Home
Systeembeheer
Consultancy
Connectivity
Training
Development

Klanten

Inloggen

Resources

Sans artikelen
Security artikelen

Software

Linux
Windows









[ terug ]
*************************************************************************
            @RISK: The Consensus Security Vulnerability Alert
January 15, 2009                                          Vol. 8. Week 03
*************************************************************************
@RISK is the SANS community's consensus bulletin summarizing the most
important vulnerabilities and exploits identified during the past week
and providing guidance on appropriate actions to protect your systems
(PART I). It also includes a comprehensive list of all new
vulnerabilities discovered in the past week (PART II).

Summary of Updates and Vulnerabilities in this Consensus
Platform                        Number of Updates and Vulnerabilities
- ------------------------        -------------------------------------
Windows                                          5 (#1, #6)
Other Microsoft Products                         3
Third Party Windows Apps                        10 (#2, #4, #5)
Linux                                            3
Solaris                                          1
Cross Platform                                  26 (#3)
Web Application - Cross Site Scripting           9
Web Application - SQL Injection                 25
Web Application                                 20
Network Device                                   6
***********************************************************************
1) Take part in the SANS 5th Annual Log Management Survey: A Leading
Source for Actionable Data on Key Issues and Trends.
http://www.sans.org/info/37128

2) Visit the SANS Vendor Demo resource page to see the latest INFOSEC
products & solutions in action!
http://www.sans.org/info/37133

3) "Compliance" does not mean "Secure".  Is your organization maximizing
vulnerability management to maintain compliance standards?  Listen to
this popular SANS webcast on emerging VM trends featuring David Hoelzer.
http://www.sans.org/info/37138
*************************************************************************
TRAINING UPDATE
- - SANS 2009 in Orlando in early march - the largest security training
conference and expo in the world. lots of evening sessions:
http://www.sans.org/
- - SANS Security West Las Vegas (1/24-2/01) http://sans.org/securitywest09/
- - Looking for training in your own Community?  http://sans.org/community/
For a list of all upcoming events, on-line and live: www.sans.org
*************************************************************************

Table Of Contents
Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)

Widely Deployed Software
(1) CRITICAL: Microsoft Windows SMB Handling Multiple Vulnerabilities (MS09-001)
(2) CRITICAL: RIM BlackBerry Enterprise Server Multiple PDF Parsing
Vulnerabilities
(3) CRITICAL: Oracle Multiple Products Multiple Vulnerabilities (CPU Jan 2009)
(4) HIGH: Multiple Office OCX ActiveX Controls Multiple Vulnerabilities
(5) HIGH: NullSoft Winamp Audio File Parsing Multiple Buffer Overflows
(6) MODERATE: Microsoft Windows Compiled HTML Help Handling Buffer Overflow

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from
Qualys (www.qualys.com)

 -- Windows
09.3.1 - Microsoft Windows CHM File Processing Buffer Overflow
09.3.2 - Triologic Media Player ".m3u" File Heap Buffer Overflow
09.3.3 - Winamp MP3 and AIFF File Parsing Multiple Buffer Overflow
Vulnerabilities
09.3.4 - Microsoft Windows SMB Buffer Overflow
09.3.5 - Microsoft Windows SMB Remote Code Execution
 -- Other Microsoft Products
09.3.6 - Microsoft Internet Explorer "screen[""]" Remote Denial of Service
09.3.7 - Microsoft HTML Help Workshop ".hhp" File Handling Buffer Overflow
09.3.8 - Office Viewer OCX ActiveX Control "Open()" Method Arbitrary Command
Execution
 -- Third Party Windows Apps
09.3.9 - Multiple Vendor SizerOne ActiveX Control "AddTab" Method Buffer
Overflow
09.3.10  - Perception LiteServe "USER" FTP Command Remote Buffer Overflow
09.3.11  - gen_msn Winamp Plugin ".pls" Playlist File Remote Heap Buffer
Overflow
09.3.12  - MP3 TrackMaker ".mp3" File Remote Heap Buffer Overflow
09.3.13  - VUPlayer ".asx" Playlist File Buffer Overflow
09.3.14  - Excel Viewer OCX ActiveX Control Multiple Remote Vulnerabilities
09.3.15  - Ciansoft PDFBuilderX Control (ActiveX) Arbitrary File Overwrite
09.3.16  - Multiple Office OCX ActiveX Controls "Save()" Arbitrary File
Overwrite
09.3.17  - Multiple Office OCX ActiveX Controls "OpenWebFile()" Arbitrary
Program Execution
09.3.18  - Ots Labs OtsTurntables OFL File Buffer Overflow
 -- Linux
09.3.19  - Linux Kernel "sys_remap_file_pages()" Local Privilege Escalation
09.3.20  - Linux Kernel "locks_remove_flock()" Local Race Condition
09.3.21  - HP Linux Imaging and Printing System "hplip.postinst" Local Privilege
Escalation
 -- Solaris
09.3.22  - Sun Solaris "aio_suspend()" Integer Overflow Local Denial of Service
 -- Cross Platform
09.3.23  - Symantec Mail Security For SMTP Denial of Service
09.3.24  - HP OpenView Network Node Manager HTTP Request Multiple Buffer
Overflow Vulnerabilities
09.3.25  - OpenSSL "EVP_VerifyFinal" Function Signature Verification
09.3.26  - Multiple Vendor OpenSSL "DSA_verify" Function Signature Verification
09.3.27  - Mozilla Firefox "designMode" Null Pointer Dereference Denial of
Service
09.3.28  - Audacity ".aup" Project File Parsing Buffer Overflow
09.3.29  - Openfire "log.jsp" Directory Traversal
09.3.30  - IBM WebSphere DataPower XML Security Gateway XS40 Remote Denial of
Service
09.3.31  - Gretech GOM Player ".asx" File Remote Stack Buffer Overflow
09.3.32  - Asterisk IAX2 Authentication Response Remote Information Disclosure
09.3.33  - Anope IRC Services "bs_fantasy_ext" Extension IP Address Information
Disclosure
09.3.34  - IntelliTamper ".CAT" Catalog File Buffer Overflow
09.3.35  - Serv-U Remote Denial of Service Vulnerabilities
09.3.36  - Python "expandtabs" Multiple Integer Overflow Vulnerabilities
09.3.37  - Browse3D ".sfs" File Handling Buffer Overflow
09.3.38  - mlmmj Unspecified
09.3.39  - Amarok "audible.cpp" Audible File Multiple Integer Overflow and
Memory Allocation Vulnerabilities
09.3.40  - BluePex IE-2000 IP-Based Session Hijacking
09.3.41  - PHP "popen()" Function Buffer Overflow
09.3.42  - BlackBerry Attachment Service PDF Distiller Remote Code Execution
09.3.43  - DevIL "RGBE" File Parsing Multiple Buffer Overflow Vulnerabilities
09.3.44  - Apple Safari RSS Feed Information Disclosure
09.3.45  - libmikmod Multiple Sound Channel Media Playback Remote Denial of
Service
09.3.46  - dBpowerAMP Audio Player ".pls" File Buffer Overflow
09.3.47  - libmikmod ".XM" File Remote Denial of Service
09.3.48  - TeamSpeak "help" Command Directory Traversal
 -- Web Application - Cross Site Scripting
09.3.49  - MyNETS 1.2.0.1 and prior Unspecified Cross-Site Scripting
09.3.50  - Movable Type Prior to Version 4.23 Unspecified Cross-Site Scripting
09.3.51  - Openfire "logviewer.jsp" Cross-Site Scripting
09.3.52  - Openfire "group-summary.jsp" Cross-Site Scripting
09.3.53  - Openfire "user-properties.jsp" Cross-Site Scripting
09.3.54  - Openfire "audit-policy.jsp" Multiple Cross-Site Scripting
Vulnerabilities
09.3.55  - Openfire "log.jsp" Cross-Site Scripting
09.3.56  - MODx Prior to 0.9.6.3 Multiple Cross Site Scripting Vulnerabilities
09.3.57  - Ovidentia "index.php" Multiple Cross-Site Scripting Vulnerabilities
 -- Web Application - SQL Injection
09.3.58  - PHP-Fusion E-Cart Module "CA" Parameter SQL Injection
09.3.59  - Members CV (job) Module for PHP-Fusion "members.php" SQL Injection
09.3.60  - PHP-Fusion VArcade Module "callcomments.php" SQL Injection
09.3.61  - PizzisCMS "visualizza.php" SQL Injection
09.3.62  - MODx "searchid" Parameter SQL Injection
09.3.63  - Fast FAQs System "admin/authorize.php" SQL Injection
09.3.64  - SocialEngine "browse_classifieds.php" SQL Injection
09.3.65  - PHP-Fusion Kroax Module "callcomments.php" SQL Injection
09.3.66  - phpMDJ "animateurs.php" SQL Injection
09.3.67  - Weight Loss Recipe Book Multiple SQL Injection Vulnerabilities
09.3.68  - DeZine Dz cms "products.php" SQL Injection
09.3.69  - BKWorks ProPHP SQL Injection
09.3.70  - tadbook2 Module for XOOPS "open_book.php" SQL Injection
09.3.71  - Fast Guest Book Login SQL Injection
09.3.72  - Joomla! "com_newsflash" Component "id" Parameter SQL Injection
09.3.73  - Joomla! "com_jashowcase" Component "catid" Parameter SQL Injection
09.3.74  - Joomla! "com_xevidmegahd" Component "catid" Parameter SQL Injection
09.3.75  - Visuplay CMS Multiple SQL Injection Vulnerabilities
09.3.76  - Joomla! Portfol Component "vcatid" Parameter SQL Injection
09.3.77  - WordPress Plugin WP-Forum "forum_feed.php" SQL Injection
09.3.78  - Joomla! and Mambo gigCalendar Component SQL Injection
09.3.79  - Joomla! "com_fantasytournament" Component Multiple SQL Injection
Vulnerabilities
09.3.80  - Joomla! "com_camelcitydb2" Component SQL Injection
09.3.81  - DMXReady Multiple Products "upload_image_category.asp" SQL Injection
09.3.82  - DMXReady Members Area Manager "upload_image_security_level.asp" SQL
Injection
 -- Web Application
09.3.83  - Plunet BusinessManager ACL Security Bypass and HTML Injection
Vulnerabilities
09.3.84  - Drupal Project Release Module Multiple Remote Vulnerabilities
09.3.85  - Drupal Project issue tracking Security Bypass and Cross Site
Scripting Vulnerabilities
09.3.86  - QuoteBook Information Disclosure, SQL Injection and HTML Injection
Vulnerabilities
09.3.87  - CuteNews "add_ip" Parameter PHP Code Injection
09.3.88  - Openfire "server-properties.jsp" HTML Injection
09.3.89  - Openfire "muc-room-edit-form.jsp'" HTML Injection
09.3.90  - XOOPS "mydirname" Parameter  Multiple PHP Code Injection
Vulnerabilities
09.3.91  - Silentum Uploader Arbitrary File Deletion
09.3.92  - A Free Text-To-Speech System "TFLivre.php" Remote Command Execution
09.3.93  - Photobase "header.php" Local File Include
09.3.94  - Interspire Shopping Cart Cookie Authentication Bypass
09.3.95  - Git gitweb Unspecified Remote Command Execution
09.3.96  - Comersus Cart User Email and User Password Unauthorized Access
09.3.97  - Simple Machine Forum Password Reset Security Bypass
09.3.98  - PWP Wiki Processor "run.php" Arbitrary File Upload
09.3.99  - REALTOR 747 "include/define.php" Remote File Include
09.3.100 - RackTables Blank Password Authentication Bypass
09.3.101 - Hspell GUI "cilla.cgi" Remote Command Execution
09.3.102 - DMXReady Blog Manager Arbitrary File Deletion
 -- Network Device
09.3.103 - Cisco Global Site Selector DNS Server Remote Denial of Service
09.3.104 - Multiple CA Service Management Products Unspecified Remote Command
Execution
09.3.105 - NetGear WG102 SNMP Write Community String Information Disclosure
09.3.106 - Atheria SV-SIP1042 Administrator Authentication Credentials
Information Disclosure
09.3.107 - BlackBerry Attachment Service PDF Distiller "bitmaps" Remote Buffer
Overflow
09.3.108 - BlackBerry Attachment Service PDF Distiller Uninitialized Heap Memory
Code Execution

