________________________________________________

09.4.25 CVE: Not Available
Platform: Cross Platform
Title: Multiple Browsers JavaScript Engine Cross Domain Information
Disclosure
Description: Multiple web browsers are exposed to a cross-domain
information disclosure issue because the applications fail to properly
enforce the same-origin policy. This issue occurs in an unspecified
JavaScript function, and allows malicious JavaScript from one site to
determine all sites the browser is currently logged into.
Ref: http://www.securityfocus.com/bid/33276
______________________________________________________________________

09.4.26 CVE: Not Available
Platform: Cross Platform
Title: NetSurf Multiple Memory Corruption Vulnerabilities
Description: NetSurf is a web browser for RISC and UNIX-like operating
systems. NetSurf is exposed to multiple memory corruption issues.
Successful exploits allow remote attackers to execute arbitrary code
in the context of the affected application. Failed exploit attempts
will likely crash the application. NetSurf version 1.2 is affected.
Ref: http://www.securityfocus.com/bid/33279
______________________________________________________________________

09.4.27 CVE: Not Available
Platform: Cross Platform
Title: Sun SPARC Enterprise Server Authentication Bypass
Description: Sun SPARC Enterprise Server is part of a new generation
of mid-range data center-class systems. The server is exposed to an
authentication bypass issue due to a default configuration error. This
error undermines the security of the root password.
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-249126-1
______________________________________________________________________

09.4.28 CVE: Not Available
Platform: Cross Platform
Title: Multiple Avira AntiVir Products "CreateProcess()" Local
Privilege Escalation
Description: Avira develops antivirus products for various operating
systems. The applications are exposed to a local privilege escalation
issue because they insecurely make a "CreateProcess()" function call.
Ref: http://www.securityfocus.com/archive/1/500124
______________________________________________________________________

09.4.29 CVE: Not Available
Platform: Cross Platform
Title: "nfs-utils" Package for Fedora 9 and 10 TCP Wrappers Security
Bypass
Description: The "nfs-utils" package provides a daemon for the kernel
NFS server and related tools. The application is exposed to a security
bypass issue because it was not properly built with TCP Wrappers
support.
Ref: https://admin.fedoraproject.org/updates/F10/FEDORA-2009-0266
______________________________________________________________________

09.4.30 CVE: Not Available
Platform: Cross Platform
Title: Ganglia gmetad "process_path()" Remote Stack Buffer Overflow
Description: Ganglia is a distributed monitoring system for
high-performance computing systems. The application is exposed to a
remote buffer overflow issue because it fails to perform adequate
boundary checks on user-supplied input.
Ref: http://www.mail-archive.com/ganglia-developers@lists.sourceforge.
net/msg04929.html
______________________________________________________________________

09.4.31 CVE: CVE-2008-5516
Platform: Cross Platform
Title: Git Snapshot Generation and Pickaxe Search Arbitrary Command
Injection
Description: Git is an open source version control application. The
application is exposed to an issue that lets attackers inject
arbitrary commands. The issue occurs because the application fails to
sufficiently sanitize user-supplied input. The issue occurs in the
snapshot generation and pickaxe search functionality.
Ref: http://www.securityfocus.com/bid/33355
______________________________________________________________________

09.4.32 CVE: Not Available
Platform: Cross Platform
Title: PDFjam Multiple Unspecified Security Vulnerabilities
Description: PDFjam is a collection of scripts that are used to add
new functionality to pdfLaTeX. The application is exposed to multiple
issues due to unspecified errors. PDFjam versions prior to 1.21 are
affected.
Ref:
http://freshmeat.net/projects/pdfjam/?branch_id=50084&release_id=292496
______________________________________________________________________

09.4.33 CVE: CVE-2008-3864, CVE-2008-3865, CVE-2008-3866
Platform: Cross Platform
Title: Trend Micro Multiple Products Network Security Component
Modules Multiple Vulnerabilities
Description: Multiple products from Trend Micro are exposed to
multiple security issues that affect the Network Security Component
modules. Successful exploits may allow attackers to crash the
application, execute arbitrary code with SYSTEM privileges, or bypass
security.
Ref:
http://www.trendmicro.com/ftp/documentation/readme/OSCE8.
0_SP1_Patch1_CriticalPatch_3191_Readme.txt
______________________________________________________________________

09.4.34 CVE: Not Available
Platform: Cross Platform
Title: ICEsoft Technologies ICEbrowser Remote Denial of Service
Description: ICEsoft Technologies ICEbrowser is a Java development
browser that renders web content in Java enterprise applications.
ICEbrowser is exposed to a remote denial of service issue when
handling specially crafted web pages. The issue arises when a user
visits a site that supplies a large amount of string values to the
application using the JavaScript "decodeURI()" function. ICEsoft
Technologies ICEbrowser version 6.1.2 running on Novell NetWare 6.5 is
affected.
Ref: http://www.securityfocus.com/bid/33307
______________________________________________________________________

