|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
RISK: The Consensus Security Vulnerability Alert Vol. 9 No. 22
From: The SANS Institute (ConsensusSecurityVulnerabilityAlertsans.org)
Date: Fri May 28 2010 - 11:00:02 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
RISK: The Consensus Security Vulnerability Alert
May 27th, 2010 Vol. 9. Week 22
******************************************************************
RISK is the SANS community's consensus bulletin summarizing the most
important vulnerabilities and exploits identified during the past week
and providing guidance on appropriate actions to protect your systems
(PART I). It also includes a comprehensive list of all new
vulnerabilities discovered in the past week (PART II).
Summary of Updates and Vulnerabilities in this Consensus
Platform Number of Updates and Vulnerabilities
- ------------------------ -------------------------------------
Windows 1 (#5)
Third Party Windows Apps 8
Mac Os 2 (#3)
Linux 3
HP-UX 1 (#2)
Solaris 3 (#2)
Cross Platform 29 (#1,#2,#4)
Web Application - Cross Site Scripting 20
Web Application - SQL Injection 16
Web Application 27
Network Device 2
********************** Sponsored By SANS *************************
The SANS WhatWorks in Virtualization and Cloud Computing Summit brings
together industry leaders to help enterprises realize the enormous
benefits of virtualization while addressing the new security challenges
that it creates. You'll discuss the latest processes and tools for
securing your virtualized systems in open forums designed to bring you
together with both industry experts and your peers facing the same
day-to-day challenges.
http://www.sans.org/info/59858
******************************************************************
TRAINING UPDATE
- -- SANSFIRE 2010, Baltimore, June 6-14, 2010
36 courses. Bonus evening presentations include Software Security
Street Fighting Style and The Verizon Data Breach Investigations Report
http://www.sans.org/sansfire-2010/
- -- SANS Rocky Mountain 2010, Denver, July 12-17, 2010
8 courses. Bonus evening presentations include Hiding in Plain Sight:
Forensic Techniques to Counter the Advanced Persistent Threat
http://www.sans.org/rocky-mountain-2010/
- -- SANS Boston 2010, August 2-8, 2010
11 courses. Special Events include Rapid Response Security Strategy
Competition http://www.sans.org/boston-2010/
- -- SANS Virginia Beach 2010, August 29-September 3, 2010
9 courses http://www.sans.org/virginia-beach-2010/
- -- SANS Network Security 2010, Las Vegas, September 19-27, 2010
40 courses. Bonus evening presentations include The Return of Command
Line Kung Fu and Cyberwar or Business as Usual? The State of US
Federal CyberSecurity Initiatives
http://www.sans.org/network-security-2010/
Looking for training in your own community? http://sans.org/community/
Save on On-Demand training (30 full courses) - See samples at
http://www.sans.org/ondemand/spring09.php Plus Amsterdam, Kuala
Lumpur, Canberra and Taipei all in the next 90 days. For a list of
all upcoming events, on-line and live: www.sans.org
*************************************************************************
Table Of Contents
Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)
Widely Deployed Software
(1) HIGH: Google Chrome Memory Corruption and Security Bypass Vulnerabilities
(2) HIGH: Multiple Vendor 'rpc.pcnfsd' Integer Overflow Vulnerability
(3) HIGH: Apple Mac OS X Java Multiple Remote Code Execution Vulnerabilities
(4) MODERATE: Ziproxy Image Parsing Multiple Integer Overflow Vulnerabilities
(5) MODERATE: Microsoft Windows Canonical Display Driver Remote Code
**************************** Sponsored Link: ****************************
1) Measuring network performance, security and stability under hostile
conditions - Take our SANS Network Security Survey and be entered into
a drawing to win a $250 American Express Gift Certificate.