______________________________________________________________________

PART I Critical Vulnerabilities
Part I for this issue has been compiled by Rob King at TippingPoint, a
division of 3Com, as a by-product of that company's continuous effort
to ensure that its intrusion prevention products effectively block
exploits using known vulnerabilities. TippingPoint's analysis is
complemented by input from a council of security managers from twelve
large organizations who confidentially share with SANS the specific
actions they have taken to protect their systems. A detailed description
of the process may be found at
http://www.sans.org/newsletters/cva/#process

*****************************
Widely Deployed Software
*****************************

(1) CRITICAL: Microsoft Windows SMB Handling Multiple Vulnerabilities (MS09-001)
Affected:
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 2008

Description: SMB is the Server Message Block protocol. It is the
standard protocol for resource, file, and printer sharing in Microsoft
Windows installations. Windows contains a flaw in its handling of a
variety of SMB messages. A specially crafted message could trigger one
of these vulnerabilities, allowing an attacker to execute arbitrary code
with kernel-level privileges. It is believed that the remote code
execution conditions are difficult to achieve, but are theoretically
possible. Some technical details are publicly available for these
vulnerabilities.

Status: Vendor confirmed, updates available.

References:
Microsoft Security Bulletin
http://www.microsoft.com/technet/security/bulletin/ms09-001.mspx
Zero Day Initiative Advisories
http://zerodayinitiative.com/advisories/ZDI-09-001/
http://zerodayinitiative.com/advisories/ZDI-09-002/
Wikipedia Article on SMB
http://en.wikipedia.org/wiki/Server_Message_Block
SecurityFocus BIDs
http://www.securityfocus.com/bid/33121
http://www.securityfocus.com/bid/33122

******************************************************

(2) CRITICAL: RIM BlackBerry Enterprise Server Multiple PDF Parsing
Vulnerabilities
Affected:
RIM BlackBerry Enterprise Server versions 4.1.6 and prior

Description: The RIM BlackBerry Enterprise Server is the server
application that formats and manages messages to RIM BlackBerry handheld
systems. Part of its functionality includes parsing of file attachments
and formatting them for better viewing on handheld devices. The
Enterprise Server contains multiple vulnerabilities in its handling of
PDF attachments. A specially crafted PDF could trigger one of these
vulnerabilities, allowing an attacker to execute arbitrary code with the
privileges of the vulnerable process (usually SYSTEM). Some user
interaction is required to exploit this vulnerability in that a user
must explicitly view the malicious attachment on a BlackBerry device.
Technical details are publicly available for these vulnerabilities.

Status: Vendor confirmed, updates available.

References:
BlackBerry Security Advisories
http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=
KB17118
http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=
KB17119
iDefense Security Advisories
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=764
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=765
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=766
Vendor Home Page
http://www.blackberry.com
SecurityFocus BIDs
http://www.securityfocus.com/bid/33248
http://www.securityfocus.com/bid/33250
http://www.securityfocus.com/bid/33224

******************************************************

(3) CRITICAL: Oracle Multiple Products Multiple Vulnerabilities (CPU Jan 2009)
Affected:
Oracle TimesTen versions 7.0.5.4.0 and prior
Oracle Secure Backup versions 10.2.0.3 and prior
Oracle Database versions 11g and prior
Oracle E-Business Suite versions 12 and prior
Oracle Enterprise Manager Grid Control versions 10g and prior

Description: Oracle has released its Critical Patch Update for January
of 2009. Multiple products contain various vulnerabilities, with some
products suffering from remote, unauthenticated command or code
execution vulnerabilities. Proofs-of-concept are publicly available for
the vulnerabilities present in Oracle TimesTen and Oracle Secure Backup.
Technical details are publicly available for other vulnerabilities.

Status: Vendor confirmed, updates available.
 
References:
Oracle Critical Patch Update
http://www.oracle.com/technology/deploy/security/critical-patch-updates/
cpujan2009.html
Zero Day Initiative Advisories
http://www.zerodayinitiative.com/advisories/ZDI-09-003/
http://www.zerodayinitiative.com/advisories/ZDI-09-004/
iDefense Security Advisories
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=768
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=769
Vendor Home Page
http://www.oracle.com
SecurityFocus BID
http://www.securityfocus.com/bid/33177

******************************************************

(4) HIGH: Multiple Office OCX ActiveX Controls Multiple Vulnerabilities
Affected:
Office Viewer AcitveX Controls (OCX)

Description: The Office Viewer ActiveX Controls (OCX) are a collection
of ActiveX controls that allow users to edit and view Microsoft Office
files from within a web browser. These controls contain multiple
vulnerabilities in their handling of a variety of method calls. A
specially crafted web page that instantiated one of these controls could
trigger one of these vulnerabilities, allowing an attacker to execute
arbitrary code with the privileges of the current user. Multiple
proofs-of-concept are publicly available for these vulnerabilities.

Status: Vendor has not confirmed, no updates available. Users can
mitigate the impact of these vulnerabilities by disabling the affected
controls via Microsoft's "kill bit" mechanism. Note that this will
affect normal application functionality.