09.4.35 CVE: Not Available
Platform: Cross Platform
Title: FFmpeg File Parsing Multiple Buffer Overflow Vulnerabilities
Description: FFmpeg is an application used to record, convert and
stream audio and video. Since it fails to perform adequate checks on
user-supplied input, the application is exposed to multiple
buffer overflow issues. FFmpeg version 0.4.9 is affected.
Ref: http://www.securityfocus.com/bid/33308
______________________________________________________________________

09.4.36 CVE: Not Available
Platform: Cross Platform
Title: Syslserve Remote Denial of Service
Description: Syslserve is an application for managing syslog entries
for distributed environments. The application is exposed to a remote
denial of service issue because it fails to handle user-supplied
input. Syslserve version 1.058 is affected.
Ref:
http://www.princeofnigeria.org/blogs/index.php/2009/01/15/syslserve-1-058-denial
-of-service-vulner
______________________________________________________________________

09.4.37 CVE: Not Available
Platform: Cross Platform
Title: Sophos TAO/Remote Management System (RMS) GIOP Message Remote
Denial of Service
Description: Sophos Remote Management System (RMS) is an application
within Anti-Virus. TAO is a third-party Object Request Broker used
within RMS. TAO/RMS is exposed to a remote denial of service issue
because it fails to handle very large or corrupt GIOP messages. Remote
Management System versions prior to 3.0.9 are affected.
Ref:
http://www.sophos.com/support/knowledgebase/article/51420.html?_log_from=rss
______________________________________________________________________

09.4.38 CVE: Not Available
Platform: Cross Platform
Title: dkim-milter "p" flag Remote Denial of Service
Description: dkim-milter is a package that consists of two parts: a
plugin for Sendmail and a library for creating DKIM-compliant
applications. The application is exposed to a remote denial of
service issue. An attacker can exploit the issue by sending messages
that contain a key record with an empty "p" flag value. dkim-milter
versions prior to 2.8.1 are affected.
Ref: http://sourceforge.net/project/shownotes.php?release_id=654247
______________________________________________________________________

09.4.39 CVE: Not Available
Platform: Cross Platform
Title: Fujitsu Systemcast Wizard Lite PXE Request Remote Buffer
Overflow
Description: Fujitsu Systemcast Wizard Lite is a support application
for Fujitsu PRIMEQUEST servers. Systemcast Wizard Lite is exposed to a
remote buffer overflow issue because it fails to perform adequate
boundary checks on user-supplied input. Systemcast Wizard Lite
versions 2.0A and earlier are affected.
Ref: http://www.securityfocus.com/archive/1/500172
______________________________________________________________________

09.4.40 CVE: Not Available
Platform: Cross Platform
Title: QNX RTOS Malformed ELF Binary File Local Denial Of Service
Description: QNX RTOS is a realtime operating system available for
various embedded processors. QNX RTOS is exposed to a local denial of
service issue when handling malformed ELF binary files. QNX RTOS
version 6.4.0 is affected.
Ref: http://www.securityfocus.com/bid/33352
______________________________________________________________________

09.4.41 CVE: Not Available
Platform: Cross Platform
Title: Oracle Application Server Oracle Containers for J2EE Directory
Traversal
Description: Oracle Containers for J2EE is the Java runtime component
of Oracle Application Server. The application is exposed to a
directory traversal issue because it fails to sufficiently sanitize
user-supplied input. Oracle Application Server 10g version 10.1.3.1.0
is affected.
Ref: http://www.securityfocus.com/archive/1/500201
______________________________________________________________________

09.4.42 CVE: Not Available
Platform: Cross Platform
Title: OpenSG "OSGHDRImageFileType.cpp" Radiance RGBE File Stack
Buffer Overflow
Description: OpenSG is a portable scenegraph system used to create
realtime graphics programs for virtual reality applications. OpenSG is
exposed to a stack-based buffer overflow issue because it fails to
properly bounds check user-supplied data. OpenSG version 1.8.0 is
affected.
Ref: http://secunia.com/secunia_research/2008-60/
______________________________________________________________________

09.4.43 CVE: CVE-2008-5903
Platform: Cross Platform
Title: xrdp "xrdp_bitmap_def_proc()" Memory Corruption
Description: The "xrdp" program is a remote desktop protocol (RDP)
server. The application is exposed to a memory corruption issue
because it fails to perform adequate checks on user-supplied data. xrdp
versions 0.4.1 and earlier are affected.
Ref: http://openwall.com/lists/oss-security/2009/01/12/3
______________________________________________________________________

