NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > SANS> 2009

RISK: The Consensus Security Vulnerability Alert Vol. 8 No. 51

From: The SANS Institute (ConsensusSecurityVulnerabilityAlertsans.org)
Date: Fri Dec 18 2009 - 07:25:05 CST

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

******************************************************************
RISK: The Consensus Security Vulnerability Alert
Dec 17th, 2009 Vol. 8. Week 51
******************************************************************

RISK is the SANS community's consensus bulletin summarizing the most
important vulnerabilities and exploits identified during the past week
and providing guidance on appropriate actions to protect your systems
(PART I). It also includes a comprehensive list of all new
vulnerabilities discovered in the past week (PART II).

Summary of Updates and Vulnerabilities in this Consensus
Platform Number of Updates and Vulnerabilities
- ------------------------ -------------------------------------

Third Party Windows Apps 5 (#3)
Linux 3
Cross Platform 41 (#1, #2, #4, #5)
Web Application - Cross Site Scripting 16
Web Application - SQL Injection 8
Web Application 10
Network Device 2

*************************** Sponsored By SANS ***************************

Participation is needed! Be a part of this years 2010 SANS Log
Management Report by completing the survey and have a chance to win a
$250 AMEX Card.
Click here to complete the survey an be automatically registered.
http://www.sans.org/info/52269
*************************************************************************

Table Of Contents
Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)
Widely Deployed Software
(1) CRITICAL: Adobe Reader and Acrobat 'newplayer()' Remote Code Execution Vulnerability
(2) CRITICAL: Multiple Mozilla Products Multiple Vulnerabilities
(3) HIGH: HP OpenView Network Node Manager Multiple Vulnerabilities
(4) HIGH: Symantec Multiple Products Remote Code Execution Vulnerability
(5) MEDIUM: Sun Ray Server Software Multiple Vulnerabilities

*************************************************************************
TRAINING UPDATE
-- SANS Security East 2010, New Orleans, January 10-18, 2010
19 courses, bonus evening presentations: Top 7 Trends in Incident
Response and Computer Forensics, Advanced Forensic Techniques and more
http://www.sans.org/security-east-2010/
-- SANS AppSec 2010, San Francisco, January 29-February 5, 2010
http://www.sans.org/appsec-2010/
-- SANS Phoenix, February 14 -February 20, 2010
http://www.sans.org/phoenix-2010/
-- SANS 2010, Orlando, March 6 - March 15, 2010
38 courses and bonus evening presentations, including Software
Security Street Fighting Style
http://www.sans.org/sans-2010/
-- SANS Northern Virginia Bootcamp 2010, April 6-13
http://www.sans.org/reston-2010/
-- SANS Security West 2010, San Diego, May 7-15, 2010
http://www.sans.org/security-west-2010/
Looking for training in your own community? http://sans.org/community/
Save on On-Demand training (30 full courses) - See samples at
http://www.sans.org/ondemand/spring09.php
Plus Tokyo, Bangalore, Oslo and Dublin all in the next 90 days.
For a list of all upcoming events, on-line and live: www.sans.org
*************************************************************************

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from
Qualys (www.qualys.com)

-- Third Party Windows Apps
09.51.1 - Intellicom "NetBiterConfig.exe" "Hostname" Data Remote Stack Buffer Overflow
09.51.2 - HP OpenView Network Node Manager "OvWebHelp.exe" Remote Heap Buffer Overflow
09.51.3 - HP OpenView Network Node Manager "webappmon.exe" Remote Buffer Overflow
09.51.4 - HP OpenView Network Node Manager "ovwebsnmpsrv.exe" Remote Stack Buffer Overflow
09.51.5 - HP OpenView Network Node Manager "snmpviewer.exe" Remote Code Execution
-- Linux
09.51.6 - Linux Kernel Ext4 "move extents" ioctl Local Privilege Escalation
09.51.7 - GNOME NetworkManager Applet SSL Certificate Validation Security Bypass
09.51.8 - Linux Kernel "drivers/firewire/ohci.c" NULL Pointer Dereference Denial of Service
-- Cross Platform
09.51.9 - NTP mode 7 MODE_PRIVATE Packet Remote Denial of Service
09.51.10 - GNU Coreutils Insecure Temporary File Creation
09.51.11 - HP OpenView Network Node Manager Multiple Remote Code Execution Vulnerabilities
09.51.12 - libsamplerate "src_sinc.c" Buffer Overflow
09.51.13 - Adobe Flash Player and AIR JPEG File Parsing Heap Buffer Overflow
09.51.14 - Adobe Flash Player and AIR "exception_count" Integer Overflow
09.51.15 - Adobe Flash Player and AIR Multiple Unspecified Remote Code Execution Vulnerabilities
09.51.16 - Adobe Flash Player and AIR Data Injection Remote Code Execution
09.51.17 - Adobe Flash Player ActiveX Control Information Disclosure
09.51.18 - Adobe Flash Player and AIR (CVE-2009-3797) Unspecified Memory Corruption
09.51.19 - Adobe Flash Player and AIR (CVE-2009-3798) Unspecified Memory Corruption
09.51.20 - JBoss Enterprise Application Platform Multiple Vulnerabilities
09.51.21 - Ruby "rb_str_justify()" Heap Based Buffer Overflow
09.51.22 - Kiwi Syslog Server Information Disclosure
09.51.23 - Sun Ray Server Authentication Manager Remote Code Execution
09.51.24 - Sun Ray Server Firmware Insecure Key Generation
09.51.25 - SAP Kernel "sapstartsrv" Denial Of Service
09.51.26 - HP OpenView Network Node Manager Unspecified Stack Buffer Overflow
09.51.27 - HP OpenView Network Node Manager "ovlogin.exe" Multiple Remote Code Execution Vulnerabilities
09.51.28 - HP OpenView Network Node Manager "nnmRptConfig.exe" Remote Code Execution
09.51.29 - MySQL Multiple Remote Denial of Service Vulnerabilities
09.51.30 - HP OpenView Network Node Manager "nnmRptConfig.exe" "strcat()" Remote Code Execution
09.51.31 - HP OpenView Network Node Manager "Oid" Parameter Remote Buffer Overflow
09.51.32 - HP OpenView Network Node Manager Perl CGI Executables Remote Code Execution
09.51.33 - Codesighs "sscanf()" Remote Buffer Overflow
09.51.34 - Oracle E-Business Suite Multiple Remote Vulnerabilities
09.51.35 - ZABBIX "NET_TCP_LISTEN()" Security Bypass
09.51.36 - Monkey HTTP Daemon Invalid HTTP "Connection" Header Denial of Service
09.51.37 - ZABBIX "process_trap()" NULL Pointer Dereference Denial of Service
09.51.38 - Docutils "rst.el" Insecure Temporary File Creation
09.51.39 - Sun Ray Server Software Desktop Session Handling Local Security Bypass
09.51.40 - Ruby on Rails "protect_from_forgery" Cross-Site Request Forgery
09.51.41 - Google Chrome DNS Pre Fetching Proxy Cache Information Disclosure
09.51.42 - HP OpenView Network Node Manager "ovsessionmgr.exe" Remote Heap Buffer Overflow
09.51.43 - Adobe Reader and Acrobat (CVE-2009-4324) Remote Code Execution
09.51.44 - IBM DB2 prior to 9.5 Fix Pack 5 Multiple Unspecified Security Vulnerabilities
09.51.45 - PostgreSQL Index Function Session State Modification Local Privilege Escalation
09.51.46 - HP OpenView Network Node Manager Unspecified Remote Code Execution
09.51.47 - HP OpenView Network Node Manager "ovalarm.exe" Remote Buffer Overflow
09.51.48 - Mozilla Firefox and SeaMonkey MFSA 2009-65 through -71 Multiple Vulnerabilities
09.51.49 - Xpdf "FoFiType1::parse" Buffer Overflow
-- Web Application - Cross Site Scripting
09.51.50 - Webmin and Usermin Unspecified Cross-Site Scripting
09.51.51 - Joomla! You!Hostit! Template Cross-Site Scripting
09.51.52 - Invision Power Board ".txt" File MIME-Type Cross-Site Scripting
09.51.53 - Zeeways ZeeJobsite "basic_search_result.php" Cross-Site Scripting
09.51.54 - Invision Power Board Multiple File MIME-Type Cross-Site Scripting
09.51.55 - Ez Cart "sid" Parameter Cross-Site Scripting
09.51.56 - Million Pixel "pa" Parameter Cross-Site Scripting
09.51.57 - Zeeways ZeeLyrics "searchresults_main.php" Cross-Site Scripting
09.51.58 - Arctic Issue Tracker Search Cross-Site Scripting
09.51.59 - phpFaber CMS "module.php" Cross-Site Scripting
09.51.60 - Webmatic Multiple Unspecified SQL Injection and Cross-Site Scripting Vulnerabilities
09.51.61 - ManageEngine Password Manager Pro Cross-Site Scripting
09.51.62 - TYPO3 ListMan Extension Cross-Site Scripting
09.51.63 - APC Switched Rack PDU "login1" Cross-Site Scripting
09.51.64 - WebWorks Help Multiple Cross-Site Scripting Vulnerabilities
09.51.65 - Horde Application Framework Administration Interface Cross-Site Scripting
-- Web Application - SQL Injection
09.51.66 - Joomla! "com_job" Component "id" Parameter SQL Injection
09.51.67 - NetArt Media Real Estate Portal "Username" Field SQL Injection
09.51.68 - TestLink Cross-Site Scripting and SQL Injection Vulnerabilities
09.51.69 - Joomla! "com_jphoto" Component "id" Parameter SQL Injection
09.51.70 - Joomla! JS Jobs Component Multiple SQL Injection Vulnerabilities
09.51.71 - ManageEngine OpManager "overview.do" SQL Injection
09.51.72 - Digital Scribe Multiple SQL Injection Vulnerabilities
09.51.73 - VirtueMart "product_id" Parameter SQL Injection
-- Web Application
09.51.74 - Drupal Randomizer Module HTML Injection
09.51.75 - Joomla! Mamboleto Component "mamboleto.php" Remote File Include
09.51.76 - Zen Cart "extras/curltest.php" Information Disclosure
09.51.77 - ZABBIX Denial of Service and SQL Injection Vulnerabilities
09.51.78 - Piwik "unserialize()" PHP Code Execution
09.51.79 - Open Flash Chart "ofc_upload_image.php" Remote PHP Code Execution
09.51.80 - DigitalHive "base.php" Arbitrary File Upload
09.51.81 - Smart PHP Subscriber Multiple Information Disclosure Vulnerabilities
09.51.82 - phpldapadmin "cmd.php" Local File Include
09.51.83 - TYPO3 Watchdog (aba_watchdog) Unspecified Information Disclosure
-- Network Device
09.51.84 - SEIL/B1 PPP Access Concentrator Authentication Bypass
09.51.85 - IntelliCom NetBiter webSCADA Multiple Default Password Security Bypass Vulnerabilities
______________________________________________________________________