References:
Proofs-of-Concept
http://downloads.securityfocus.com/vulnerabilities/exploits/33245.html
http://downloads.securityfocus.com/vulnerabilities/exploits/33238_powerpoint.
html
http://downloads.securityfocus.com/vulnerabilities/exploits/33238_office.html
http://downloads.securityfocus.com/vulnerabilities/exploits/33238_word.html
http://downloads.securityfocus.com/vulnerabilities/exploits/33222.html
http://downloads.securityfocus.com/vulnerabilities/exploits/33243-office.html
http://downloads.securityfocus.com/vulnerabilities/exploits/33243-powerpoint.
html
http://downloads.securityfocus.com/vulnerabilities/exploits/33243-word.html
http://downloads.securityfocus.com/vulnerabilities/exploits/33243-excel.html
Microsoft Knowledge Base Article (details the "kill bit" mechanism)
http://support.microsoft.com/kb/240797
Vendor Home Page
http://www.officeocx.com
SecurityFocus BIDs
http://www.securityfocus.com/bid/33245
http://www.securityfocus.com/bid/33222
http://www.securityfocus.com/bid/33238
http://www.securityfocus.com/bid/33243

******************************************************

(5) HIGH: NullSoft Winamp Audio File Parsing Multiple Buffer Overflows
Affected:
NullSoft Winamp versions 5.3.2 and prior

Description: NullSoft Winamp is a popular media play for Microsoft
Windows. It contains flaws in its parsing of MP3 and Audio Interchange
File Format (AIFF) files. A specially crafted MP3 or AIFF file could
trigger one of these flaws, leading to a buffer overflow condition.
Successfully exploiting one of these buffer overflows would allow an
attacker to execute arbitrary code with the privileges of the current
user. Depending upon configuration, a malicious file may be opened upon
receipt by the vulnerable application. A proof-of-concept for these
vulnerabilities is publicly available.

Status: Vendor has not confirmed, no updates available.

References:
Proof-of-Concept
http://downloads.securityfocus.com/vulnerabilities/exploits/33226.pl
Wikipedia Article on AIFF
http://en.wikipedia.org/wiki/Audio_Interchange_File_Format
Wikipedia Article on MP3
http://en.wikipedia.org/wiki/MP3
Product Home Page
http://www.winamp.com
SecurityFocus BID
http://www.securityfocus.com/bid/33226

******************************************************

(6) MODERATE: Microsoft Windows Compiled HTML Help Handling Buffer Overflow
Affected:
Microsoft Windows XP SP3

Description: Compiled HTML (CHM) is a document format used most commonly
for help files on Microsoft Windows. Microsoft Windows XP SP3 contains
a flaw in its parsing of these files. A specially crafted CHM file could
trigger a buffer overflow, allowing an attacker to execute arbitrary
code with the privileges of the current user. Depending upon
configuration, the malicious file may be opened by the vulnerable
application upon receipt. A proof-of-concept is publicly available for
this vulnerability.

Status: Vendor has not confirmed, no updates available.

References:
Proof-of-Concept
http://downloads.securityfocus.com/vulnerabilities/exploits/33204.pl
Wikipedia Article on Compiled HTML
http://en.wikipedia.org/wiki/Microsoft_Compiled_HTML_Help
SecurityFocus BID
http://www.securityfocus.com/bid/33204

*******************************************************

Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 3, 2009
This list is compiled by Qualys ( www.qualys.com ) as part of that
company's ongoing effort to ensure its vulnerability management web
service tests for all known vulnerabilities that can be scanned. As of
this week Qualys scans for 5549 unique vulnerabilities. For this special
SANS community listing, Qualys also includes vulnerabilities that cannot
be scanned remotely.

______________________________________________________________________

09.3.1 CVE: Not Available
Platform: Windows
Title: Microsoft Windows CHM File Processing Buffer Overflow
Description: CHM files are compiled HTML files used on the Microsoft
Windows platform. Windows is exposed to a buffer overflow issue
because of an issue when processing CHM files. Microsoft Windows XP
Service Pack 3 is affected.
Ref: http://www.securityfocus.com/bid/33204
______________________________________________________________________

09.3.2 CVE: Not Available
Platform: Windows
Title: Triologic Media Player ".m3u" File Heap Buffer Overflow
Description: Triologic Media Player is a media player application for
Microsoft Windows. The application is exposed to a heap-based buffer
overflow issue because it fails to perform adequate boundary checks on
user-supplied input. This issue occurs when the application fails to
handle malformed ".m3u" files. Triologic Media Player version 7 is
affected.
Ref: http://www.securityfocus.com/bid/33219
______________________________________________________________________

09.3.3 CVE: Not Available
Platform: Windows
Title: Winamp MP3 and AIFF File Parsing Multiple Buffer Overflow
Vulnerabilities
Description: Winamp is a multi-format media player application for
Micorosft Windows platforms. The application is exposed to multiple
buffer overflow issues because it fails to perform adequate checks on
user-supplied input. Winamp versions up to and including 5.541 are
affected.
Ref: http://www.securityfocus.com/bid/33226
______________________________________________________________________

09.3.4 CVE: CVE-2008-4834
Platform: Windows
Title: Microsoft Windows SMB Buffer Overflow
Description: Microsoft Windows is exposed to a buffer overflow issue
that occurs in the SMB (Server Message Block) protocol implementation.
This issue occurs because the server service fails to perform adequate
boundary checks on user-supplied data.
Ref: http://www.microsoft.com/technet/security/Bulletin/MS09-001.mspx
______________________________________________________________________

09.3.5 CVE: CVE-2008-4835
Platform: Windows
Title: Microsoft Windows SMB Remote Code Execution
Description: Microsoft Windows is exposed to a remote code execution
vulnerability in the SMB (Server Message Block) protocol
implementation. This issue occurs because the server service fails to
perform adequate boundary checks on user-supplied data.
Ref: http://www.microsoft.com/technet/security/Bulletin/MS09-001.mspx
______________________________________________________________________

09.3.6 CVE: Not Available
Platform: Other Microsoft Products
Title: Microsoft Internet Explorer "screen[""]" Remote Denial of
Service
Description: Microsoft Internet Explorer is a web browser available
for Microsoft Windows. Internet Explorer is exposed to a remote denial
of service issue when handling specially crafted web pages. The issue
stems from a NULL pointer access error when handling the "screen"
object. Microsoft Internet Explorer versions 6, 7 and 8 Beta are
affected.
Ref:
http://skypher.com/index.php/2009/01/07/msie-screen-null-ptr-dos-details/
______________________________________________________________________

09.3.7 CVE: Not Available
Platform: Other Microsoft Products
Title: Microsoft HTML Help Workshop ".hhp" File Handling Buffer
Overflow
Description: Microsoft HTML Help Workshop is part of Microsoft Office
Resource Kit and is used to create help topics that may be integrated
with the Office Help system. Microsoft HTML Help Workshop is exposed
to a remote buffer overflow issue that arises because the application
fails to perform boundary checks before copying user-supplied data
into sensitive process buffers. HTML Help Workshop versions 4.74 and
earlier are affected.
Ref: http://www.securityfocus.com/bid/33189
______________________________________________________________________

09.3.8 CVE: Not Available
Platform: Other Microsoft Products
Title: Office Viewer OCX ActiveX Control "Open()" Method Arbitrary
Command Execution
Description: Office OCX Office Viewer is an ActiveX control that
allows users to view and edit Microsoft Office documents through a web
browser. The Office Viewer OCX ActiveX control is exposed to an issue
that lets attackers execute arbitrary commands. Office Viewer OCX
version 3.0.1 is affected.
Ref: http://support.microsoft.com/kb/240797
______________________________________________________________________

09.3.9 CVE: CVE-2008-4827
Platform: Third Party Windows Apps
Title: Multiple Vendor SizerOne ActiveX Control "AddTab" Method Buffer
Overflow
Description: SizerOne is an ActiveX control used in products by
multiple vendors. The application is exposed to a buffer overflow
issue because it fails to properly bounds check user-supplied data
before copying it into an insufficiently sized memory buffer.
Ref: http://secunia.com/secunia_research/2008-53/
______________________________________________________________________

09.3.10 CVE: Not Available
Platform: Third Party Windows Apps
Title: Perception LiteServe "USER" FTP Command Remote Buffer Overflow
Description: Perception LiteServe is a server application for
Microsoft Windows. LiteServe is able to act as an FTP server.
LiteServe is exposed to a remote buffer overflow issue that occurs in
the handling of the "USER" FTP command. LiteServe version 2.81 is
affected.
Ref: http://www.securityfocus.com/bid/33158
______________________________________________________________________

09.3.11 CVE: Not Available
Platform: Third Party Windows Apps
Title: gen_msn Winamp Plugin ".pls" Playlist File Remote Heap Buffer
Overflow
Description: gen_msn Winamp Plugin is used to display currently
playing songs in the personal status message of Windows Live
Messenger. The application is exposed to a remote heap-based buffer
overflow issue because it fails to perform adequate checks on
user-supplied input. gen_msn version 0.31 is affected.
Ref: http://www.securityfocus.com/bid/33159
______________________________________________________________________