09.4.44 CVE: Not Available
Platform: Cross Platform
Title: Total Video Player "DefaultSkin.ini" Remote Buffer Overflow
Description: Total Video Player is a media player. The application is
exposed to a remote buffer overflow issue because it fails to properly
bounds check user-supplied data before copying it to an insufficiently
sized memory buffer. Total Video Player version 1.31 is affected.
Ref: http://www.securityfocus.com/bid/33373
______________________________________________________________________

09.4.45 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: 53KF Web IM "msg" Parameter Cross-Site Scripting
Description: 53KF Web IM is an instant messenger application for use
within a browser. The application is exposed to a cross-site scripting
issue because it fails to sufficiently sanitize user-supplied input.
This issue affects the "msg" parameter in the "sendmsg()" function.
Ref: http://www.securityfocus.com/archive/1/500169
______________________________________________________________________

09.4.46 CVE: CVE-2009-0026
Platform: Web Application - Cross Site Scripting
Title: Apache Jackrabbit "q" Parameter Multiple Cross-Site Scripting
Vulnerabilities
Description: Apache Jackrabbit is an implementation of the Content
Repository for Java Technology API (JCR). The application is exposed
to multiple cross-site scripting issues because it fails to
sufficiently sanitize user-supplied data to the "q" parameter of the
"search.jsp" and "swr.jsp" scripts. Apache Jackrabbit versions prior
to 1.5.2 are affected.
Ref: https://issues.apache.org/jira/browse/JCR-1925
______________________________________________________________________

09.4.47 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: MoinMoin "AttachFile.py" Cross-Site Scripting
Description: MoinMoin is a freely available, open-source wiki written
in Python. It is available for UNIX and Linux platforms. The
application is exposed to cross-site scripting attacks because it
fails to sufficiently sanitize user-supplied input to the "rename"
parameter in the "action/AttachFile.py" source file. MoinMoin versions
prior to 1.8.1 are vulnerable.
Ref: http://www.securityfocus.com/archive/1/500197
______________________________________________________________________

09.4.48 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Horde XSS Filter Cross-Site Scripting
Description: Horde is a suite of applications. The application is
exposed to a cross-site scripting issue because it fails to sanitize
user-supplied input. The issue occurs in the cross-site scripting
filter and only affects Horde running on Internet Explorer. Horde
versions prior to 3.2.3 and 3.3.1 are affected.
Ref: http://lists.horde.org/archives/announce/2008/000472.html
______________________________________________________________________

09.4.49 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Netvolution CMS "default.asp" SQL Injection
Description: Netvolution is an ASP-based content manager. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "bpe_nid" parameter of
the "default.asp" script. Netvolution CMS version 1.0 is affected.
Ref: http://www.securityfocus.com/bid/33259
______________________________________________________________________

09.4.50 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Dark Age CMS "login.php" SQL Injection
Description: Dark Age CMS is a content manager. The application is
exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to "Login" and "Pass" textboxes of the
"login.php" script when logging in to the affected application. Dark
Age CMS version 0.2c beta is affected.
Ref: http://www.securityfocus.com/bid/33271
______________________________________________________________________

09.4.51 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Syzygy CMS "login.php" SQL Injection
Description: Syzygy CMS is a content manager. The application is
exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to "Login" and "Pass" textboxes of the
"login.php" script when logging in to the affected application. Syzygy
CMS version 0.3 is affected.
Ref: http://www.securityfocus.com/bid/33274
______________________________________________________________________

09.4.52 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Eventing Component for Joomla! "com_eventing" SQL Injection
Description: The "com_eventing" component is a plugin for the Joomla!
content manager. The component is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"catid" parameter before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/33296
______________________________________________________________________

09.4.53 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! RD-Autos Component SQL Injection
Description: The RD-Autos component is a plugin for the Joomla!
content manager. The component is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"id" parameter of the "com_rdautos" component before using it an SQL
query. RD-Autos version 1.5.2 is affected.
Ref: http://www.securityfocus.com/bid/33297/references
______________________________________________________________________

09.4.54 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Free Bible Search "readbible.php" SQL Injection
Description: Free Bible Search is a PHP-based application for
searching text contained in the bible. The application is exposed to
an SQL injection issue because it fails to sufficiently sanitize
user-supplied data to the "version" parameter of the "readbible.php"
script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/33301
______________________________________________________________________

09.4.55 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Blue Eye CMS "clanek" Parameter SQL Injection
Description: Blue Eye CMS is a PHP-based content manager. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "clanek" parameter of
the "index.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/33303
______________________________________________________________________

09.4.56 CVE: Not Available
Platform: Web Application - SQL Injection
Title: LinksPro "OrderDirection" Parameter SQL Injection
Description: LinksPro is a web-based application implemented in ASP.
The application is exposed to an SQL injection issue because it fails
to sufficiently sanitize user-supplied data to the "OrderDirection"
parameter of the "default.asp" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/33305
______________________________________________________________________