PART I Critical Vulnerabilities
Part I for this issue has been compiled by Rohan Kotian at TippingPoint,
a division of 3Com, as a by-product of that company's continuous effort
to ensure that its intrusion prevention products effectively block
exploits using known vulnerabilities. TippingPoint's analysis is
complemented by input from a council of security managers from twelve
large organizations who confidentially share with SANS the specific
actions they have taken to protect their systems. A detailed description
of the process may be found at
http://www.sans.org/newsletters/cva/#process

*****************************
Widely Deployed Software
*****************************

(1) CRITICAL: Adobe Reader and Acrobat 'newplayer()' Remote Code Execution Vulnerability
Affected:
Adobe Reader 9.2 and earlier
Adobe Acrobat 9.2 and earlier

Description: Adobe Acrobat is a program designed to create, manage and
view Portable Document Format (PDF) and Adobe Reader is designed to only
view and print PDF's. Both Adobe reader and Acrobat have been reported
with a vulnerability, which could be triggered by opening a specially
crafted PDF file. The specific flaw is a use-after-free error in the "
newplayer()" method of the "Doc.media" object. Successful exploitation
might allow an attacker to execute arbitrary code in the context of the
logged on user. This vulnerability is currently exploited in the wild.
Note that the PDF documents are often opened automatically by the
vulnerable application without the consent of the user. Technical
details for this vulnerability are publicly available along with a
public proof-of-concept.

Status: Vendor confirmed, no updates available.

References:
Adobe Security Advisory (APSA09-07)
http://www.adobe.com/support/security/advisories/apsa09-07.html
US-CERT Vulnerability Notes
http://www.kb.cert.org/vuls/id/508357
Vendor Home Page
http://www.adobe.com/
SecurityFocus BID
http://www.securityfocus.com/bid/37331

*************************************************************

(2) CRITICAL: Multiple Mozilla Products Multiple Vulnerabilities
Affected:
Mozilla Firefox versions earlier to 3.5.6
Mozilla Firefox versions earlier to 3.0.16
Mozilla SeaMonkey versions earlier to 2.0.1

Description: Several products from the Mozilla Foundation such as its
popular web browser Firefox, internet suite SeaMonkey, and email client
Thunderbird, have been reported with multiple vulnerabilities. There are
multiple errors in the JavaScript and browser engine which can cause
memory corruption. There are multiple memory corruption errors in
"liboggplay" caused by improper processing of malicious audio and video
data. There is an integer overflow error in the "Theora library" which
can be triggered by a specially crafted video file. Location bar
spoofing vulnerabilities have been reported which can allow an attacker
to place invalid URL in the location bar that looks legitimate to a user
and further facilitate a spoofing attack. A privilege escalation
vulnerability that can be caused via an error in the chrome
window.opener has been reported. There is an NTLM reflection
vulnerability which might allow an attacker to forward credentials from
one application to another random application via a browser. An error
while generating "GeckoActiveXObject()" exception messages has been
reported and this might allow an attacker access to a list of COM
objects installed on the affected system. Details for these
vulnerabilities are available via source code analysis.

Status: Vendor confirmed, updates available.

References:
Mozilla Security Advisories
http://www.mozilla.org/security/announce/2009/mfsa2009-65.html
http://www.mozilla.org/security/announce/2009/mfsa2009-66.html
http://www.mozilla.org/security/announce/2009/mfsa2009-67.html
http://www.mozilla.org/security/announce/2009/mfsa2009-68.html
http://www.mozilla.org/security/announce/2009/mfsa2009-69.html
http://www.mozilla.org/security/announce/2009/mfsa2009-70.html
http://www.mozilla.org/security/announce/2009/mfsa2009-71.html
Vendor Home Page
http://www.mozilla.org
SecurityFocus BID's
http://www.securityfocus.com/bid/37360
http://www.securityfocus.com/bid/37361
http://www.securityfocus.com/bid/37362
http://www.securityfocus.com/bid/37363
http://www.securityfocus.com/bid/37364
http://www.securityfocus.com/bid/37365
http://www.securityfocus.com/bid/37366
http://www.securityfocus.com/bid/37367
http://www.securityfocus.com/bid/37368
http://www.securityfocus.com/bid/37369
http://www.securityfocus.com/bid/37370

*************************************************************

(3) HIGH: HP OpenView Network Node Manager Multiple Vulnerabilities
Affected:
HP OpenView Network Node Manager (OV NNM) 7.x

Description: HP OpenView Network Node Manager (OV NNM) is a suite of
applications that manages enterprise networks and large-scale systems.
Multiple vulnerabilities have been identified in the HP OpenView Network
Node Manager. The following executables "snmp.exe", "nnmRptConfig.exe",
"ovlogin.exe", "ovsessionmgr.exe", "webappmon.exe", "OvWebHelp.exe",
"ovalarm.exe", "snmpviewer.exe", "ovwebsnmpsrv.exe" are prone to buffer
overflow vulnerabilities. They can be exploited by sending an overly
long string to "Oid" parameter, "Template" parameter, "userid" and
"passwd" parameters (ovlogin.exe and ovsessionmgr.exe), "Host" HTTP
header, "Topic" parameter, "Accept-Language" HTTP header, "Host" HTTP
header, and " arg" parameter respectively. Certain Perl CGI executables
in NNM HTTP server does not do proper sanitization of the data passed
to "hostname" HTTP header. Plus there is some unspecified error that
might cause a buffer overflow and it can be exploited via a specially
crafted HTTP request. Successful exploitation of these vulnerabilities
might allow an attacker to execute arbitrary code in the context of the
vulnerable application. Some technical details for some of these
vulnerabilities are publicly available.

Status: Vendors confirmed, updates available.