09.3.12 CVE: Not Available
Platform: Third Party Windows Apps
Title: MP3 TrackMaker ".mp3" File Remote Heap Buffer Overflow
Description: Heathco Software MP3 TrackMaker is an audio editing
application for Microsoft Windows. The application is exposed to a
remote heap-based buffer overflow issue because it fails to perform
adequate checks on user-supplied input. TrackMaker version 1.5 is
affected.
Ref: http://www.securityfocus.com/bid/33183
______________________________________________________________________

09.3.13 CVE: Not Available
Platform: Third Party Windows Apps
Title: VUPlayer ".asx" Playlist File Buffer Overflow
Description: VUPlayer is a media player for Microsoft Windows.
VUPlayer is exposed to a buffer overflow issue because it fails to
perform adequate checks on user-supplied input. VUPlayer version 2.49
is affected.
Ref: http://www.securityfocus.com/bid/33185
______________________________________________________________________

09.3.14 CVE: Not Available
Platform: Third Party Windows Apps
Title: Excel Viewer OCX ActiveX Control Multiple Remote
Vulnerabilities
Description: Excel Viewer OCX is an ActiveX control that allows users
to view and interact with Microsoft Excel documents in Win Forms or
webpages. Excel Viewer OCX ActiveX control is exposed to multiple
remote issues. Excel Viewer OCX version 3.2 is affected.
Ref: http://support.microsoft.com/kb/240797
______________________________________________________________________

09.3.15 CVE: Not Available
Platform: Third Party Windows Apps
Title: Ciansoft PDFBuilderX Control (ActiveX) Arbitrary File Overwrite
Description: Ciansoft PDFBuilderX Control (ActiveX) is an application
for creating PDF documents. The application is exposed to an issue
that allows attackers to overwrite files with arbitrary,
attacker-supplied content. Ciansoft PDFBuilderX Control (ActiveX)
version 2.2.0.1 is affected.
Ref: http://support.microsoft.com/kb/240797
______________________________________________________________________

09.3.16 CVE: Not Available
Platform: Third Party Windows Apps
Title: Multiple Office OCX ActiveX Controls "Save()" Arbitrary File
Overwrite
Description: Word Viewer, PowerPoint Viewer and Office Viewer are
ActiveX controls that allow users to view and edit Microsoft Word
documents through a web browser. The controls are exposed to an issue
that allows attackers to overwrite arbitrary attacker-specified files.
Ref: http://support.microsoft.com/kb/240797
______________________________________________________________________

09.3.17 CVE: Not Available
Platform: Third Party Windows Apps
Title: Multiple Office OCX ActiveX Controls "OpenWebFile()" Arbitrary
Program Execution
Description: Microsoft Word Viewer, PowerPoint Viewer, and Office
Viewer are ActiveX controls that allow users to view and edit Office
documents through a web browser. The controls are exposed to an issue
that allows attackers to execute arbitrary remote attacker-specified
files.
Ref: http://support.microsoft.com/kb/240797
______________________________________________________________________

09.3.18 CVE: Not Available
Platform: Third Party Windows Apps
Title: Ots Labs OtsTurntables OFL File Buffer Overflow
Description: Ots Labs OtsTurntables is an MP3 mixer available for
Microsoft Windows. The application is exposed to a buffer overflow
issue because it fails to properly bounds check user-supplied input.
OtsTurntables version 1.00.027 is affected.
Ref: http://www.securityfocus.com/bid/33257
______________________________________________________________________

09.3.19 CVE: CVE-2009-0024
Platform: Linux
Title: Linux Kernel "sys_remap_file_pages()" Local Privilege
Escalation
Description: The Linux kernel is exposed to a local privilege
escalation issue. This issue is due to an unspecified error in the
"sys_remap_file_pages()" function. Linux kernel versions prior to
2.6.24.1 are affected.
Ref: http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.24.1
______________________________________________________________________

09.3.20 CVE: CVE-2008-4307
Platform: Linux
Title: Linux Kernel "locks_remove_flock()" Local Race Condition
Description: The Linux kernel is exposed to a local race condition
issue because it fails to properly handle POSIX locks. The
vulnerability occurs in the "locks_remove_flock()" function of the
"/fs/locks.c" source file. A local attacker may exploit this issue to
crash the computer or to gain elevated privileges on the affected
computer.
Ref: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-4307
______________________________________________________________________

09.3.21 CVE: Not Available
Platform: Linux
Title: HP Linux Imaging and Printing System "hplip.postinst" Local
Privilege Escalation
Description: HP Linux Imaging and Printing System (HPLIP) is a
Linux-based application to print, scan, and fax with HP inkjet and
laser printers. The application is exposed to a local privilege
escalation issue because an installation script changes ownership and
permission on certain files in user's home directories.
Ref: http://www.securityfocus.com/bid/33249
______________________________________________________________________

09.3.22 CVE: Not Available
Platform: Solaris
Title: Sun Solaris "aio_suspend()" Integer Overflow Local Denial of
Service
Description: Sun Solaris is a UNIX-based operating system. Solaris is
exposed to a local denial of service issue. It is the result of an
integer overflow in the "aio_suspend()" function.
Ref: http://www.trapkit.de/advisories/TKADV2009-001.txt
______________________________________________________________________

09.3.23 CVE: Not Available
Platform: Cross Platform
Title: Symantec Mail Security For SMTP Denial of Service
Description: Symantec Mail Security for SMTP is an email-scanning
security application for multiple operating platforms. The application
is exposed to a remote denial of service issue. Symantec Mail Security
for SMTP version 5.0.1 with Patch 189 is affected.
Ref:
ftp://ftp.symantec.com/public/english_us_canada/products/symantec_mail_security/
5.0.1_smtp/updates/RELEASE_NOTES.p200.txt
______________________________________________________________________

09.3.24 CVE: CVE-2008-0067
Platform: Cross Platform
Title: HP OpenView Network Node Manager HTTP Request Multiple Buffer
Overflow Vulnerabilities
Description: HP OpenView Network Node Manager is a fault-management
application for IP networks. The application is exposed to multiple
buffer overflow issues because it fails to adequately bounds check
user-supplied input before copying it to insufficiently sized buffers.
HP OpenView Network Node Manager version 7.51 with NNM_01168 is
affected.
Ref: http://secunia.com/secunia_research/2008-13/
______________________________________________________________________

09.3.25 CVE: CVE-2008-5077, CVE-2009-0046, CVE-2009-0047,
CVE-2009-0048, CVE-2009-0049, CVE-2009-0021
Platform: Cross Platform
Title: OpenSSL "EVP_VerifyFinal" Function Signature Verification
Description: OpenSSL is an open-source cryptography library. OpenSSL
is exposed to a signature verification issue that arises because of a
design error as several functions do not properly verify the result of
the "EVP_VerifyFinal" function call. OpenSSL release versions prior to
0.9.8j are affected.
Ref: http://www.securityfocus.com/archive/1/499855
______________________________________________________________________

09.3.26 CVE: CVE-2009-0025, CVE-2009-0050, CVE-2009-0051
Platform: Cross Platform
Title: Multiple Vendor OpenSSL "DSA_verify" Function Signature
Verification
Description: Products by multiple vendors using OpenSSL are exposed to
a signature verification issue that arises because of a design error
as the applications fail to verify the result of the OpenSSL
"DSA_verify" function call.
Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511521
______________________________________________________________________

09.3.27 CVE: Not Available
Platform: Cross Platform
Title: Mozilla Firefox "designMode" Null Pointer Dereference Denial of
Service
Description: Mozilla Firefox is a browser available for multiple
platforms. The browser is exposed to a remote denial of service issue.
Specifically, this issue arises when the "document.designMode"
property is set to "on". Firefox version 3.0.5 is affected.
Ref: https://bugzilla.mozilla.org/show_bug.cgi?id=456727
______________________________________________________________________

09.3.28 CVE: Not Available
Platform: Cross Platform
Title: Audacity ".aup" Project File Parsing Buffer Overflow
Description: Audacity is an audio-editing application available for
multiple platforms. Audacity is exposed to a buffer overflow issue
because it fails to perform adequate boundary checks on user-supplied
data. This issue occurs when the application parses a specially
crafted ".aup" project file. Audacity version 1.6.2 is affected.
Ref: http://www.securityfocus.com/bid/33160
______________________________________________________________________

09.3.29 CVE: Not Available
Platform: Cross Platform
Title: Openfire "log.jsp" Directory Traversal
Description: Openfire is a freely available instant-messaging server
available for various platforms. The application is exposed to a
directory traversal issue because it fails to sufficiently sanitize
user-supplied input to the "log" parameter of the "log.jsp" script.
Openfire version 3.6.2 is affected.
Ref:
http://www.coresecurity.com/content/openfire-multiple-vulnerabilities
______________________________________________________________________