http://www.sans.org/info/59863
*************************************************************************
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from
Qualys (www.qualys.com)
-- Windows
10.22.1 - Microsoft Windows Canonical Display Driver Remote Code Execution
-- Third Party Windows Apps
10.22.2 - Attachmate Reflection X ActiveX Control "ControlID" Buffer Overflow
10.22.3 - yPlay ".mp3" File Remote Buffer Overflow
10.22.4 - Pico MP3 Player Multiple Remote Buffer Overflow Vulnerabilities
10.22.5 - Sonique ".pls" File Remote Buffer Overflow
10.22.6 - Rumba FTP Client "FTPSFtp.dll" ActiveX Control Buffer Overflow
10.22.7 - SyncBack Profile File Remote Buffer Overflow
10.22.8 - SnugServer FTP Directory Traversal
10.22.9 - Open&Compact FTP Server Multiple Command Remote Denial of Service Vulnerabilities
-- Mac Os
10.22.10 - Apple Mac OS X Java "mediaLibImage" Object Handling Remote Code Execution
10.22.11 - Apple Mac OS X Java Window Drawing Handling Remote Code Execution
-- Linux
10.22.12 - Linux Kernel Btrfs Cloned File Security Bypass
10.22.13 - Linux Mint "mintUpdate" Insecure Temporary File Creation
10.22.14 - Linux Kernel GFS2 File Attribute Security Bypass
-- HP-UX
10.22.15 - HP-UX ONCplus Unspecified Remote Privilege Escalation
-- Solaris
10.22.16 - Sun Solaris Nested Directory Tree Local Denial of Service
10.22.17 - Sun Solaris "in.ftpd" Long Command Handling Security
10.22.18 - Sun Solaris Multiple libc Numeric Conversion Functions Buffer Overflow Vulnerabilities
-- Cross Platform
10.22.19 - TeamViewer Remote Buffer Overflow
10.22.20 - Orbit Downloader Metalink File Directory Traversal
10.22.21 - Dell OpenManage "file" Parameter URI Redirection
10.22.22 - e107 BBCode Arbitrary PHP Code Execution
10.22.23 - McAfee Email Gateway "systemWebAdminConfig.do" Remote Security Bypass
10.22.24 - Oracle MySQL DROP TABLE MyISAM Symbolic Link Local Security Bypass
10.22.25 - SwiFTP "STOR" Command Remote Buffer Overflow
10.22.26 - SquirrelMail "mail_fetch" Remote Information Disclosure
10.22.27 - Perl Safe Module "reval()" and "rdo()" Restriction Bypass Vulnerabilities
10.22.28 - 3Com Intelligent Management Center Multiple Vulnerabilities
10.22.29 - PostgreSQL "RESET ALL" Unauthorized Access
10.22.30 - FileCOPA FTP Server Directory Traversal
10.22.31 - ClamAV "cli_pdf()" PDF File Processing Denial of Service
10.22.32 - IBM WebSphere Application Server "response.sendRedirect" Remote Denial of Service
10.22.33 - IBM WebSphere Application Server JAX-RPC WS-Security/JAX-WS Runtime Security Bypass
10.22.34 - IBM WebSphere Application Server Nodeagent/Deployment Manager Remote Denial of Service
10.22.35 - SolarWinds TFTP Server "Read" Request (Opcode 0x01) Denial of Service
10.22.36 - DotNetNuke Remote Arbitrary File Upload
10.22.37 - Kingsoft Webshield "KAVSafe.sys" Driver IOCTL Handling Local Privilege Escalation
10.22.38 - Apache Axis2 "xsd" Parameter Directory Traversal
10.22.39 - Ziproxy Image Parsing Multiple Integer Overflow Vulnerabilities
10.22.40 - Simple:Press Plugin for WordPress Security Bypass and Arbitrary File Upload Vulnerabilities
10.22.41 - TinyBrowser Remote File Upload
10.22.42 - Python "rgbimg" Module ZSIZE Value Buffer Underflow
10.22.43 - Python "rgbimg" Module "rv" Array Buffer Overflow
10.22.44 - Python "rgbimg" RLE Decoder Multiple Buffer Overflow Vulnerabilities
10.22.45 - Google Chrome prior to 5.0.375.55 Multiple Security Vulnerabilities
10.22.46 - Ghostscript "./Encoding/" Search Path Local Privilege Escalation
10.22.47 - HP TestDirector for Quality Center Unauthorized Access
-- Web Application - Cross Site Scripting
10.22.48 - FunkGallery "index.php" Cross-Site Scripting
10.22.49 - Shopzilla Affiliate Script PHP "search.php" Cross-Site Scripting
10.22.50 - Caucho Resin Professional "resin-admin/digest.php" Multiple Cross-Site Scripting Vulnerabilities
10.22.51 - ManageEngine ADAudit Plus "reportList" Parameter Cross-Site Scripting