References:
HP Security Bulletin (HPSBMA02483 SSRT090257)
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01950877
Zero Day Initiative Advisories
http://www.zerodayinitiative.com/advisories/ZDI-09-094
http://www.zerodayinitiative.com/advisories/ZDI-09-095
http://www.zerodayinitiative.com/advisories/ZDI-09-096
http://www.zerodayinitiative.com/advisories/ZDI-09-097
TippingPoint DVLabs Security Advisories
http://dvlabs.tippingpoint.com/advisory/TPTI-09-08
http://dvlabs.tippingpoint.com/advisory/TPTI-09-09
http://dvlabs.tippingpoint.com/advisory/TPTI-09-10
http://dvlabs.tippingpoint.com/advisory/TPTI-09-11
http://dvlabs.tippingpoint.com/advisory/TPTI-09-12
http://dvlabs.tippingpoint.com/advisory/TPTI-09-13
http://dvlabs.tippingpoint.com/advisory/TPTI-09-14
Product Home Page
http://www.openview.hp.com/products/nnm/
SecurityFocus BID's
http://www.securityfocus.com/bid/37298
http://www.securityfocus.com/bid/37294
http://www.securityfocus.com/bid/37295
http://www.securityfocus.com/bid/37296
http://www.securityfocus.com/bid/37299
http://www.securityfocus.com/bid/37300
http://www.securityfocus.com/bid/37330
http://www.securityfocus.com/bid/37340
http://www.securityfocus.com/bid/37341
http://www.securityfocus.com/bid/37343
http://www.securityfocus.com/bid/37345
http://www.securityfocus.com/bid/37347
http://www.securityfocus.com/bid/37348

*************************************************************

(4) HIGH: Symantec Multiple Products Remote Code Execution Vulnerability
Affected:
Symantec Backup Exec Continuous Protection Server (CPS)
Symantec Veritas NetBackup Operations Manager (NOM)
Symantec Veritas Backup Reporter (VBR)
Symantec Veritas Storage Foundation (SF)
Symantec Veritas Storage Foundation for Windows High Availability (SFWHA)
Symantec Veritas Storage Foundation for High Availability (SFHA)
Symantec Veritas Storage Foundation for Oracle (SFO)
Symantec Veritas Storage Foundation for DB2
Symantec Veritas Storage Foundation for Sybase 4.1, 5.0
Symantec Veritas Storage Foundation for Oracle Real Application Cluster (SFRAC)
Symantec Veritas Storage Foundation Manager (SFM)
Symantec Veritas Cluster Server (VCS)
Symantec Veritas Cluster Server One (VCSOne)
Symantec Veritas Application Director (VAD)
Symantec Veritas Cluster Server Management Console (VCSMC)
Symantec Veritas Storage Foundation Cluster File System (SFCFS) 3.5
Symantec Veritas Storage Foundation Cluster File System for Oracle RAC (SFCFS RAC
Symantec Veritas Command Central Storage (CCS) 4.x, 5.0, 5.1
Symantec Veritas Command Central Enterprise Reporter (CC-ER)
Symantec Veritas Command Central Storage Change Manager (CC-SCM)
Symantec Veritas MicroMeasure 5.0

Description: Multiple Symantec Products have been identified with a
vulnerability. The issue is caused by an error in the "VRTSweb.exe" Web
Server component which is shipped with multiple Symantec products. The
error in this component, which listens by default on port 14300, is that
it does not validate the incoming authentication requests made to this
port properly. A specially crafted request might allow an attacker to
bypass security restrictions. Successful exploitation might allow an
attacker to execute arbitrary code with administrative privileges. Some
technical details for this vulnerability are publicly available.

Status: Vendor confirmed, updates available.

References:
Security Advisories Relating to Symantec Products (SYM09-017)
http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20091209_00
Zero Day Initiative Advisory
http://www.zerodayinitiative.com/advisories/ZDI-09-098/
Vendor HomePage
http://www.symantec.com/
SecurityFocus BID
http://www.securityfocus.com/bid/37012/

*************************************************************

(5) MEDIUM: Sun Ray Server Software Multiple Vulnerabilities
Affected:
Sun Ray Server Software 4.1

Description: Sun Ray Server Software is a solution that delivers virtual
Windows, Linux, Solaris operating system to Sun ray thin clients.
Multiple vulnerabilities have been identified in the Sun Ray server. The
first issue is a denial of service condition to Sun ray services caused
by an unspecified error in the Authentication Manager. The second issue
is a flaw in the way encryption keys are generated for Sun Ray firmware.
This might allow an attacker to predict the private key and then decrypt
the traffic (like mouse, keyboard and display) between Sun Ray DTU and
the Sun Ray Server.

Status: Vendor confirmed, updates available.

References:
Sun Security Bulletins
http://sunsolve.sun.com/search/document.do?assetkey=1-66-267548-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-270549-1
Product Home Page
http://www.sun.com/desktop/index.jsp?tab=1
SecurityFocus BID's
http://www.securityfocus.com/bid/37284
http://www.securityfocus.com/bid/37321

*************************************************************

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from
Qualys (www.qualys.com)
Week 51, 2009
This list is compiled by Qualys ( www.qualys.com ) as part of that
company's ongoing effort to ensure its vulnerability management web
service tests for all known vulnerabilities that can be scanned. As of
this week Qualys scans for 7764 unique vulnerabilities. For this special
SANS community listing, Qualys also includes vulnerabilities that cannot
be scanned remotely.
______________________________________________________________________

09.51.1 CVE: Not Available
Platform: Third Party Windows Apps
Title: Intellicom "NetBiterConfig.exe" "Hostname" Data Remote Stack
Buffer Overflow
Description: Intellicom "NetBiterConfig.exe" is an application used to
configure Intellicom NetBiter SCADA devices. It is available for
Microsoft Windows. The application is exposed to a remote stack-based
buffer overflow issue because it fails to perform adequate boundary
checks on user-supplied data. This issue occurs when handling UDP
packets containing excessive data in the "Hostname" field.
Ref: http://www.securityfocus.com/archive/1/508449
______________________________________________________________________

09.51.2 CVE: CVE-2009-4178
Platform: Third Party Windows Apps
Title: HP OpenView Network Node Manager "OvWebHelp.exe" Remote Heap
Buffer Overflow
Description: HP OpenView Network Node Manager (NNM) is a
fault management application for IP networks. NNM is exposed to a
remote heap-based buffer overflow issue in the "OvWebHelp.exe" CGI
process. Specifically, the application fails to perform adequate
boundary checks on a "Topic" POST parameter before copying it into a
1024-byte heap buffer.
Ref: http://www.securityfocus.com/archive/1/508354
______________________________________________________________________

09.51.3 CVE: CVE-2009-4177
Platform: Third Party Windows Apps
Title: HP OpenView Network Node Manager "webappmon.exe" Remote Buffer
Overflow
Description: HP OpenView Network Node Manager (NNM) is a
fault management application for IP networks. NNM is exposed to a
remote stack-based buffer overflow issue in the "webappmon.exe" CGI
process. This issue occurs because the host header from an HTTP
request is copied into a static buffer located in the ".DATA" section
via a "strcat()" function call.
Ref: http://www.securityfocus.com/archive/1/508353
______________________________________________________________________

09.51.4 CVE: CVE-2009-4181
Platform: Third Party Windows Apps
Title: HP OpenView Network Node Manager "ovwebsnmpsrv.exe" Remote
Stack Buffer Overflow
Description: HP OpenView Network Node Manager (NNM) is a
fault management application for IP networks. NNM is exposed to a
stack-based buffer overflow issue because the "ovwebsnmpsrv.exe" CGI
application fails to sufficiently sanitize the "sel" and "arg"
parameters. This issue can be triggered when a request is made for
"jovgraph.exe" through the vulnerable CGI application.
Ref: http://www.securityfocus.com/archive/1/508357
______________________________________________________________________

09.51.5 CVE: CVE-2009-4180
Platform: Third Party Windows Apps
Title: HP OpenView Network Node Manager "snmpviewer.exe" Remote Code
Execution
Description: HP OpenView Network Node Manager (NNM) is a
fault management application for IP networks. NNM is exposed to a
remote stack-based buffer overflow issue because the "snmpviewer.exe"
CGI process fails to sufficiently sanitize the "Host" HTTP header when
it is copied into a fixed-size buffer via a "strcat()" call.
Ref: http://www.securityfocus.com/archive/1/508356
______________________________________________________________________

09.51.6 CVE: CVE-2009-4131
Platform: Linux
Title: Linux Kernel Ext4 "move extents" ioctl Local Privilege
Escalation
Description: Linux kernel is exposed to a local privilege escalation
issue that is caused by a failure to verify access permissions. This
issue affects the Ext4 "move extents" ioctl. Local attackers can
exploit this issue to modify and overwrite arbitrary files.
Ref: http://www.securityfocus.com/bid/37277
______________________________________________________________________