09.3.30 CVE: Not Available
Platform: Cross Platform
Title: IBM WebSphere DataPower XML Security Gateway XS40 Remote Denial
of Service
Description: IBM WebSphere DataPower XML Security Gateway XS40 is a
device for securing web services. The device is exposed to a remote
denial of service issue because it fails to handle user-supplied data.
WebSphere DataPower XML Security Gateway XS40 with firmware version
3.6.1.5 is affected.
Ref: http://www-01.ibm.com/software/integration/datapower/xs40/
______________________________________________________________________

09.3.31 CVE: CVE-2007-0707
Platform: Cross Platform
Title: Gretech GOM Player ".asx" File Remote Stack Buffer Overflow
Description: Gretech GOM Player is a multimedia player application.
GOM Player is exposed to a remote stack-based buffer overflow issue
because it fails to perform adequate checks on user-supplied input.
GOM Player version 2.0.12.3375 is affected.
Ref: http://www.securityfocus.com/bid/33172
______________________________________________________________________

09.3.32 CVE: CVE-2009-0041
Platform: Cross Platform
Title: Asterisk IAX2 Authentication Response Remote Information
Disclosure
Description: Asterisk is an open-source PBX application available for
multiple operating platforms. Asterisk is exposed to an information
disclosure issue because it does not provide safe responses to failed
authentication attempts.
Ref: http://downloads.digium.com/pub/security/AST-2009-001.html
______________________________________________________________________

09.3.33 CVE: Not Available
Platform: Cross Platform
Title: Anope IRC Services "bs_fantasy_ext" Extension IP Address
Information Disclosure
Description: The "bs_fantasy_ext" extension for Anope IRC Services
provides a variety of commands used for Internet Relay Chat (IRC)
administration. The application is exposed to an information
disclosure issue related to the "unban" IRC command. bs_fantasy_ext
version 1.1.16 is affected.
Ref: http://www.securityfocus.com/bid/33175
______________________________________________________________________

09.3.34 CVE: Not Available
Platform: Cross Platform
Title: IntelliTamper ".CAT" Catalog File Buffer Overflow
Description: IntelliTamper is a spider application for scanning
websites. IntelliTamper is exposed to a buffer overflow issue because
it fails to properly validate the size of user-supplied data before
copying it into a fixed-sized buffer. IntelliTamper versions 2.07 and
2.08 are affected.
Ref: http://www.securityfocus.com/bid/33179
______________________________________________________________________

09.3.35 CVE: Not Available
Platform: Cross Platform
Title: Serv-U Remote Denial of Service Vulnerabilities
Description: Serv-U is a file server. Serv-U is exposed to multiple
remote denial of service issues. Successfully exploiting these issues
will allow attackers to deny service to legitimate users. Serv-U
versions prior to 7.4.0.0 are affected.
Ref: http://www.serv-u.com/releasenotes/
______________________________________________________________________

09.3.36 CVE: CVE-2008-5031
Platform: Cross Platform
Title: Python "expandtabs" Multiple Integer Overflow Vulnerabilities
Description: Python is an interpreted dynamic object-oriented
programming language that is available for many operating systems.
Python is exposed to multiple integer overflow issues that stem from
an incomplete fix for an earlier issue in the "expandtabs" method.
Python versions prior to 2.5.2 are affected.
Ref: http://www.openwall.com/lists/oss-security/2008/11/05/2
______________________________________________________________________

09.3.37 CVE: Not Available
Platform: Cross Platform
Title: Browse3D ".sfs" File Handling Buffer Overflow
Description: Browse3D is a web-browsing client. The application is
exposed to a remote buffer overflow issue that arises because the
application fails to perform boundary checks before copying
user-supplied data into sensitive process buffers. Browse3D version
3.5 is affected.
Ref: http://www.securityfocus.com/bid/33199
______________________________________________________________________

09.3.38 CVE: Not Available
Platform: Cross Platform
Title: mlmmj Unspecified
Description: mlmmj (Mailing List Managing Made Joyful) is a mailing
list manager. The application is exposed to an unspecified issue
related to the "contrib/web/perl-user" script. mlmmj versions prior to
1.2.16 are affected.
Ref: http://www.securityfocus.com/bid/33208
______________________________________________________________________

09.3.39 CVE: Not Available
Platform: Cross Platform
Title: Amarok "audible.cpp" Audible File Multiple Integer Overflow and
Memory Allocation Vulnerabilities
Description: Amarok is a music player for multiple operating systems.
Amarok is exposed to multiple integer overflow and memory allocation
issues because it fails to perform adequate boundary checks on
user-supplied data while handling Audible files. Amarok versions prior
to 2.0.1.1 are affected.
Ref: http://www.trapkit.de/advisories/TKADV2009-002.txt
______________________________________________________________________

09.3.40 CVE: Not Available
Platform: Cross Platform
Title: BluePex IE-2000 IP-Based Session Hijacking
Description: The BluePex IE-2000 is a security appliance. The device
is exposed to an authentication bypass issue because it maintains
authentication states based on the IP address of users.
Ref: http://www.gsec.com.br/GSEC-2008001-en.txt
______________________________________________________________________

09.3.41 CVE: Not Available
Platform: Cross Platform
Title: PHP "popen()" Function Buffer Overflow
Description: PHP is a general-purpose scripting language that is
especially suited for web development and can be embedded into HTML.
PHP is exposed to a buffer overflow issue because it fails to perform
boundary checks before copying user-supplied data to insufficiently
sized memory buffers. PHP version 5.2.8 and earlier are affected.
Ref: http://www.securityfocus.com/archive/1/499972
______________________________________________________________________

09.3.42 CVE: Not Available
Platform: Cross Platform
Title: BlackBerry Attachment Service PDF Distiller Remote Code
Execution
Description: BlackBerry Attachment Service is a component of
BlackBerry Enterprise Server and BlackBerry Unite! that is used to
process email attachments. BlackBerry Attachment Service is exposed to
a remote code execution issue that occurs when the service's PDF
distiller tries to process specially crafted PDF files.
Ref:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=764
______________________________________________________________________

09.3.43 CVE: CVE-2008-5262
Platform: Cross Platform
Title: DevIL "RGBE" File Parsing Multiple Buffer Overflow
Vulnerabilities
Description: DevIL is a multi-platform image processing library. The
library is exposed to multiple buffer overflow issues because it fails
to perform adequate checks on user-supplied input. DevIL version 1.7.4
is affected.
Ref: http://secunia.com/secunia_research/2008-59/
______________________________________________________________________

09.3.44 CVE: Not Available
Platform: Cross Platform
Title: Apple Safari RSS Feed Information Disclosure
Description: Apple Safari is a browser for multiple operating
platforms. Safari is exposed to an information disclosure issue that
occurs in the default RSS feed used by Safari. Successfully exploiting
this issue will allow the attacker to obtain information that may lead
to further attacks.
Ref: http://brian.mastenbrook.net/display/27
______________________________________________________________________

09.3.45 CVE: Not Available
Platform: Cross Platform
Title: libmikmod Multiple Sound Channel Media Playback Remote Denial
of Service
Description: libmikmod is an audio library available for various
operating systems. It is used by the MikMod media player application.
libmikmod is exposed to a remote denial of service issue because it
fails to perform adequate boundary checks on user-supplied input.
libmikmod versions 3.1.9 through 3.2.0 are affected.
Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=461519
______________________________________________________________________

09.3.46 CVE: Not Available
Platform: Cross Platform
Title: dBpowerAMP Audio Player ".pls" File Buffer Overflow
Description: dBpowerAMP Audio Player is an audio player that plays
various media formats. The application is exposed to a buffer overflow
issue because it fails to perform adequate boundary checks on
user-supplied input. dBpowerAMP Audio Player version 2.0.0 is
affected.
Ref: http://www.securityfocus.com/bid/33239
______________________________________________________________________

09.3.47 CVE: Not Available
Platform: Cross Platform
Title: libmikmod ".XM" File Remote Denial of Service
Description: libmikmod is an audio library available for various
operating systems. It is used by the MikMod media player application.
libmikmod is exposed to a remote denial of service issue because it
fails to perform adequate boundary checks on user-supplied input.
libmikmod versions 3.1.9 through 3.2.0 are affected.
Ref: https://bugzilla.redhat.com/show_bug.cgi?id=479833
______________________________________________________________________

09.3.48 CVE: Not Available
Platform: Cross Platform
Title: TeamSpeak "help" Command Directory Traversal
Description: TeamSpeak is a freely available chat server available for
various platforms. The application is exposed to a directory traversal
issue because it fails to sufficiently sanitize user-supplied input
submitted through the "help" command. TeamSpeak versions up to and
including 2.0.23.17 are affected.
Ref: http://www.securityfocus.com/bid/33256
______________________________________________________________________