10.22.52 - PHP F1 Max's Site Protector "index.php" Cross-Site Scripting
10.22.53 - SoftDirec "delete_confirm.php" Cross-Site Scripting
10.22.54 - Drupal download_count Module Cross-Site Scripting
10.22.55 - Private Message Module For Drupal Delete User Cross-Site Request Forgery
10.22.56 - User Queue Module For Drupal Delete User Cross-Site Request Forgery
10.22.57 - Drupal External Link Page Module Cross-Site Scripting
10.22.58 - StivaSoft Stiva SHOPPING CART "demo.php" Cross-Site Scripting
10.22.59 - Triburom "forum.php" Cross-Site Scripting
10.22.60 - Apache Axis2 "engagingglobally" Cross-Site Scripting
10.22.61 - NPDS Revolution "admin.php" Cross-Site Request Forgery
10.22.62 - Cacti Multiple Cross-Site Scripting Vulnerabilities
10.22.63 - gpEasy CMS "editing_files.php" Cross-Site Scripting
10.22.64 - PHP Calendar Multiple Cross-Site Scripting Vulnerabilities
10.22.65 - U.S.Robotics USR5463 Firmware "/cgi-bin/setup_ddns.exe" Cross-Site Request Forgery
10.22.66 - Mono "EnableViewStateMac" Cross-Site Scripting
10.22.67 - ManageEngine ADManager Plus "computerName" Parameter Cross-Site Scripting
-- Web Application - SQL Injection
10.22.68 - Debliteck DBCMS "article.php" SQL Injection
10.22.69 - MigasCMS "function.php" SQL Injection
10.22.70 - Debliteck DBCMS "section.php" SQL Injection
10.22.71 - Web 2.0 Social Network Freunde Community System "user.php" SQL Injection
10.22.72 - MoME CMS Login "username" Field SQL Injection
10.22.73 - Renista CMS "Default.aspx" SQL Injection
10.22.74 - Specialized Data Systems Parent Connect Multiple SQL Injection Vulnerabilities
10.22.75 - ConPresso CMS "firma.php" SQL Injection
10.22.76 - PSI CMS "index.php" Multiple SQL Injection Vulnerabilities
10.22.77 - ECShop "search.php" SQL Injection
10.22.78 - NITRO Web Gallery "PictureId" Parameter SQL Injection
10.22.79 - WebAsyst Shop-Script "index.php" SQL Injection
10.22.80 - cyberhost "default.asp" SQL Injection
10.22.81 - BLOX CMS "c" Parameter SQL Injection
10.22.82 - WebAsyst "blog_id" parameter SQL Injection
10.22.83 - CU Village CMS Site "index.php" SQL Injection
-- Web Application
10.22.84 - DataTrack System "Home.aspx" HTML Injection
10.22.85 - Battle Scrypt "upload.php" Remote Arbitrary File Upload
10.22.86 - Wordpress Import Drupal Module Unauthorized Access
10.22.87 - Drupal CAPTCHA Module Description HTML Injection
10.22.88 - Drupal Heartbeat Module Multiple HTML Injection Vulnerabilities
10.22.89 - Drupal Menu Block Split Module HTML Injection
10.22.90 - Drupal Weather Underground Module Block Subject HTML Injection
10.22.91 - Drupal osCommerce Module HTML Injection
10.22.92 - Drupal Comment Page Module Multiple HTML Injection Vulnerabilities
10.22.93 - Drupal Comment Page Module Security Bypass
10.22.94 - Snipe Gallery "cfg_admin_path" Parameter Multiple Remote File Include Vulnerabilities
10.22.95 - Drupal Rotor Banner Module Multiple HTML Injection Vulnerabilities
10.22.96 - Panels Module For Drupal Arbitrary PHP Code Execution
10.22.97 - Drupal Storm Project HTML Injection
10.22.98 - Drupal Simplenews Module Subscribe To Newsletters Security Bypass
10.22.99 - U.S.Robotics USR5463 Firmware "setup_ddns.exe" HTML Injection
10.22.100 - Drupal False Account Detector Module Multiple Cross-Site Scripting and SQL Injection Vulnerabilities
10.22.101 - Horde IMP Remote Information Disclosure
10.22.102 - Spaw Editor "spawfm" Module Arbitrary File Upload
10.22.103 - DotNetNuke User Messaging Module HTML Injection
10.22.104 - Lisk CMS "id" Parameter Multiple Cross-Site Scripting and SQL Injection Vulnerabilities
10.22.105 - phpBB "posting.php" Unspecified Security
10.22.106 - Alibaba Clone Script SQL Injection and Cross-Site Scripting
10.22.107 - JV2 Folder Gallery "gallery.php" Remote File Include
10.22.108 - Webby HTTP GET Request Buffer Overflow
10.22.109 - BigACE Cross-Site Request Forgery and HTML Injection Vulnerabilities