09.51.7 CVE: Not Available
Platform: Linux
Title: GNOME NetworkManager Applet SSL Certificate Validation Security
Bypass
Description: GNOME NetworkManager Applet is a tool for configuring
network connections. The application is exposed to a security bypass
issue because it fails to properly validate SSL
certificates when connecting to certain wireless networks.
Specifically, if a WPA2 Enterprise connection was created and verified
with a CA certificate that was later removed, the application will
connect without a certificate for future attempts. NetworkManager
Applet versions 0.7.2 is affected.
Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560067
______________________________________________________________________

09.51.8 CVE: CVE-2009-4138
Platform: Linux
Title: Linux Kernel "drivers/firewire/ohci.c" NULL Pointer Dereference
Denial of Service
Description: The Linux kernel is exposed to a local denial of service
issue that affects the "ohci_queue_iso_receive_packet_per_buffer()"
function in the "drivers/firewire/ohci.c" source file. A local
attacker able to open "/dev/fw*" files can trigger this issue.
Ref: http://permalink.gmane.org/gmane.comp.security.oss.general/2426
______________________________________________________________________

09.51.9 CVE: CVE-2009-3563
Platform: Cross Platform
Title: NTP mode 7 MODE_PRIVATE Packet Remote Denial of Service
Description: NTP (Network Time Protocol) is a package of network tools
and daemons, including "ntpd", used by client computers to synchronize
date and time with a reference server. NTP's daemon component ("ntpd")
is exposed to a remote denial of service issue because it fails to
properly handle certain incoming network packets. Specifically, mode 7
packets (MODE_PRIVATE) with spoofed source IP address and port data,
can trigger a packet reply loop between two ntpd servers.
Ref: http://www.kb.cert.org/vuls/id/568372
______________________________________________________________________

09.51.10 CVE: CVE-2009-4135
Platform: Cross Platform
Title: GNU Coreutils Insecure Temporary File Creation
Description: GNU Coreutils are file, shell and text manipulation
utilities. The application uses temporary files in an insecure manner.
An attacker with local access could obtain sensitive information or
perform symbolic link attacks to overwrite arbitrary files in the
context of the affected application. GNU Coreutils versions 5.2.1
through 8.1 are affected.
Ref: http://permalink.gmane.org/gmane.comp.security.oss.general/2405
______________________________________________________________________

09.51.11 CVE: CVE-2009-0898, CVE-2009-3845, CVE-2009-3846,
CVE-2009-3849, CVE-2009-3848, CVE-2009-4176, CVE-2009-4177,
CVE-2009-4178, CVE-2009-4179, CVE-2009-4180, CVE-2009-4181,
CVE-2009-3847
Platform: Cross Platform
Title: HP OpenView Network Node Manager Multiple Remote Code Execution
Vulnerabilities
Description: HP OpenView Network Node Manager (NNM) is a
fault management application for IP networks. NNM is exposed to
multiple remote command execution issues. An attacker can exploit
these issues to execute arbitrary code with SYSTEM level privileges.
Successful exploits will completely compromise affected computers.
Failed exploit attempts will result in a denial of service.
Ref: http://dvlabs.tippingpoint.com/advisory/TPTI-09-08
______________________________________________________________________

09.51.12 CVE: Not Available
Platform: Cross Platform
Title: libsamplerate "src_sinc.c" Buffer Overflow
Description: The "libsamplerate" program (aka Secret Rabbit Code) is a
sample rate converter library. The library is exposed to a buffer
overflow that occurs when handling low conversion ratios. This issue
affects the "src_sinc.c" source file.
Ref: https://qa.mandriva.com/show_bug.cgi?id=47888
______________________________________________________________________

09.51.13 CVE: CVE-2009-3794
Platform: Cross Platform
Title: Adobe Flash Player and AIR JPEG File Parsing Heap Buffer
Overflow
Description: Adobe Flash Player is a multimedia application for
Microsoft Windows, Mozilla, and Apple technologies. Adobe AIR is a
cross-platform runtime for developing internet applications on the
desktop. Flash Player and AIR are exposed to a heap-based buffer
overflow issue that occurs because the applications fail to properly
validate the frame size included in a JPEG file. Flash Player
10.0.32.18 and AIR 1.5.2 are affected.
Ref: http://www.adobe.com/support/security/bulletins/apsb09-19.html
______________________________________________________________________

09.51.14 CVE: CVE-2009-3799
Platform: Cross Platform
Title: Adobe Flash Player and AIR "exception_count" Integer Overflow
Description: Adobe Flash Player is a multimedia application for
Microsoft Windows, Mozilla, and Apple technologies. Adobe AIR is a
cross-platform runtime for developing internet applications on the
desktop. Flash Player and AIR are exposed to an integer overflow
issue. Specifically, the issue affects the "exception_count" parameter
of the "Verifier::parseExceptionHandlers()" function. Adobe Flash
Player versions 10.0.32.18 and Adobe AIR 1.5.2 and earlier are
affected.
Ref: http://www.zerodayinitiative.com/advisories/ZDI-09-093/
______________________________________________________________________

09.51.15 CVE: CVE-2009-3800
Platform: Cross Platform
Title: Adobe Flash Player and AIR Multiple Unspecified Remote Code
Execution Vulnerabilities
Description: Adobe Flash Player is a multimedia application for
Microsoft Windows, Mozilla, and Apple technologies. Adobe AIR is a
cross-platform runtime for developing internet applications on the
desktop. The applications are exposed to multiple unspecified remote
code execution issues. Adobe Flash Player versions 10.0.32.18 and
Adobe AIR 1.5.2 and earlier are affected.
Ref: http://www.adobe.com/support/security/bulletins/apsb09-19.html
______________________________________________________________________

09.51.16 CVE: CVE-2009-3796
Platform: Cross Platform
Title: Adobe Flash Player and AIR Data Injection Remote Code Execution
Description: Adobe Flash Player is a multimedia application for
Microsoft Windows, Mozilla, and Apple technologies. Adobe AIR is a
cross-platform runtime for developing internet applications on the
desktop. Flash Player and AIR are exposed to a remote code execution
issue due to a data injection issue. Flash Player version 10.0.32.18
and AIR version 1.5.2 is affected.
Ref: http://www.adobe.com/support/security/bulletins/apsb09-19.html
______________________________________________________________________

09.51.17 CVE: CVE-2009-3951
Platform: Cross Platform
Title: Adobe Flash Player ActiveX Control Information Disclosure
Description: Adobe Flash Player is a multimedia application for
Microsoft Windows, Mozilla, and Apple technologies. Adobe Flash Player
ActiveX control is exposed to an information disclosure issue that
occurs on Microsoft Windows systems only, and can result in the
disclosure of a local file name.
Ref: http://www.adobe.com/support/security/bulletins/apsb09-19.html
______________________________________________________________________

09.51.18 CVE: CVE-2009-3797
Platform: Cross Platform
Title: Adobe Flash Player and AIR (CVE-2009-3797) Unspecified Memory
Corruption
Description: Adobe Flash Player is a multimedia application for
Microsoft Windows, Mozilla, and Apple technologies. Flash Player and
AIR are exposed to an unspecified memory corruption issue. Attackers
can exploit this issue to execute arbitrary code in the context of the
application. Adobe Flash Player 10.0.32.18 and Adobe AIR 1.5.2 and
earlier are affected.
Ref: http://www.adobe.com/support/security/bulletins/apsb09-19.html
______________________________________________________________________

09.51.19 CVE: CVE-2009-3798
Platform: Cross Platform
Title: Adobe Flash Player and AIR (CVE-2009-3798) Unspecified Memory
Corruption
Description: Adobe Flash Player is a multimedia application for
Microsoft Windows, Mozilla, and Apple technologies. Adobe AIR is a
cross-platform runtime for developing internet applications on the
desktop. Flash Player and AIR are exposed to an unspecified memory
corruption issue. Adobe Flash Player versions 10.0.32.18 and Adobe AIR
1.5.2 and earlier are affected.
Ref: http://www.adobe.com/support/security/bulletins/apsb09-19.html
______________________________________________________________________

09.51.20 CVE: CVE-2009-1380, CVE-2009-2405, CVE-2009-3554
Platform: Cross Platform
Title: JBoss Enterprise Application Platform Multiple Vulnerabilities
Description: JBoss Enterprise Application Platform is a tool for
developing Web 2.0 applications on a pure Java platform. JBoss
Enterprise Application Platform is exposed to multiple issues.
Attackers can exploit these issues to gain access to sensitive
information, or to execute arbitrary script code in the browser of an
unsuspecting user in the context of the affected site.
Ref: http://www.securityfocus.com/bid/37276
______________________________________________________________________