09.3.49 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: MyNETS 1.2.0.1 and prior Unspecified Cross-Site Scripting
Description: MyNETS is a web-based application implemented in PHP.
MyNETS is exposed to an unspecified cross-site scripting issue because
it fails to properly sanitize user-supplied input. MyNETS versions
1.2.0.1 and earlier are affected.
Ref: http://www.securityfocus.com/bid/33145
______________________________________________________________________

09.3.50 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Movable Type Prior to Version 4.23 Unspecified Cross-Site
Scripting
Description: Movable Type is a web-log application written in PERL and
PHP. Movable Type is exposed to an unspecified cross-site scripting
issue because it fails to sufficiently sanitize user-supplied data.
Movable Type versions prior to 4.23 are affected.
Ref: http://www.securityfocus.com/bid/33163
______________________________________________________________________

09.3.51 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Openfire "logviewer.jsp" Cross-Site Scripting
Description: Openfire is a freely available instant-messaging server
available for various platforms. The application is exposed to
cross-site scripting attacks because it fails to sufficiently sanitize
user-supplied input to the "log" parameter of the "logviewer.jsp"
script. Openfire version 3.6.2 is affected.
Ref:
http://www.coresecurity.com/content/openfire-multiple-vulnerabilities
______________________________________________________________________

09.3.52 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Openfire "group-summary.jsp" Cross-Site Scripting
Description: Openfire is a freely available instant-messaging server
available for various platforms. The application is exposed to
cross-site scripting attacks because it fails to sufficiently sanitize
user-supplied input to the "search" parameter of the
"group-summary.jsp" script. Openfire version 3.6.2 is affected.
Ref:
http://www.coresecurity.com/content/openfire-multiple-vulnerabilities
______________________________________________________________________

09.3.53 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Openfire "user-properties.jsp" Cross-Site Scripting
Description: Openfire is a freely available instant-messaging server
available for various platforms. The application is exposed to
cross-site scripting attacks because it fails to sufficiently sanitize
user-supplied input to the "username" parameter of the
"user-properties.jsp" script. Openfire version 3.6.2 is affected.
Ref:
http://www.coresecurity.com/content/openfire-multiple-vulnerabilities
______________________________________________________________________

09.3.54 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Openfire "audit-policy.jsp" Multiple Cross-Site Scripting
Vulnerabilities
Description: Openfire is a freely available instant-messaging server
available for various platforms. The application is exposed to
multiple cross-site scripting issues because it fails to sufficiently
sanitize user-supplied input to the "logDir", "logTimeout", "maxDays",
"maxFileSize", and "maxTotalSize" parameters of the "audit-policy.jsp"
script. Openfire version 3.6.2 is affected.
Ref:
http://www.coresecurity.com/content/openfire-multiple-vulnerabilities
______________________________________________________________________

09.3.55 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Openfire "log.jsp" Cross-Site Scripting
Description: Openfire is a freely available instant-messaging server
available for various platforms. The application is exposed to
cross-site scripting attacks because it fails to sufficiently sanitize
user-supplied input to the "log" parameter of the "log.jsp" script.
Openfire version 3.6.2 is affected.
Ref:
http://www.coresecurity.com/content/openfire-multiple-vulnerabilities
______________________________________________________________________

09.3.56 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: MODx Prior to 0.9.6.3 Multiple Cross-Site Scripting
Vulnerabilities
Description: MODx is a PHP-based content manager. The application is
exposed to multiple cross-site scripting issues because it fails to
sufficiently sanitize user-supplied input during weblogin. MODx
versions prior to 0.9.6.3 are affected.
Ref: http://jvn.jp/en/jp/JVN10170564/index.html
______________________________________________________________________

09.3.57 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Ovidentia "index.php" Multiple Cross-Site Scripting
Vulnerabilities
Description: Ovidentia is a content manager. The application is
exposed to multiple cross-site scripting issues because it fails to
sufficiently sanitize user-supplied input to the "pat" and
"smap_node_id" parameters of the "index.php" script.
Ref: http://www.securityfocus.com/bid/33230
______________________________________________________________________

09.3.58 CVE: Not Available
Platform: Web Application - SQL Injection
Title: PHP-Fusion E-Cart Module "CA" Parameter SQL Injection
Description: AusiMods E-Cart is an e-commerce module for the
PHP-Fusion content manager. The module is exposed to an SQL injection
issue because it fails to sufficiently sanitize user-supplied data to
the "CA" parameter of the "item.php" script before using it an SQL
query. E-Cart version 1.3 is affected.
Ref: http://www.securityfocus.com/archive/1/499835
______________________________________________________________________

09.3.59 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Members CV (job) Module for PHP-Fusion "members.php" SQL
Injection
Description: The Members CV (job) module for PHP-Fusion is a PHP-based
application that allows members to apply for jobs on web sites. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "sortby" parameter of
the "members.php" script before using it in an SQL query. Members CV
(job) version 1.0 is affected.
Ref: http://www.securityfocus.com/archive/1/499829
______________________________________________________________________

09.3.60 CVE: Not Available
Platform: Web Application - SQL Injection
Title: PHP-Fusion VArcade Module "callcomments.php" SQL Injection

Description: Venue VArcade is a module for the PHP-Fusion content
manager. The module is exposed to an SQL injection issue because it
fails to sufficiently sanitize user-supplied data to the "comment_id"
parameter of the "callcomments.php" script before using it an SQL
query. VArcade version 1.8 is affected.
Ref: http://www.securityfocus.com/archive/1/499868
______________________________________________________________________

09.3.61 CVE: Not Available
Platform: Web Application - SQL Injection
Title: PizzisCMS "visualizza.php" SQL Injection
Description: PizzisCMS is a web-based application. The application is
exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "idvar" parameter of the
"visualizza.php" script before using it in an SQL query. PizzisCMS
version 1.5.1 is affected.
Ref: http://www.securityfocus.com/bid/33173
______________________________________________________________________

09.3.62 CVE: Not Available
Platform: Web Application - SQL Injection
Title: MODx "searchid" Parameter SQL Injection
Description: MODx is a PHP-based content manager. The application is
exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "searchid" parameter of the
"index.php" script when the "submitok" parameter is non-NULL before
using it in an SQL query. MODx versions prior to 0.9.6.3 are affected.
Ref: http://jvn.jp/en/jp/JVN72630020/index.html
______________________________________________________________________

09.3.63 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Fast FAQs System "admin/authorize.php" SQL Injection
Description: Fast FAQs System is a PHP-based web application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "uname" parameter of
the "admin/authorize.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/33186
______________________________________________________________________

09.3.64 CVE: Not Available
Platform: Web Application - SQL Injection
Title: SocialEngine "browse_classifieds.php" SQL Injection
Description: SocialEngine is a PHP-based platform for social
networking. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"classifiedcat_id" parameter of the "browse_classifieds.php" script
before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/33190
______________________________________________________________________

09.3.65 CVE: Not Available
Platform: Web Application - SQL Injection
Title: PHP-Fusion Kroax Module "callcomments.php" SQL Injection
Description: Kroax is a module for the PHP-Fusion content manager. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "comment_id" parameter
of the "callcomments.php" script.
Ref: http://www.securityfocus.com/bid/33191
______________________________________________________________________

09.3.66 CVE: Not Available
Platform: Web Application - SQL Injection
Title: phpMDJ "animateurs.php" SQL Injection
Description: phpMDJ is a web-based application implemented in PHP. The
application is exposed to an SQL injection isssue because it fails to
sufficiently sanitize user-supplied data to the "id_animateur"
parameter of the "animateurs.php" script before using it in an SQL
query. phpMDJ versions up to and including 1.0.3 are affected.
Ref: http://www.securityfocus.com/bid/33192
______________________________________________________________________

09.3.67 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Weight Loss Recipe Book Multiple SQL Injection Vulnerabilities
Description: Weight Loss Recipe Book is PHP-based application. The
application is exposed to multiple SQL injection issues because it
fails to sufficiently sanitize user-supplied data before using it in
an SQL query. Weight Loss Recipe Book version 3.1 is affected.
Ref: http://www.securityfocus.com/bid/33193
______________________________________________________________________

09.3.68 CVE: Not Available
Platform: Web Application - SQL Injection
Title: DeZine Dz cms "products.php" SQL Injection
Description: Dz cms is a content-management system. The application is
exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "pcat" parameter of the
"products.php" script. Dz cms version 3.1 is affected.
Ref: http://www.securityfocus.com/bid/33194
______________________________________________________________________

09.3.69 CVE: Not Available
Platform: Web Application - SQL Injection
Title: BKWorks ProPHP SQL Injection
Description: BKWorks ProPHP is an application implemented in PHP. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the username field of the
authentication script when logging in to the affected application.
BKWorks ProPHP version 0.50 Beta 1 is affected.
Ref: http://www.securityfocus.com/bid/33195
______________________________________________________________________