09.4.57 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Masir Camp "SearchKeywords" Parameter SQL Injection
Description: Masir Camp is a web-based content manager. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "SearchKeywords"
parameter before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/33309
______________________________________________________________________

09.4.58 CVE: Not Available
Platform: Web Application - SQL Injection
Title: w3bcms "admin/index.php" SQL Injection
Description: w3bcms is a PHP-based content manager. The application is
exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "action" parameter of the
"index.php" script.
Ref: http://www.securityfocus.com/bid/33310
______________________________________________________________________

09.4.59 CVE: Not Available
Platform: Web Application - SQL Injection
Title: eFAQ Login SQL Injection
Description: eFAQ is an ASP-based frequently asked question (FAQ)
script. The application is exposed to an SQL injection issue because
it fails to sufficiently sanitize user-supplied data to "username" and
"password" textboxes when logging in to the affected application.
Ref: http://www.securityfocus.com/bid/33316
______________________________________________________________________

09.4.60 CVE: Not Available
Platform: Web Application - SQL Injection
Title: WarHound Walking Club "login.aspx" Multiple SQL Injection
Vulnerabilities
Description: WarHound Walking Club is a web-based application
implemented in ASP. The application is exposed to multiple SQL
injection issues because it fails to sufficiently sanitize
user-supplied data to the "username" and "password" parameters of the
"login.aspx" script.
Ref: http://www.securityfocus.com/bid/33317
______________________________________________________________________

09.4.61 CVE: Not Available
Platform: Web Application - SQL Injection
Title: WarHound Ping IP "admin.aspx" Multiple SQL Injection
Vulnerabilities
Description: WarHound Ping IP is a tool for maintaining a database of
IP addresses for pinging. It is implemented in ASP. The application is
exposed to multiple SQL injection issues because it fails to
sufficiently sanitize user-supplied data to the "username" and
"password" parameters of the "ping/admin.aspx" script.
Ref: http://www.securityfocus.com/bid/33319
______________________________________________________________________

09.4.62 CVE: Not Available
Platform: Web Application - SQL Injection
Title: eReservations Login SQL Injection
Description: eReservations is a web-based reservation application
implemented in ASP. The application is exposed to an SQL injection
issue because it fails to sufficiently sanitize user-supplied data to
"username" and "password" textboxes when logging in to the affected
application.
Ref: http://www.securityfocus.com/bid/33321
______________________________________________________________________

09.4.63 CVE: Not Available
Platform: Web Application - SQL Injection
Title: ActionCalendar "admin.asp" Multiple SQL Injection
Vulnerabilities
Description: ActionCalendar is a web-based application implemented in
ASP. The application is  exposed to multiple SQL injection issues
because it fails to sufficiently sanitize user-supplied data to the
"user" and "pass" parameters of the "admin.asp" script. ActionCalendar
version 1.3 is affected.
Ref: http://www.securityfocus.com/bid/33326
______________________________________________________________________

09.4.64 CVE: Not Available
Platform: Web Application - SQL Injection
Title: BibCiter Multiple SQL Injection Vulnerabilities
Description: BibCiter is a PHP-based content manager for bibliographic
references. The application is exposed to multiple SQL injection
issues because it fails to sufficiently sanitize user-supplied data
before using it in an SQL query. BibCiter version 1.4 is affected.
Ref: http://www.securityfocus.com/bid/33329
______________________________________________________________________

09.4.65 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! and Mambo gigCalendar Component "id" Parameter SQL
Injection
Description: gigCalendar is a PHP-based component for the Joomla! and
Mambo content managers. gigCalendar is exposed to an SQL injection
issue because it fails to sufficiently sanitize user-supplied data to
the "id" parameter of the "com_gigcal" component before using it in an
SQL query. gigCalendar version 1.0 is affected.
Ref: http://www.securityfocus.com/bid/33332
______________________________________________________________________

09.4.66 CVE: Not Available
Platform: Web Application - SQL Injection
Title: AV Book Library Multiple SQL Injection Vulnerabilities
Description: AV Book Library is a PHP-based application. The
application is exposed to multiple SQL injection issues because it
fails to sufficiently sanitize user-supplied data before using it in
an SQL query. AV Book Library versions prior to 1.1 are affected.
Ref:
http://sourceforge.net/tracker/index.php?func=detail&aid=2219743&group_id=209711
&atid=1010816
______________________________________________________________________