09.51.21 CVE: CVE-2009-4124
Platform: Cross Platform
Title: Ruby "rb_str_justify()" Heap Based Buffer Overflow
Description: Ruby is exposed to a buffer overflow issue because it
fails to properly sanitize user-supplied data. Specifically the issue
affects the "rb_str_justify()" function in the "string.c" file and can
be exploited through "String#ljust", "String#center" and
"String#rjust" to cause a heap-based buffer overflow. Ruby versions
1.9.1 prior to 1.9.1-p376 are affected.
Ref: http://www.ruby-lang.org/en/news/2009/12/07/heap-overflow-in-string/
______________________________________________________________________

09.51.22 CVE: Not Available
Platform: Cross Platform
Title: Kiwi Syslog Server Information Disclosure
Description: Kiwi Syslog Server is an application for managing syslog
messages from network devices. The application is exposed to multiple
security issues. An attacker can exploit these vulnerabilities to
obtain information that may aid in further attacks. Kiwi Syslog Server
version 9.0.3 is affected.
Ref: http://www.securityfocus.com/bid/37282
______________________________________________________________________

09.51.23 CVE: Not Available
Platform: Cross Platform
Title: Sun Ray Server Authentication Manager Remote Code Execution
Description: Sun Ray Server is a proxy server developed by Sun
Microsystems. The software is exposed to a remote code execution issue
that the Authentication Manager.
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-267548-1
______________________________________________________________________

09.51.24 CVE: Not Available
Platform: Cross Platform
Title: Sun Ray Server Firmware Insecure Key Generation
Description: Sun Ray Server is a proxy server developed by Sun
Microsystems. Sun Ray Server is exposed to a security isse that may
allow insecure firmware keys to be generated.
Sun Ray Server versions 4.0 and 4.1 are affected.
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-270549-1
______________________________________________________________________

09.51.25 CVE: Not Available
Platform: Cross Platform
Title: SAP Kernel "sapstartsrv" Denial Of Service
Description: The "sapstartsrv" service provides a Web SAP Management
Console interface for remote administrator interface. SAP Kernel is
exposed to a remote denial of service issue. This issue occurs when
the "sapstartsrv" service fails to handle specially
crafted requests. SAP Kernel versions 6.40, 7.00, 7.01, 7.10, 7.11 and
7.20 are affected.
Ref: http://www.securityfocus.com/bid/37286
______________________________________________________________________

09.51.26 CVE: CVE-2009-0898
Platform: Cross Platform
Title: HP OpenView Network Node Manager Unspecified Stack Buffer
Overflow
Description: HP OpenView Network Node Manager (NNM) is a
fault management application for IP networks. The application is
exposed to a stack-based buffer overflow issue caused by an
unspecified error. NNM versions 7.01, 7.51, and 7.53 are affected.
Ref: http://www.iss.net/threats/357.html
______________________________________________________________________

09.51.27 CVE: CVE-2009-3846
Platform: Cross Platform
Title: HP OpenView Network Node Manager "ovlogin.exe" Multiple Remote
Code Execution Vulnerabilities
Description: HP OpenView Network Node Manager (NNM) is a
fault management application for IP networks. NNM is exposed to
multiple remote heap-based buffer overflow issues because the
"ovlogin.exe" CGI process fails to sufficiently sanitize the "userid"
and "passwd" parameters.
Ref: http://dvlabs.tippingpoint.com/advisory/TPTI-09-08
______________________________________________________________________

09.51.28 CVE: CVE-2009-3848
Platform: Cross Platform
Title: HP OpenView Network Node Manager "nnmRptConfig.exe" Remote Code
Execution
Description: HP OpenView Network Node Manager (NNM) is a
fault management application for IP networks. NNM is exposed to a
remote stack-based buffer overflow issue because the
"nnmRptConfig.exe" CGI process fails to sufficiently sanitize the
"Template" parameter when it is copied into a fixed size buffer via a
"vsprintf()" call.
Ref: http://www.securityfocus.com/archive/1/508346
______________________________________________________________________

09.51.29 CVE: CVE-2009-4019
Platform: Cross Platform
Title: MySQL Multiple Remote Denial of Service Vulnerabilities
Description: MySQL is an open source SQL database available for
multiple operating systems. MySQL is exposed to multiple remote denial
of service issues. An attacker can exploit these issues to crash the
application, denying access to legitimate users. MySQL versions prior
to 5.0.88 and 5.1.41 are affected.
Ref: http://bugs.mysql.com/bug.php?id=48291
______________________________________________________________________

09.51.30 CVE: CVE-2009-3849
Platform: Cross Platform
Title: HP OpenView Network Node Manager "nnmRptConfig.exe" "strcat()"
Remote Code Execution
Description: HP OpenView Network Node Manager (NNM) is a
fault management application for IP networks. NNM is exposed to a
remote stack-based buffer overflow issue because the
"nnmRptConfig.exe" CGI process fails to sufficiently sanitize the
"Template" parameter when it is copied into a fixed size buffer via a
"strcat()" call.
Ref: http://www.securityfocus.com/archive/1/508348
______________________________________________________________________

09.51.31 CVE: CVE-2009-3849
Platform: Cross Platform
Title: HP OpenView Network Node Manager "Oid" Parameter Remote Buffer
Overflow
Description: HP OpenView Network Node Manager (NNM) is a
fault management application for IP networks. NNM is exposed to a
remote stack-based buffer overflow issue that occurs because the "snmp.exe"
CGI process fails to sufficiently sanitize the "Oid" parameter.
Ref: http://www.securityfocus.com/archive/1/508349
______________________________________________________________________

09.51.32 CVE: CVE-2009-3845
Platform: Cross Platform
Title: HP OpenView Network Node Manager Perl CGI Executables Remote
Code Execution
Description: HP OpenView Network Node Manager (NNM) is a
fault management application for IP networks. The application is
exposed to a remote code execution issue that occurs in several Perl
CGI executables distributed with NNM. Specifically these scripts fail
to sanitize the hostname HTTP variable when requests are made to the
applications HTTP server which listens on TCP port 3443 by default.
NNM versions 7.01, 7.51, and 7.53 are affected.
Ref: http://www.securityfocus.com/archive/1/503024
______________________________________________________________________

09.51.33 CVE: Not Available
Platform: Cross Platform
Title: Codesighs "sscanf()" Remote Buffer Overflow
Description: Codesighs is a Firefox plugin that helps users determine
the code and data size of shared libraries and executables. Codesighs
is exposed to a remote buffer overflow issue because the application
fails to perform adequate boundary checks on user-supplied data. This
issue occurs because the application fails to pass a width specifier
to a "sscanf()" function call triggering a buffer overflow in five
different locations of the affected code.
Ref: https://bugzilla.mozilla.org/show_bug.cgi?id=533647
______________________________________________________________________

09.51.34 CVE: Not Available
Platform: Cross Platform
Title: Oracle E-Business Suite Multiple Remote Vulnerabilities
Description: Oracle E-Business Suite is exposed to multiple issues.
Attackers could exploit these issues to steal cookie-based
authentication credentials, perform unauthorized actions, or bypass
certain security restrictions. Other attacks are also possible. Oracle
E-Business Suite versions 10 and 11 are affected.
Ref: http://www.securityfocus.com/archive/1/508432
______________________________________________________________________

09.51.35 CVE: Not Available
Platform: Cross Platform
Title: ZABBIX "NET_TCP_LISTEN()" Security Bypass
Description: ZABBIX is a network monitoring tool available for UNIX,
Linux, and other UNIX like operating systems. The application is
exposed to a security bypass issue that occurs in the
"NET_TCP_LISTEN()" function of the
"libs/zbxsysinfo/(freebsd|solaris)/net.c" source file. Specifically
the "NET.TCP.LISTEN" function allows users to define their own variables
and execute arbitrary commands. ZABBIX versions prior to 1.6.7 are
affected.
Ref: http://www.securityfocus.com/archive/1/508439
______________________________________________________________________

09.51.36 CVE: Not Available
Platform: Cross Platform
Title: Monkey HTTP Daemon Invalid HTTP "Connection" Header Denial of
Service
Description: Monkey HTTP Daemon is an HTTP server for the Linux
platform. Monkey HTTP Daemon is exposed to a denial of service issue
when handling specially crafted GET requests containing an invalid
"Connection" header. Specifically, processing malformed HTTP requests
can result in an integer overflow error, which in turn results in the
application crashing. This issue is the result of an error in the
"Request_Find_Variable()" function in the "request.c" source code
file. Monkey HTTP Daemon versions prior to 0.9.3 are affected.
Ref: http://www.securityfocus.com/archive/1/508442
______________________________________________________________________