09.3.70 CVE: Not Available
Platform: Web Application - SQL Injection
Title: tadbook2 Module for XOOPS "open_book.php" SQL Injection
Description: tadbook2 is a PHP-based component for the XOOPS content
manager. The application is exposed to an SQL injection issue because
it fails to sufficiently sanitize user-supplied data to the "book_sn"
parameter of the "open_book.php" script before using it in an SQL
query.
Ref: http://www.securityfocus.com/bid/33196
______________________________________________________________________

09.3.71 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Fast Guest Book Login SQL Injection
Description: Fast Guest Book is a web-based application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "Username" and "Password"
text boxes when logging in to the affected application.
Ref: http://www.securityfocus.com/bid/33197
______________________________________________________________________

09.3.72 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! "com_newsflash" Component "id" Parameter SQL Injection
Description: The "com_newsflash" component is a module for the Joomla!
content manager. The component is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"id" parameter before using it an SQL query.
Ref: http://www.milw0rm.com/exploits/7718
______________________________________________________________________

09.3.73 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! "com_jashowcase" Component "catid" Parameter SQL
Injection
Description: The "com_jashowcase" component is a news application for
the Joomla! content manager. The component is exposed to an SQL
injection issue because it fails to sufficiently sanitize
user-supplied data to the "catid" parameter before using it an SQL
query.
Ref: http://www.milw0rm.com/exploits/7717
______________________________________________________________________

09.3.74 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! "com_xevidmegahd" Component "catid" Parameter SQL
Injection
Description: The "com_xevidmegahd" component is a news application for
the Joomla! content manager. The component is exposed to an SQL
injection issue because it fails to sufficiently sanitize
user-supplied data to the "catid" parameter before using it an SQL
query.
Ref: http://www.milw0rm.com/exploits/7716
______________________________________________________________________

09.3.75 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Visuplay CMS Multiple SQL Injection Vulnerabilities
Description: Visuplay CMS is a PHP-based content manager. The
application is exposed to multiple SQL injection issues because it
fails to sufficiently sanitize user-supplied data before using it in
an SQL query. Weight Loss Recipe Book version 3.1 is affected.
Ref: http://www.securityfocus.com/bid/33209
______________________________________________________________________

09.3.76 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! Portfol Component "vcatid" Parameter SQL Injection
Description: Joomla! Portfol component is a module for the Joomla!
content manager. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"vcatid" parameter of the "com_portfol" component. Portfol version 1.2
is affected.
Ref: http://www.securityfocus.com/bid/33218
______________________________________________________________________

09.3.77 CVE: Not Available
Platform: Web Application - SQL Injection
Title: WordPress Plugin WP-Forum "forum_feed.php" SQL Injection
Description: WordPress is a web-based publishing application
implemented in PHP. WP-Forum plugin for WordPress provides forum
functionality. The plugin is exposed to an SQL injection issue because
it fails to sufficiently sanitize user-supplied data to the "thread"
parameter of the "forum_feed.php" script before using it in an SQL
query. WP-Forum version 1.7.8 is affected.
Ref: http://www.securityfocus.com/bid/33223
______________________________________________________________________

09.3.78 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! and Mambo gigCalendar Component SQL Injection
Description: gigCalendar is a PHP-based component for the Joomla! and
Mambo content managers. gigCalendar is exposed to an SQL injection
issue because it fails to sufficiently sanitize user-supplied data to
the "gigcal_gigs_id" parameter of the "com_gigcal" component before
using it in an SQL query. gigCalendar version 1.0 is affected.
Ref: http://www.securityfocus.com/bid/33241
______________________________________________________________________

09.3.79 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! "com_fantasytournament" Component Multiple SQL
Injection Vulnerabilities
Description: The "com_fantasytournament" component is a plugin for the
Joomla! content manager. The component is exposed to multiple SQL
injection issues because it fails to sufficiently sanitize
user-supplied data to the "roundID" and "managerID" parameters before
using it an SQL query.
Ref: http://www.securityfocus.com/bid/33252
______________________________________________________________________

09.3.80 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! "com_camelcitydb2" Component SQL Injection
Description: The "com_camelcitydb2" component is a plugin for the
Joomla! content manager. The component is exposed to an SQL injection
issue because it fails to sufficiently sanitize user-supplied data to
the "id" parameter before using it an SQL query. This affects
com_camelcitydb2 version 2.2.
Ref: http://www.securityfocus.com/bid/33254
______________________________________________________________________

09.3.81 CVE: Not Available
Platform: Web Application - SQL Injection
Title: DMXReady Multiple Products "upload_image_category.asp" SQL
Injection
Description: Multiple products by DMXReady are exposed to an SQL
injection issue because they fail to sufficiently sanitize
user-supplied data to the 'cid' parameter of the
"upload_image_category.asp" script. DMXReady Classified Listings
Manager versions 1.1 and earlier are affected.
Ref: http://www.securityfocus.com/bid/33253
______________________________________________________________________

09.3.82 CVE: Not Available
Platform: Web Application - SQL Injection
Title: DMXReady Members Area Manager "upload_image_security_level.asp"
SQL Injection
Description: DMXReady Members Area Manager an ASP-based application.
The application is exposed to an SQL injection issue because it fails
to sufficiently sanitize user-supplied data to the "cid" parameter of
the "upload_image_security_level.asp" script. DMXReady Members Area
Manager versions 1.2 and earlier are affected.
Ref: http://www.securityfocus.com/bid/33255
______________________________________________________________________

09.3.83 CVE: Not Available
Platform: Web Application
Title: Plunet BusinessManager ACL Security Bypass and HTML Injection
Vulnerabilities
Description: Plunet BusinessManager is a project management tool for
language translation projects. The application is exposed to multiple
issues because it fails to sanitize user-supplied input.
Ref: http://www.securityfocus.com/archive/1/499837
______________________________________________________________________

09.3.84 CVE: Not Available
Platform: Web Application
Title: Drupal Project Release Module Multiple Remote Vulnerabilities
Description: Drupal Project Release module is a component within
Drupal's Project module. The application is exposed to multiple
issues. Drupal Project Release module versions prior to 5.x-1.3 are
vulnerable.
Ref: http://drupal.org/node/355672
______________________________________________________________________

09.3.85 CVE: Not Available
Platform: Web Application
Title: Drupal Project issue tracking Security Bypass and Cross-Site
Scripting Vulnerabilities
Description: Project issue tracking is a module for Drupal used to
track issues for projects. The module is exposed to multiple issues. 
Project issue tracking 5.x versions prior to 5.x-2.3 are affected.
Ref: http://drupal.org/node/355673
______________________________________________________________________

09.3.86 CVE: Not Available
Platform: Web Application
Title: QuoteBook Information Disclosure, SQL Injection and HTML
Injection Vulnerabilities
Description: QuoteBook is a web-based application. The application is
exposed to multiple input validation issues. An attacker may exploit
these issues to compromise the application, access or modify data, or
exploit latent vulnerabilities in the underlying database.
Ref: http://www.securityfocus.com/bid/33166
______________________________________________________________________

09.3.87 CVE: Not Available
Platform: Web Application
Title: CuteNews "add_ip" Parameter PHP Code Injection
Description: CuteNews is a PHP-based content management application.
CuteNews is exposed to an issue that lets attackers inject arbitrary
PHP code. The issue occurs because the application fails to properly
sanitize user-supplied input to the "add_ip" parameter of the
"index.php" script, when called with the "action" parameter set to
"add" and the "mod" parameter set to "ipban". CuteNews version 1.4.6
is affected.
Ref: http://www.securityfocus.com/bid/33167
______________________________________________________________________

09.3.88 CVE: Not Available
Platform: Web Application
Title: Openfire "server-properties.jsp" HTML Injection
Description: Openfire is a freely available instant-messaging server
available for various platforms. Openfire is exposed to an HTML
injection issue because it fails to sufficiently sanitize
user-supplied input. Openfire version 3.6.2 is affected.
Ref: http://www.coresecurity.com/content/openfire-multiple-vulnerabili
ties
______________________________________________________________________

09.3.89 CVE: Not Available
Platform: Web Application
Title: Openfire "muc-room-edit-form.jsp" HTML Injection
Description: Openfire is a freely available instant-messaging server
available for various platforms. Openfire is exposed to an HTML
injection issue because it fails to sufficiently sanitize
user-supplied input. Openfire version 3.6.2 is affected.
Ref:
http://www.coresecurity.com/content/openfire-multiple-vulnerabilities
______________________________________________________________________

09.3.90 CVE: Not Available
Platform: Web Application
Title: XOOPS "mydirname" Parameter  Multiple PHP Code Injection
Vulnerabilities
Description: XOOPS is a PHP-based content manager. The application is
exposed to multilple issues that let attackers inject arbitrary PHP
code. The problem occurs because the application fails to validate
user-supplied input. XOOPS version 2.3.2 is affected.
Ref: http://www.securityfocus.com/bid/33176
______________________________________________________________________