09.4.67 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! and Mambo "com_pccookbook" Component "recipe_id"
Parameter SQL Injection
Description: The "com_pccookbook" component is a module for the
Joomla! and Mambo content managers. The application is exposed to an
SQL injection issue because it fails to sufficiently sanitize
user-supplied data to the "recipe_id" parameter of the
"com_pccookbook" module before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/33346
______________________________________________________________________

09.4.68 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! and Mambo "com_news" Component "id" Parameter SQL
Injection
Description: The "com_news" component is a module for the Joomla! and
Mambo content managers. The application is exposed to an SQL injection
issue because it fails to sufficiently sanitize user-supplied data to
the "id" parameter of the "com_news" module before using it in an SQL
query.
Ref: http://www.securityfocus.com/bid/33350
______________________________________________________________________

09.4.69 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! WATicketSystem Component "catid" SQL Injection
Description: WATicketSystem is a ticket system component for the
Joomla! content manager. The application is exposed to an SQL
injection issue because it fails to sufficiently sanitize
user-supplied data to the "catid" parameter of the
"com_waticketsystem" script.
Ref: http://www.securityfocus.com/bid/33353
______________________________________________________________________

09.4.70 CVE: Not Available
Platform: Web Application - SQL Injection
Title: AJ Auction Pro OOPD "id" Parameter SQL Injection
Description: AJ Auction Pro OOPD is a web-based application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "id" parameter of the
"index.php" script when the "do" parameter is set to "search" before
using it in an SQL query. AJ Auction Pro OOPD version 2.3 is affected.
Ref: http://www.securityfocus.com/bid/33366
______________________________________________________________________

09.4.71 CVE: CVE-2009-0121
Platform: Web Application - SQL Injection
Title: Goople CMS "password" Parameter SQL Injection
Description: Goople CMS is a PHP-based content manager. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "password" parameter
of the "frontpage.php" script before using it in an SQL query. Goople
CMS version 1.8.2 is affected.
Ref: http://www.securityfocus.com/bid/33370
______________________________________________________________________

09.4.72 CVE: Not Available
Platform: Web Application
Title: phpList "admin/index.php" Local File Include
Description: phpList is a newsletter manager. The application is
exposed to a local file include issue because it fails to properly
sanitize user-supplied input to the "_SERVER[ConfigFile]" of the
"admin/index.php" script. phpList version 2.10.8 is affected.
Ref: http://www.securityfocus.com/archive/1/500057
______________________________________________________________________

09.4.73 CVE: Not Available
Platform: Web Application
Title: PHP Photo Album "preview" Parameter Local File Include
Description: PHP Photo Album is a web-based photo gallery application.
The application is exposed to a local file include issue because it
fails to properly sanitize user-supplied input to the "preview"
parameter of the "index.php" script. PHP Photo Album version 0.8 Beta
is affected.
Ref: http://www.securityfocus.com/bid/33277
______________________________________________________________________

09.4.74 CVE: Not Available
Platform: Web Application
Title: DMXReady SDK Arbitrary File Download
Description: DMXReady SDK a web-based application implemented in ASP.
The applciation is exposed to an arbitrary file download issue because
it fails to sufficiently sanitize user-supplied input to the
"filelocation" parameter of the "download_link.asp" script before
returning the requested file. DMXReady SDK versions 1.1 and earlier
are affected.
Ref:
http://dmxready.helpserve.com/index.php?_m=news&_a=viewnews&newsid=12
______________________________________________________________________

09.4.75 CVE: Not Available
Platform: Web Application
Title: Drupal Notify Module Security Bypass
Description: The Drupal Notify module is used to subscribe to email
notifications from web sites. The Drupal Notify module is affected by a
security bypass issue. This issue may allow authenticated users to
gain access to the resources with the privileges of another user.
Drupal versions 5.x prior to 5.x-1.2 are affected.
Ref: http://drupal.org/node/359144
______________________________________________________________________

09.4.76 CVE: Not Available
Platform: Web Application
Title: Drupal Internationalizaion Module Security Bypass
Description: The Drupal Internationalizaion module gives sites the
ability to localize content. The module is exposed to a security
bypass issue that may allow attackers to gain access to sensitive
areas of the application without the appropriate privileges. Drupal
Internationalizaion Module versions prior to 5.x-2.5 are affected.
Ref: http://drupal.org/node/358958
______________________________________________________________________

09.4.77 CVE: Not Available
Platform: Web Application
Title: Drupal Security Bypass Vulnerability and SQL Injection Weakness
Description: Drupal is a PHP-based content manager. Drupal is exposed
to a security bypass issue and a weakness that can be used to perform
SQL injection attacks. The security bypass issue stems from an issue
in the Content Translation module. Drupal versions prior to 5.15 and
6.9 are affected.
Ref: http://drupal.org/node/358957
______________________________________________________________________