09.51.37 CVE: Not Available
Platform: Cross Platform
Title: ZABBIX "process_trap()" NULL Pointer Dereference Denial of
Service
Description: ZABBIX is an IT monitoring system available for multiple
operating platforms. ZABBIX is exposed to a denial of service issue
because of a NULL pointer dereference. This issue affects
"process_trap()" of the "zabbix_server/trapper/trapper.c" source file.
Specifically when the application invokes the "strtok()" on the "s"
string a NULL pointer dereference can occur. ZABBIX versions prior to
1.6.6 are affected.
Ref: http://www.securityfocus.com/bid/37308
______________________________________________________________________

09.51.38 CVE: Not Available
Platform: Cross Platform
Title: Docutils "rst.el" Insecure Temporary File Creation
Description: Docutils is a package of utilities for working with
document files. The software creates temporary files in an insecure
manner. An attacker with local access could obtain sensitive
information or perform symbolic link attacks to overwrite arbitrary
files in the context of the affected application. Specifically, this
issue affects the emacs mode "reStructuredText" "rst.el" file.
Docutils versions 0.5 and 0.6 are affected.
Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560755
______________________________________________________________________

09.51.39 CVE: Not Available
Platform: Cross Platform
Title: Sun Ray Server Software Desktop Session Handling Local Security
Bypass
Description: Sun Ray Server is a proxy server developed by Sun
Microsystems. The software is exposed to a security bypass issue due
to a failure to properly log out local users. This issue occurs when
"Automatic Multi-Group Hotdesking" is enabled and either "Non
Smartcard Mobility" is not configured or smartcards are used to
access sessions. Sun Ray Server Software version 4.1 running on
Solaris is affected.
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-268228-1
______________________________________________________________________

09.51.40 CVE: Not Available
Platform: Cross Platform
Title: Ruby on Rails "protect_from_forgery" Cross-Site Request Forgery
Description: Ruby On Rails is a framework for developing web
applications; it is available for multiple platforms. The application
is exposed to a cross-site request forgery issue. Specifically, this
issue occurs due to an error in the "protect_from_forgery" function.
Ref: http://www.securityfocus.com/bid/37322
______________________________________________________________________

09.51.41 CVE: Not Available
Platform: Cross Platform
Title: Google Chrome DNS Pre Fetching Proxy Cache Information
Disclosure
Description: Google Chrome is a web browser. Chrome is exposed to a
remote information disclosure issue. Specifically, the issue occurs
when using a proxy server. DNS query data is sent to the local DNS
cache instead of the proxy server. This issue may occur regardless of
whether DNS prefetching is enabled or may be irrelevant only if using
a SOCKS proxy. Chrome version 3.0.195.33 is affected.
Ref:
http://archives.neohapsis.com/archives/fulldisclosure/2009-12/0324.html
______________________________________________________________________

09.51.42 CVE: CVE-2009-4176
Platform: Cross Platform
Title: HP OpenView Network Node Manager "ovsessionmgr.exe" Remote Heap
Buffer Overflow
Description: HP OpenView Network Node Manager (NNM) is a
fault management application for IP networks. NNM is exposed to a
remote heap-based buffer overflow issue that occurs because the
application fails to perform adequate boundary checks on user-supplied
data. Specifically the application fails to check the length of the
"userid" and "passwd" parameters before copying it to a static 256
byte buffer via a "sprintf()" function call.
Ref: http://www.securityfocus.com/archive/1/508352
______________________________________________________________________

09.51.43 CVE: CVE-2009-4324
Platform: Cross Platform
Title: Adobe Reader and Acrobat (CVE-2009-4324) Remote Code Execution
Description: Adobe Reader and Acrobat are applications for handling
PDF files. The software is exposed to a remote code execution issue
when handling specially crafted PDF files. Adobe Reader and Acrobat
versions 9.2 and earlier are affected.
Ref: http://www.kb.cert.org/vuls/id/508357
______________________________________________________________________

09.51.44 CVE: Not Available
Platform: Cross Platform
Title: IBM DB2 prior to 9.5 Fix Pack 5 Multiple Unspecified Security
Vulnerabilities
Description: IBM DB2 is a database manager. The application is exposed
to multiple issues.The impact of these issues is currently unknown.
IBM DB2 versions 9.5 prior to FP5 are affected.
Ref: http://www-01.ibm.com/support/docview.wss?uid=swg21412902
______________________________________________________________________

09.51.45 CVE: CVE-2009-4136
Platform: Cross Platform
Title: PostgreSQL Index Function Session State Modification Local
Privilege Escalation
Description: PostgreSQL is an open source database for Windows, Unix,
and Linux. PostgreSQL is exposed to a local privilege escalation issue
that arises when session state is modified in an index function.
Exploiting this issue allows local attackers to gain elevated
privileges. PostgreSQL versions prior to 8.4.2, 8.3.9, 8.2.15, 8.1.19,
8.0.23, and 7.4.27 are affected.
Ref: http://www.postgresql.org/about/news.1170
______________________________________________________________________

09.51.46 CVE: CVE-2009-3847
Platform: Cross Platform
Title: HP OpenView Network Node Manager Unspecified Remote Code
Execution
Description: HP OpenView Network Node Manager (NNM) is a
fault-management application for IP networks. NNM is exposed to a
remote code execution issue. An attacker can exploit this issue to
execute arbitrary code with SYSTEM-level privileges. Successful
exploits will completely compromise affected computers.
Ref:
https://h10078.www1.hp.com/cda/hpms/display/main/hpms_content.jsp?zn=bto&cp=1-11-15-119^1155_4000_100
______________________________________________________________________

09.51.47 CVE: CVE-2009-4179
Platform: Cross Platform
Title: HP OpenView Network Node Manager "ovalarm.exe" Remote Buffer
Overflow
Description: HP OpenView Network Node Manager (NNM) is a
fault management application for IP networks. NNM is exposed to a
remote stack-based buffer overflow issue in the "ovalarm.exe" CGI
process. This issue occurs because the "Accept-Language" HTTP header
is copied into a fixed length stack buffer, when the "OVABverbose"
POST variable is set.
Ref: http://www.securityfocus.com/archive/1/508355
______________________________________________________________________

09.51.48 CVE: CVE-2009-3987, CVE-2009-3986, CVE-2009-3984,
CVE-2009-3985, CVE-2009-3983, CVE-2009-3389, CVE-2009-3388,
CVE-2009-3979, CVE-2009-3980, CVE-2009-3981, CVE-2009-3982
Platform: Cross Platform
Title: Mozilla Firefox and SeaMonkey MFSA 2009-65 through -71 Multiple
Vulnerabilities
Description: The Mozilla Foundation has released multiple advisories
to address vulnerabilities in Firefox and SeaMonkey. These issues
affect Firefox versions prior to 3.5.6 for the 3.5.x branch and
Firefox versions prior to 3.0.16 for the 3.0.x branch. Versions of
SeaMonkey prior to 2.0.1 are also affected.
Ref: http://www.mozilla.org/security/announce/2009/mfsa2009-65.html
______________________________________________________________________

09.51.49 CVE: CVE-2009-4035
Platform: Cross Platform
Title: Xpdf "FoFiType1::parse" Buffer Overflow
Description: Xpdf is a PDF rendering library. Xpdf is exposed to a
buffer overflow issue because if fails to properly sanitize user
supplied input. The issue affects the "FoFiType1::parse()" function in
the "FoFiType1.cc" file.
Ref: https://bugzilla.redhat.com/show_bug.cgi?id=541614
______________________________________________________________________

09.51.50 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Webmin and Usermin Unspecified Cross-Site Scripting
Description: Webmin is a web-based application for system
administration of UNIX-based computers. Usermin is a web-based
application for administering user-configurable applications. The
applications are exposed to an unspecified cross-site scripting issue
because they fail to sanitize user-supplied input. Webmin versions
prior to 1.500 and Usermin versions 1.430 are affected.
Ref: http://www.securityfocus.com/bid/37259
______________________________________________________________________

09.51.51 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Joomla! You!Hostit! Template Cross-Site Scripting
Description: You!Hostit! template is a component for the Joomla!
content manager. The component is exposed to a cross-site scripting
issue because it fails to properly sanitize user-supplied input to the
"created_by_alias" parameter of the "index.php" script. You!Hostit!
template version 1.0.1 is affected.
Ref: http://www.securityfocus.com/bid/37260
______________________________________________________________________