09.3.91 CVE: Not Available
Platform: Web Application
Title: Silentum Uploader Arbitrary File Deletion
Description: Silentum Uploader is a PHP-based file upload application.
Silentum Uploader is exposed to an arbitrary file deletion issue. This
issue is due to improper sensitization of user-supplied data. Silentum
Uploader version 1.4.0 is affected.
Ref: http://www.securityfocus.com/bid/33198
______________________________________________________________________

09.3.92 CVE: Not Available
Platform: Web Application
Title: A Free Text-To-Speech System "TFLivre.php" Remote Command
Execution
Description: A Free Text-To-Speech System is an application. A Free
Text-To-Speech System is exposed to an issue that attackers can
leverage to execute arbitrary commands. This issue occurs because the
application fails to adequately sanitize user-supplied input to the
"voz" parameter of the "TFLivre.php" script. A Free Text-To-Speech
System versions 2.0 and earlier are affected.
Ref: http://www.securityfocus.com/bid/33200
______________________________________________________________________

09.3.93 CVE: CVE-2008-5819
Platform: Web Application
Title: Photobase "header.php" Local File Include
Description: Photobase is a web-based application. The application is
exposed to a local file include issue because it fails to properly
sanitize user-supplied input to the "language" parameter of the
"include/header.php" script. Photobase version 1.2 is affected.
Ref: http://www.securityfocus.com/bid/33205
______________________________________________________________________

09.3.94 CVE: Not Available
Platform: Web Application
Title: Interspire Shopping Cart Cookie Authentication Bypass
Description: Interspire Shopping Cart is a web-based shopping cart
script. The application is exposed to an authentication bypass issue
because it fails to adequately verify user credentials when setting
cookie-based authentication tokens. Interspire Shopping Cart version
4.0.1 is affected.
Ref: http://www.securityfocus.com/archive/1/499967
______________________________________________________________________

09.3.95 CVE: CVE-2008-5517
Platform: Web Application
Title: Git gitweb Unspecified Remote Command Execution
Description: The "gitweb" program is a web-based interface to the Git
revision control system. The software is exposed to  an unspecified
remote command-execution issue. This issue occurs due to insufficient
validation of user input supplied via the "gitweb" interface. Git
version 1.5.2.4 supplied with openSUSE 10.3 is affected.
Ref: http://www.securityfocus.com/bid/33215
______________________________________________________________________

09.3.96 CVE: Not Available
Platform: Web Application
Title: Comersus Cart User Email and User Password Unauthorized Access
Description: Comersus Cart is an ASP-based e-commerce application. The
application is exposed to an issue that can result in unauthorized
access. The issue occurs because the application allows registered
users to modify another user's email address and password through the
"comersus_customerModifyExec.asp" script. Comersus Cart version 6 is
affected.
Ref: http://www.securityfocus.com/archive/1/499962
______________________________________________________________________

09.3.97 CVE: Not Available
Platform: Web Application
Title: Simple Machine Forum Password Reset Security Bypass
Description: Simple Machine Forum is a PHP-based application for
setting up online communities. The application is exposed to a
security bypass isssue related to the password reset feature. This
issue is the result of a failure to restrict access to the "index.php"
script when the parameter "action" is set to "reminder". Simple
Machine Forum versions up to and including 1.1.7 are vulnerable.
Ref: http://www.securityfocus.com/bid/33219
______________________________________________________________________

09.3.98 CVE: Not Available
Platform: Web Application
Title: PWP Wiki Processor "run.php" Arbitrary File Upload
Description: PWP Wiki Processor is a PHP-based wiki application. The
application is exposed to an issue that lets attackers upload
arbitrary files. The issue occurs because the application fails to
adequately sanitize file extensions before uploading files through the
"run.php" script. PWP Wiki Processor version 1-5-1 is affected.
Ref: http://www.securityfocus.com/bid/33225
______________________________________________________________________

09.3.99 CVE: Not Available
Platform: Web Application
Title: REALTOR 747 "include/define.php" Remote File Include
Description: REALTOR 747 is web-based realty application. The
application is exposed to a remote file include issue because it fails
to properly sanitize user-supplied input to the "INC_DIR" parameter of
the "include/define.php" script. REALTOR 747 version 4.11 is affected.
Ref: http://www.securityfocus.com/bid/33227
______________________________________________________________________

09.3.100 CVE: Not Available
Platform: Web Application
Title: RackTables Blank Password Authentication Bypass
Description: RackTables is a PHP-based application. The software is
exposed to an authentication bypass issue. Specifically, the
vulnerability allows attackers to gain access as an existing LDAP user
by supplying a blank password. RackTables versions prior to 0.16.6 are
affected.
Ref: http://racktables.org/trac/browser/tags/RackTables-0.16.6/ChangeLog
______________________________________________________________________

09.3.101 CVE: Not Available
Platform: Web Application
Title: Hspell GUI "cilla.cgi" Remote Command Execution
Description: Hspell GUI is a Hebrew spell checker application
implemented in Perl. Hspell is exposed to an issue that attackers can
leverage to execute arbitrary commands. This issue occurs because the
application fails to adequately sanitize user-supplied input to the
"root" parameter of the "cgi-bin/cilla.cgi" script. Hspell GUI version
1.1 is affected.
Ref: http://www.securityfocus.com/bid/33244
______________________________________________________________________

09.3.102 CVE: Not Available
Platform: Web Application
Title: DMXReady Blog Manager Arbitrary File Deletion
Description: DMXReady Blog Manager is an ASP-based application for
hosting blogs. DMXReady Blog Manager is exposed to an issue that lets
attackers delete arbitrary files in the context of the web server
process. DMXReady Blog Manager versions 1.1 and earlier are affected.
Ref: http://www.securityfocus.com/bid/33251
______________________________________________________________________

09.3.103 CVE: CVE-2008-3819
Platform: Network Device
Title: Cisco Global Site Selector DNS Server Remote Denial of Service
Description: Cisco Global Site Selector is a hardware device which
optionally provides DNS server functionality. Cisco Global Site
Selector is exposed to a remote denial of service issue. Specifically,
the vulnerability occurs when the application handles an unspecified
sequence of DNS requests.
Ref: http://www.cisco.com/en/US/products/hw/contnetw/ps4162/index.html
______________________________________________________________________

09.3.104 CVE: CVE-2009-0043
Platform: Network Device
Title: Multiple CA Service Management Products Unspecified Remote
Command Execution
Description: CA Service Metric Analysis and Service Level Management
are applications for managing service centers. The applications are
exposed to an issue that attackers can leverage to execute arbitrary
commands. This issue is the result of an unspecified access validation
error in the "smmsnmpd" service.
Ref: http://www.securityfocus.com/archive/1/499857
______________________________________________________________________

09.3.105 CVE: Not Available
Platform: Network Device
Title: NetGear WG102 SNMP Write Community String Information
Disclosure
Description: The NetGear WG102 is a wireless access point hardware
device. The device is exposed to a remote information disclosure issue
because it fails to restrict access to sensitive information. The
NetGear WG102 with firmware versions 4.0.16 and 4.0.27 are affected.
Ref: http://www.securityfocus.com/archive/1/499917
______________________________________________________________________

09.3.106 CVE: Not Available
Platform: Network Device
Title: Atheria SV-SIP1042 Administrator Authentication Credentials
Information Disclosure
Description: Atheria SV-SIP1042 is an ADSL/VoIP router. Atheria
SV-SIP1042 is exposed to an information disclosure issue that occurs
when the routers console cable is connected to a computer. Atheria
SV-SIP1042 version 1.4.18 is affected.
Ref: http://www.securityfocus.com/archive/1/499961
______________________________________________________________________

09.3.107 CVE: Not Available
Platform: Network Device
Title: BlackBerry Attachment Service PDF Distiller "bitmaps" Remote
Buffer Overflow
Description: BlackBerry Attachment Service is a component of
BlackBerry Enterprise Server and BlackBerry Unite!. It is used to
process email attachments. BlackBerry Attachment Service is exposed to
a heap-based buffer overflow issue that occurs when the service's PDF
distiller tries to process specially crafted PDF files.
Ref:
http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=
KB17118
______________________________________________________________________

09.3.108 CVE: Not Available
Platform: Network Device
Title: BlackBerry Attachment Service PDF Distiller Uninitialized Heap
Memory Code Execution
Description: BlackBerry Attachment Service is a component of
BlackBerry Enterprise Server and BlackBerry Unite!. It is used to
process email attachments. BlackBerry Attachment Service is exposed to
a remote code execution issue that occurs when the service's PDF
distiller tries to process specially crafted PDF files.
Ref:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=766
______________________________________________________________________
[ terug ]