09.4.78 CVE: Not Available
Platform: Web Application
Title: AN Guestbook "country" Parameter HTML Injection
Description: AN Guestbook is a guest book application. The application
is exposed to an HTML injection issue because it fails to properly
sanitize user-supplied input before using it in dynamically generated
content. AN Guestbook versions prior to 0.7.7 are affected.
Ref: http://sourceforge.net/project/shownotes.php?release_id=653720
______________________________________________________________________

09.4.79 CVE: Not Available
Platform: Web Application
Title: DMXReady Billboard Manager "upload_document.asp" Arbitrary File
Upload
Description: DMXReady Billboard Manager is a web-based bulletin board
application implemented in ASP. The application is exposed to an issue
that lets attackers upload arbitrary files. The problem occurs because
the "upload_document.asp" script only validates the extension of an
uploaded file, not the contents. DMXReady Billboard Manager version
1.1 is affected.
Ref: http://www.securityfocus.com/bid/33295
______________________________________________________________________

09.4.80 CVE: Not Available
Platform: Web Application
Title: MKPortal Multiple Security Vulnerabilities
Description: MKPortal is a PHP-based content manager. The application
is exposed to multiple security issues. MKPortal version 1.2.1 is
affected.
Ref: http://www.securityfocus.com/bid/33300
______________________________________________________________________

09.4.81 CVE: Not Available
Platform: Web Application
Title: Red Hat Squirrelmail Package Session Management
Description: SquirrelMail is a web-based email client. The Red Hat
"squirrelmail" package is exposed to an authentication bypass issue
because of a session-handling error introduced by patches provided by
Red Hat Security Advisory RHSA-2009:0010.
Ref: http://www.securityfocus.com/bid/33354
______________________________________________________________________

09.4.82 CVE: Not Available
Platform: Web Application
Title: Ninja Blog Comments HTML Injection
Description: Ninja Blog is a PHP-based weblog application. The
application is exposed to an HTML injection issue because it fails to
properly sanitize user-supplied input before using it in dynamically
generated content. Ninja Blog version 4.8 is affected.
Ref: http://www.securityfocus.com/bid/33356
______________________________________________________________________

09.4.83 CVE: Not Available
Platform: Web Application
Title: GNUBoard "common.php" Remote File Include
Description: GNUBoard is a PHP-based bulletin board application. The
application is exposed to a remote file include issue because it fails
to sufficiently sanitize user-supplied input to the "g4_path"
parameter of the "common.php" script. GNUBoard version 4.31.03 is
affected.
Ref: http://www.securityfocus.com/bid/33304
______________________________________________________________________

09.4.84 CVE: Not Available
Platform: Web Application
Title: Active Auction "search" Parameter SQL Injection and Cross-Site
Scripting Vulnerabilities
Description: Active Auction is a web-based application. The
application is exposed to multiple input validation issues because it
fails to sufficiently sanitize user-supplied data. Active Auction
House and Active Auction Pro are affected.
Ref: http://www.securityfocus.com/bid/33306
______________________________________________________________________

09.4.85 CVE: Not Available
Platform: Web Application
Title: DMXReady Blog Manager "inc_weblogmanager.asp" Cross-Site
Scripting and SQL Injection Vulnerabilities
Description: DMXReady Blog Manager is ASP-based blog application. The
application is exposed to a cross-site scripting issue and an SQL
injection issue because it fails to sufficiently sanitize
user-supplied input to the "ItemID" parameter of the
"inc_webblogmanager.asp" script.
Ref: http://www.securityfocus.com/archive/1/500146
______________________________________________________________________

09.4.86 CVE: Not Available
Platform: Web Application
Title: Active Bids Multiple SQL Injection and Cross-Site Scripting
Vulnerabilities
Description: Active Bids is a web-based auction script implemented in
ASP. The application is exposed to multiple input validation issues
because it fails to sufficiently sanitize user-supplied input. Active
Bids version 3.5 is affected.
Ref: http://www.securityfocus.com/archive/1/500144
______________________________________________________________________

09.4.87 CVE: Not Available
Platform: Web Application
Title: RankEm "rankup.asp" Cookie Manipulation and Cross-Site
Scripting Vulnerabilities
Description: RankEm is a ASP-based content manager. RankEm is exposed
to a cookie manipulation issue and a cross-site scripting issue
because it fails to sufficiently sanitize user-supplied data to the
"siteID" parameter of the "rankup.asp" script.
Ref: http://www.securityfocus.com/bid/33324
______________________________________________________________________

09.4.88 CVE: Not Available
Platform: Web Application
Title: BlogIt! "index.asp" SQL Injection and Cross-Site Scripting
Vulnerabilities
Description: BlogIt! is a web-based blog application. The application
is exposed to multiple input validation issues. Exploiting these
issues could allow an attacker to steal cookie-based authentication
credentials, compromise the application, access or modify data, or
exploit latent vulnerabilities in the underlying database.
Ref: http://www.securityfocus.com/bid/33325
______________________________________________________________________