09.51.52 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Invision Power Board ".txt" File MIME-Type Cross-Site
Scripting
Description: Invision Power Board is a PHP-based bulletin board. The
application is exposed to a cross-site scripting issue because it
fails to sufficiently sanitize user-supplied input. The issue occurs
when handling a ".txt" file attachment. Specifically in Invision Power
Board 2.x the application fails to validate the MIME-type of the file
allowing the application to bypass the filtering mechanism used by the
application. Invision Power Board version 2.0 to 3.0.4 are affected.
Ref:
http://community.invisionpower.com/topic/300051-invision-power-board-305-released/
______________________________________________________________________

09.51.53 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Zeeways ZeeJobsite "basic_search_result.php" Cross-Site
Scripting
Description: ZeeJobsite is a web-based application. ZeeJobsite is
exposed to a cross-site scripting issue because it fails to sanitize
user-supplied input to the "title" parameter of the
"basic_search_result.php" script. ZeeJobsite version 3x is affected.
Ref: http://www.securityfocus.com/bid/37290
______________________________________________________________________

09.51.54 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Invision Power Board Multiple File MIME-Type Cross-Site
Scripting
Description: Invision Power Board is a PHP-based bulletin board. The
application is exposed to a cross-site scripting issue because it
fails to sufficiently sanitize user-supplied input. The issue occurs
when handling a ".php", ".rtf", or ".xml" file attachment.
Specifically, Invision Power Board fails to validate the MIME type of
the file, allowing the application to bypass the filtering mechanism
used by the application. Invision Power Board versions 1.3 and 2.2.2
are affected.
Ref: http://www.securityfocus.com/archive/1/508440
______________________________________________________________________

09.51.55 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Ez Cart "sid" Parameter Cross-Site Scripting
Description: Ez Cart is a shopping cart application. The application
is exposed to a cross-site scripting issue because it fails to
sufficiently sanitize user-supplied data to the "sid" parameter when
the "action" parameter is set to "showcat".
Ref: http://www.securityfocus.com/bid/37311
______________________________________________________________________

09.51.56 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Million Pixel "pa" Parameter Cross-Site Scripting
Description: Million Pixel is a web-based application for selling
pixels to advertisers. Million Pixel is exposed to a cross-site
scripting issue because it fails to sanitize user-supplied input to
the "pa" parameter of the "index.php" script. Million Pixel Script
versions 3, 3 Pro and 3 Pro Lotto are affected.
Ref: http://www.securityfocus.com/bid/37315
______________________________________________________________________

09.51.57 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Zeeways ZeeLyrics "searchresults_main.php" Cross-Site Scripting
Description: ZeeLyrics is a web-based application. ZeeLyrics is
exposed to a cross-site scripting issue because it fails to sanitize
user-supplied input to the "keyword" parameter of the
"searchresults_main.php" script.
Ref: http://www.securityfocus.com/bid/37319
______________________________________________________________________

09.51.58 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Arctic Issue Tracker Search Cross-Site Scripting
Description: Arctic Issue Tracker is a web-based application for
tracking tasks. Arctic Issue Tracker is exposed to a cross-site
scripting issue because it fails to sanitize user-supplied input when
performing a search. An attacker may leverage this issue to execute
arbitrary script code in the browser of an unsuspecting user in the
context of the affected site.
Ref: http://www.securityfocus.com/bid/37323
______________________________________________________________________

09.51.59 CVE: CVE-2009-4176
Platform: Web Application - Cross Site Scripting
Title: phpFaber CMS "module.php" Cross-Site Scripting
Description: phpFaber CMS is a content manager. phpFaber CMS is
exposed to a cross-site scripting issue because it fails to sanitize
user-supplied input to the "mod" parameter of the "module.php" script.
Ref: http://www.securityfocus.com/bid/37329/references
______________________________________________________________________

09.51.60 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Webmatic Multiple Unspecified SQL Injection and Cross-Site
Scripting Vulnerabilities
Description: Webmatic is an application that allows users to develop
web sites. The application is exposed to multiple unspecified
cross-site scripting and SQL injection issues because it fails to
sufficiently sanitize user-supplied data. Webmatic versions prior to
3.0.3 are affected.
Ref: http://www.valarsoft.com/index.php?stage=0&section=5&newsID=165&action=6
______________________________________________________________________

09.51.61 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: ManageEngine Password Manager Pro Cross-Site Scripting
Description: ManageEngine Password Manager Pro is a web-based
centralized password management and storage application. The
application is exposed to a cross-site scripting issue because it
fails to sufficiently sanitize user-supplied input. The issue occurs
when handling the "searchtext" parameter. Password Manager Pro version
6.1 is affected.
Ref: http://forums.manageengine.com/#Topic/49000003740390
______________________________________________________________________

09.51.62 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: TYPO3 ListMan Extension Cross-Site Scripting
Description: ListMan is an extension for the TYPO3 content manager.
The extension is exposed to an unspecified cross-site scripting issue
because it fails to properly sanitize user-supplied input. ListMan
versions prior to 1.2.2 are affected.
Ref:
http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/
______________________________________________________________________

09.51.63 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: APC Switched Rack PDU "login1" Cross-Site Scripting
Description: APC Switched Rack Power Distribution Units (PDU) is a
power control rack. The device's web interface is prone to a
cross-site scripting issue because it fails to sanitize user-supplied
input to the "login_username" parameter of the "login1" script. APC
Switched Rack PDU AP7932 is affected.
Ref: http://www.securityfocus.com/bid/37338
______________________________________________________________________

09.51.64 CVE: CVE-2009-3731
Platform: Web Application - Cross Site Scripting
Title: WebWorks Help Multiple Cross-Site Scripting Vulnerabilities
Description: Webworks Help in an output format that allows online help
to be delivered to users on multiple platforms and browsers. Webworks
Help is exposed to multiple cross-site scripting issues because the
application fails to sufficiently sanitize user-supplied input.
Ref: http://www.securityfocus.com/archive/1/508484
______________________________________________________________________

09.51.65 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Horde Application Framework Administration Interface Cross-Site
Scripting
Description: Horde Application Framework is a PHP-based application
framework used with other Horde Project products. Horde Application
Framework is exposed to a cross-site scripting issue because it fails
to sufficiently sanitize user-supplied input. Specifically, this issue
affects the administration interface. Horde Framework versions prior
to 3.3.6 are affected.
Ref: http://marc.info/?l=horde-announce&m=126090147727568&w=2
______________________________________________________________________

09.51.66 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! "com_job" Component "id" Parameter SQL Injection
Description: "com_job" is a PHP-based component for the Joomla!
content manager. The component is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"id" parameter before using it an SQL query.
Ref: http://www.securityfocus.com/bid/37254
______________________________________________________________________

09.51.67 CVE: Not Available
Platform: Web Application - SQL Injection
Title: NetArt Media Real Estate Portal "Username" Field SQL Injection
Description: Real Estate Portal is a web-based application implemented
in PHP. It is used to publish real-estate listings. The application is
exposed to an SQL injection issue because it fails to properly
sanitize user-supplied input to "Username" field when logging into the
affected application.
Ref: http://www.securityfocus.com/bid/37265
______________________________________________________________________

09.51.68 CVE: CVE-2009-4237, CVE-2009-4238
Platform: Web Application - SQL Injection
Title: TestLink Cross-Site Scripting and SQL Injection Vulnerabilities
Description: TestLink is a PHP-based testing suite. The application is
exposed to multiple input validation issues.
TestLink versions prior to 1.8.5 are affected.
Ref:
http://www.coresecurity.com/content/testlink-multiple-injection-vulnerabilities
______________________________________________________________________

09.51.69 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! "com_jphoto" Component "id" Parameter SQL Injection
Description: "com_jphoto" is a PHP-based component for the Joomla!
content manager. The component is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"id" parameter of the "com_jphoto" component before using it an SQL
query.
Ref: http://www.securityfocus.com/bid/37279
______________________________________________________________________

09.51.70 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! JS Jobs Component Multiple SQL Injection
Vulnerabilities
Description: The JS Jobs component is a PHP-based application for the
Joomla! content manager. The application is exposed to multiple SQL
injection issues because it fails to sufficiently sanitize
user-supplied data to the "oi" and "md" parameters of the "com_jsjobs"
component before using it in an SQL query. JS Jobs version 1.0.5.6 is
affected.
Ref: http://www.securityfocus.com/bid/37281
______________________________________________________________________