09.4.89 CVE: Not Available
Platform: Web Application
Title: Simple PHP Newsletter "olang" Parameter Multiple Local File
Include Vulnerabilities
Description: Simple PHP Newsletter is a mailing list manager. The
application is exposed to multiple local file include issues because
it fails to properly sanitize user-supplied input to the "olang"
parameter of the "mail.php" and "mailbar.php" scripts. Simple PHP
Newsletter version 1.5 is affected.
Ref: http://www.securityfocus.com/bid/33327
______________________________________________________________________

09.4.90 CVE: Not Available
Platform: Web Application
Title: Multiple AJ Classifieds Scripts "index.php" Arbitrary File
Upload
Description: AJ Classifieds Personals, Real Estate and For Sale are
PHP-based classifieds applications. The applications are exposed to an
issue that lets attackers upload arbitrary files. The issue occurs
because the application fails to adequately sanitize file extensions
before uploading files via the "index.php" script when the "do"
parameter is set to "postad".
Ref: http://www.securityfocus.com/bid/33328
______________________________________________________________________

09.4.91 CVE: Not Available
Platform: Web Application
Title: WSS-PRO SCMS "index.php" Local File Include
Description: SCMS (Simple Content Management System) is a PHP-based
content manager. The application is exposed to a local file include
issue because it fails to properly sanitize user-supplied input to the
"p" parameter of the "index.php" script. SCMS version 1.0 is affected.
Ref: http://www.securityfocus.com/bid/33330
______________________________________________________________________

09.4.92 CVE: Not Available
Platform: Web Application
Title: FhImage "g_desc" Parameter Remote Command Execution
Description: FhImage is a PHP-based image gallery script. FhImage is
exposed to an issue that attackers can leverage to execute arbitrary
commands. This issue occurs because the application fails to
adequately sanitize user-supplied input to the "g_desc" parameter of
the "imgconfig/index.php" script when the "mod" parameter is set to
"write". FhImage version 1.2.1 is affected.
Ref: http://www.securityfocus.com/bid/33334
______________________________________________________________________

09.4.93 CVE: Not Available
Platform: Web Application
Title: Enhanced Simple PHP Gallery Directory Traversal
Description: Enhanced Simple PHP Gallery is a PHP-based photo gallery
based on Simple PHP Gallery by Paul Griffin. Enhanced Simple PHP
Gallery is exposed to a directory traversal issue because it fails to
sufficiently sanitize user-supplied input to the "file" parameter of
the "comment.php" script. Enhanced Simple PHP Gallery version 1.72 is
affected.
Ref: http://www.securityfocus.com/bid/33335
______________________________________________________________________

09.4.94 CVE: Not Available
Platform: Web Application
Title: WebSVN Known Path Access Restriction Security Bypass
Description: WebSVN is an online SVN repository viewer. The
application is exposed to a security bypass issue because it fails to
properly implement access control mechanisms. WebSVN versions prior to
2.1 are affected.
Ref: http://permalink.gmane.org/gmane.comp.security.oss.general/1390
______________________________________________________________________

09.4.95 CVE: Not Available
Platform: Web Application
Title: Ninja Blog "cat" Parameter Directory Traversal
Description: Ninja Blog is a PHP-based content management application.
The application is exposed to a directory traversal issue because it
fails to sufficiently sanitize user-supplied input to the "cat"
parameter of the "index.php" script. Ninja Blog version 4.8 is
affected.
Ref: http://www.push55.co.uk/index.php?s=ad&id=6
______________________________________________________________________

09.4.96 CVE: Not Available
Platform: Web Application
Title: streber Prior to 0.09 Multiple Unspecified Security
Vulnerabilities
Description: streber is a PHP-based project management application.
The application is exposed to multiple remote security issues caused
by unspecified errors. streber versions prior to 0.09 are affected.
Ref: http://www.securityfocus.com/bid/33364
______________________________________________________________________

09.4.97 CVE: Not Available
Platform: Web Application
Title: Max.Blog "delete.php" Delete Post Authentication Bypass
Description: Max.Blog is a web application. Max.Blog is exposed to an
authentication bypass issue because it fails to properly enforce
privilege requirements when deleting blog posts. This issue affects
the "delete.php" script. Max.Blog version 1.0.6 is affected.
Ref: http://www.securityfocus.com/bid/33368
______________________________________________________________________

09.4.98 CVE: Not Available
Platform: Web Application
Title: Dodo's Quiz Script "dodosquiz.php" Local File Include
Description: Dodo's Quiz Script is a web-based application. The
application is exposed to a local file include issue because it fails
to properly sanitize user-supplied input to the "n" parameter of the
"dodosquiz.php" script. Dodo's Quiz Script version 1.1 is affected.
Ref: http://www.securityfocus.com/bid/33369
______________________________________________________________________