09.51.71 CVE: Not Available
Platform: Web Application - SQL Injection
Title: ManageEngine OpManager "overview.do" SQL Injection
Description: ManageEngine OpManager is an application for monitoring and
managing networks. The application is exposed to an SQL injection issue
because it fails to properly sanitize user-supplied input before using
it in an SQL query. Specifically, the application fails to sanitize
data supplied to the "requestType" parameter of the "overview.do"
script.
Ref: http://www.securityfocus.com/bid/37289
______________________________________________________________________

09.51.72 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Digital Scribe Multiple SQL Injection Vulnerabilities
Description: Digital Scribe is PHP-based content manager for teachers.
The application is exposed to multiple SQL injection issue because it
fails to sufficiently sanitize user-supplied data to the "ID"
parameter of the "stuworkdisplay.php" script before using the data in
an SQL query. Digital Scribe version 1.4.1 is affected.
Ref: http://www.securityfocus.com/archive/1/508410
______________________________________________________________________

09.51.73 CVE: Not Available
Platform: Web Application - SQL Injection
Title: VirtueMart "product_id" Parameter SQL Injection
Description: VirtueMart is a web-based shopping application.
VirtueMart is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data before using it in an SQL
query. This issue affects the "product_id" parameter when the
"flypage" parameter is set to "shop.flypage" and "page" parameter is
set to "shop.product_details". Virtuemart version 1.0 is affected.
Ref: http://www.securityfocus.com/bid/37317
______________________________________________________________________

09.51.74 CVE: Not Available
Platform: Web Application
Title: Drupal Randomizer Module HTML Injection
Description: Randomizer is a random number generation module for the
Drupal content manager. The Randomizer module for Drupal is exposed to
an HTML injection issue because it fails to properly sanitize
user-supplied input before using it in dynamically generated content.
Randomizer versions 5.x-1.0 and 6.x-1.0 are affected.
Ref: http://drupal.org/node/655668
______________________________________________________________________

09.51.75 CVE: Not Available
Platform: Web Application
Title: Joomla! Mamboleto Component "mamboleto.php" Remote File Include
Description: Mamboleto is a component for the Joomla! content manager.
The component is exposed to a remote file include issue because it
fails to sufficiently sanitize user-supplied input to the
"mosConfig_absolute_path" parameter of the "mamboleto.php" script.
Mamboleto version 2.0.RC3 is affected.
Ref: http://www.securityfocus.com/bid/37280
______________________________________________________________________

09.51.76 CVE: Not Available
Platform: Web Application
Title: Zen Cart "extras/curltest.php" Information Disclosure
Description: Zen Cart is a content manager. The application is exposed
to an information disclosure issue because it fails to sufficiently
sanitize user-supplied input to the "url" parameter of the
"extras/curltest.php" script before passing it to the "curl"
application. This can be used in conjunction with the "file://"
protocol to access local files.
Ref: http://www.zen-cart.com/forum/showthread.php?t=142784
______________________________________________________________________

09.51.77 CVE: Not Available
Platform: Web Application
Title: ZABBIX Denial of Service and SQL Injection Vulnerabilities
Description: ZABBIX is an IT monitoring system available for multiple
operating platforms. ZABBIX is exposed to multiple remote issues.
Successful exploits may allow remote attackers to cause the affected
application to crash, compromise the application, access or modify
data, or exploit latent vulnerabilities in the underlying database.
ZABBIX versions prior to 1.6.6 are affected.
Ref: http://www.securityfocus.com/bid/37309
______________________________________________________________________

09.51.78 CVE: Not Available
Platform: Web Application
Title: Piwik "unserialize()" PHP Code Execution
Description: Piwik is a PHP-based wiki application. Piwik is exposed
to an issue that lets remote attackers execute arbitrary code because
the application fails to sanitize user-supplied input. This issue
affects the "unserailze()" function of the "core/Cookie.php" script.
Piwik versions prior to 0.5 are affected.
Ref:
http://www.sektioneins.de/de/advisories/advisory-032009-piwik-cookie-unserialize-vulnerability/index.html
______________________________________________________________________

09.51.79 CVE: Not Available
Platform: Web Application
Title: Open Flash Chart "ofc_upload_image.php" Remote PHP Code
Execution
Description: Open Flash Chart is a PHP-based chart application. Open
Flash Chart is exposed to a remote code execution issue because the
application fails to sanitize users-supplied input to the "name" and
"HTTP_RAW_POST_DATA" parameters in "ofc_upload_image.php" script when
verifying file extensions. This issue can be exploited to create
arbitrary files and execute arbitrary PHP code. Open Flash Chart 2
Beta 1 and Open Flash Chart 2 are affected.
Ref:
http://piwik.org/blog/2009/10/piwik-response-to-secunia-advisory-sa37078/
______________________________________________________________________

09.51.80 CVE: Not Available
Platform: Web Application
Title: DigitalHive "base.php" Arbitrary File Upload
Description: DigitalHive is a PHP-based forum software. The
application is exposed to an issue that lets attackers upload
arbitrary files. The issue occurs because the application fails to
adequately sanitize file extensions before uploading files to the
webserver via the "base.php" script.
Ref: http://www.securityfocus.com/bid/37320
______________________________________________________________________

09.51.81 CVE: Not Available
Platform: Web Application
Title: Smart PHP Subscriber Multiple Information Disclosure
Vulnerabilities
Description: Smart PHP Subscriber is a PHP-based mailing list manager.
The application is exposed to multiple information disclosure issues.
An attacker can exploit these issues to gain access to sensitive
information. Information obtained may lead to other attacks.
Ref: http://www.securityfocus.com/bid/37324
______________________________________________________________________

09.51.82 CVE: Not Available
Platform: Web Application
Title: phpldapadmin "cmd.php" Local File Include
Description: phpldapadmin is a web-based application for administering
LDAP servers. The application is exposed to a local file include issue
because it fails to sufficiently sanitize user-supplied input to the
"cmd" parameter of the "cmd.php" script. phpldapadmin version 1.1.0.5
is affected.
Ref: http://www.securityfocus.com/bid/37327
______________________________________________________________________

09.51.83 CVE: Not Available
Platform: Web Application
Title: TYPO3 Watchdog (aba_watchdog) Unspecified Information
Disclosure
Description: TYPO3 Watchdog (aba_watchdog) is an extension for the
TYPO3 content manager. The extension is exposed to an unspecified
information disclosure issue. Attackers can exploit this issue to
harvest sensitive information that may lead to further attacks.
Watchdog versions prior to 2.0.3 are affected.
Ref:
http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/
______________________________________________________________________

09.51.84 CVE: Not Available
Platform: Network Device
Title: SEIL/B1 PPP Access Concentrator Authentication Bypass
Description: SEIL/B1 is a network router. SEIL/B1 includes a PPP
Access Concentrator function, which supports the CHAP and MS-CHAP-V2
authentication protocols. The device is exposed to an authentication
bypass issue affecting CHAP and MS-CHAP-V2 authentication.
Specifically, the same challenge is used for all authentication
requests. This may allow attackers to perform a replay attack against
the device and gain access to the network. SEIL/B1 versions prior to
2.60 are affected.
Ref: http://jvn.jp/en/jp/JVN49602378/index.html
______________________________________________________________________

09.51.85 CVE: Not Available
Platform: Network Device
Title: IntelliCom NetBiter webSCADA Multiple Default Password Security
Bypass Vulnerabilities
Description: IntelliCom NetBiter webSCADA devices are web gateway
hardware devices. IntelliCom NetBiter webSCADA devices are exposed to
multiple security bypass issues due to hardcoded default passwords.
These passwords may be obtained by downloading and analyzing the
device firmware images, which are "gzip" files with an additional
header.
Ref: http://www.securityfocus.com/archive/1/508449
______________________________________________________________________

(c) 2009. All rights reserved. The information contained in this
newsletter, including any external links, is provided "AS IS," with no
express or implied warranty, for informational purposes only. In some
cases, copyright for material in this newsletter may be held by a
party other than Qualys (as indicated herein) and permission to use
such material must be requested from the copyright owner.

Subscriptions: RISK is distributed free of charge by the SANS Institute
to people responsible for managing and securing information systems and
networks. You may forward this newsletter to others with such
responsibility inside or outside your organization.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Darwin)

iEYEARECAAYFAksrfn8ACgkQ+LUG5KFpTkZEAACfYYo6dyHS0q1JqFr3mxKSKwYr
ylMAoJjSr6PtaTJTbEPRD2uTWASWjZuP
=mm31
-----END PGP SIGNATURE-----

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]