09.4.99 CVE: CVE-2008-5734
Platform: Web Application
Title: RoundCube Webmail Background Attributes Email Message HTML
Injection
Description: RoundCube Webmail is a web-based IMAP email client. The
application is exposed to an HTML injection issue because the
application fails to properly sanitize user-supplied input before using
it in dynamically generated content. RoundCube Webmail version
0.2-stable is affected.
Ref: http://www.securityfocus.com/bid/33372
______________________________________________________________________

09.4.100 CVE: Not Available
Platform: Web Application
Title: LinPHA Photo Gallery "lib/lang/language.php" Remote Command
Execution
Description: LinPHA Photo Gallery is a PHP-based photo gallery
application. The application is exposed to an issue that attackers can
leverage to execute arbitrary commands in the context of the
application. This issue occurs because the application fails to
adequately validate user-supplied input passed to the
"/lib/lang/language.php" script. LinPHA Photo Gallery version 2.0 is
affected.
Ref: http://www.securityfocus.com/bid/33375
______________________________________________________________________

09.4.101 CVE: Not Available
Platform: Web Application
Title: TYPO3 Multiple Remote Vulnerabilities
Description: TYPO3 is a web-based content manager. The application is
exposed to multiple issues. TYPO3 versions prior to 4.0.10, 4.1.8 or
4.2.4 are affected.
Ref:
http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/
______________________________________________________________________

09.4.102 CVE: CVE-2008-3818
Platform: Network Device
Title: Cisco ONS Control Card Remote Denial of Service
Description: Cisco ONS is a storage device developed by Cisco. The
device is exposed to a denial of service issue when handling specially
crafted TCP traffic sent to the control cards contained on a node.
This issue will cause packets to be dropped only when transmitting
data through a synchronize channel.
Ref: http://www.cisco.com/warp/public/707/cisco-sa-20090114-ons.shtml
______________________________________________________________________

09.4.103 CVE: CVE-2008-4444
Platform: Network Device
Title: Cisco Unified IP Phone 7960G and 7940G RTP Remote Denial of
Service
Description: Cisco Unified IP 7960G and 7940G are voice over IP (VoIP)
phones. Cisco Unified IP 7960G and 7940G are exposed to a remote
denial of service issue that resides in phones configured to use SIP.
Ref: http://www.securityfocus.com/archive/1/500059
______________________________________________________________________

09.4.104 CVE: Not Available
Platform: Network Device
Title: Multiple Avira Products RAR Handling Remote Denial of Service
Description: Multiple Avira products are exposed to a remote denial of
service issue. This issue occurs because the applications fail to
handle certain fields in malformed RAR files.
Ref: http://www.securityfocus.com/archive/1/500116
______________________________________________________________________

09.4.105 CVE: Not Available
Platform: Network Device
Title: WowWee Rovio Access Control Multiple Unauthorized Access
Vulnerabilities
Description: WowWee Rovio a WI-FI enabled web camera. The device is
exposed to multiple unauthorized access issues that occur because the
device's firmware fails to properly sanitize user-supplied input.
Ref: http://www.securityfocus.com/archive/1/500056
______________________________________________________________________

09.4.106 CVE: Not Available
Platform: Network Device
Title: IBM Hardware Management Console (HMC) Unspecified
Description: IBM Hardware Management Console (HMC) enables an
administrator to manage the configuration and operation of partitions
in a computer and to monitor the computer for hardware problems. The
application is exposed to an unspecified issue that affects HMC
version 7R3.2.0 Service Pack 1.
Ref:
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4521
______________________________________________________________________

09.4.107 CVE: Not Available
Platform: Network Device
Title: Sagem F@st 2404 Router "restoreinfo.cgi" Unauthorized Access
Description: Sagem F@st 2404 is a high-speed wireless router. Sagem
F@st 2404 is exposed to an unauthorized access issue because it fails
to properly restrict access to the "restoreinfo.cgi" script.
Ref: http://www.securityfocus.com/archive/1/500150
______________________________________________________________________

09.4.108 CVE: Not Available
Platform: Network Device
Title: Multiple Ralinktech Wireless Drivers MAC/BSS/SSID Integer
Overflow
Description: Ralink USB Wireless Adapter (RT73) is a wireless network
adapter. Multiple Ralinktech wireless drivers are exposed to an
integer overflow issue because they fail to ensure that integer values
are not overrun. Ralink USB Wireless Adapter (RT73) version 3.08 is
affected.
Ref: http://www.securityfocus.com/archive/1/500168
______________________________________________________________________
[ terug ]