10.22.110 - OpenForum "saveAsAttachment()" Method Arbitrary File Creation
-- Network Device
10.22.111 - D-Link DI-724P+ Router "wlap.htm" HTML Injection
10.22.112 - Cisco DPC2100 Multiple Security Bypass and Cross-Site Request Forgery Vulnerabilities
______________________________________________________________________
PART I Critical Vulnerabilities
Part I for this issue has been compiled by Josh Bronson at TippingPoint,
a division of 3Com, as a by-product of that company's continuous effort
to ensure that its intrusion prevention products effectively block
exploits using known vulnerabilities. TippingPoint's analysis is
complemented by input from a council of security managers from twelve
large organizations who confidentially share with SANS the specific
actions they have taken to protect their systems. A detailed description
of the process may be found at
http://www.sans.org/newsletters/cva/#process
*****************************
Widely Deployed Software
*****************************
(1) HIGH: Google Chrome Memory Corruption and Security Bypass Vulnerabilities
Affected:
Google Chrome prior to 5.0.375.55
Description: Two memory corruption vulnerabilities and a security bypass
vulnerability have been reported in Google Chrome. The two memory
corruption vulnerabilities are unspecified, but memory corruption
vulnerabilities should always be taken seriously since they sometimes
allow code execution. The security bypass vulnerability allows
Javascript to be executed with the same permissions as a Chrome
extension. Javscript is normally run with reduced permissions inside a
browser sandbox.
Status: vendor confirmed, updates available
References:
Vendor Home Page
http://www.google.com
Google Chrome Stable Channel Update
http://googlechromereleases.blogspot.com/2010/05/stable-channel-update.html
SecurityFocus BID
http://www.securityfocus.com/bid/40367/references
*************************************************************
(2) HIGH: Multiple Vendor 'rpc.pcnfsd' Integer Overflow Vulnerability
Affected:
SGI IRIX 6.5 20
SGI IRIX 6.5 .19m
SGI IRIX 6.5 .19f
SGI IRIX 6.5
IBM Virtual I/O Server (VIOS) 2.1
IBM Virtual I/O Server (VIOS) 1.5.2
IBM Virtual I/O Server (VIOS) 2.1
IBM Virtual I/O Server (VIOS) 1.5
IBM AIX 6.1.3
IBM AIX 6.1.2
IBM AIX 6.1.1
IBM AIX 5.3.10
IBM AIX 5.3.9
IBM AIX 5.3.8
IBM AIX 5.3.7
IBM AIX 5.3 L
IBM AIX 6.1
IBM AIX 5.3
HP HP-UX B.11.31
HP HP-UX B.11.23
HP HP-UX B.11.11
Description: A vulnerability has been reported in HP-UX, SGI IRIX, and
IBM AIX that could allow a remote unauthenticated attacker to execute
arbitrary code on a target's machine. The problem is in the rpc.pcnfsd
daemon, which contains an integer overflow vulnerability. Successful
exploitation will result in code executing with root permissions.
Status: vendor confirmed, updates available
References:
Vendor Home Page
http://www.hp.com
http://www.ibm.com
http://www.sgi.com
HP Security Bulletin
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02115103
IBM Technical Bulletin
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=5088
SecurityFocus BID
http://www.securityfocus.com/bid/40248
Vupen Security Advisory
http://www.vupen.com/english/advisories/2010/1212
*************************************************************
(3) HIGH: Apple Mac OS X Java Multiple Remote Code Execution Vulnerabilities
Affected:
Mac OS X 10.5.8 (and prior versions)
Mac OS X Server 10.5.8 (and prior versions)
Mac OS X 10.6.3 (and prior versions)
Mac OS X Server 10.6.3 (and prior versions)
Description: Mac OS X is a popular operating system for Apple computers.
Two vulnerabilities have been reported in its handling of Java applets.
The first issue concerns malicious 'mediaLibImage' objects and the
second involves window drawing. A successful attacker can exploit this
vulnerability and execute arbitrary code with the permissions of the
affected software.
Status: vendor confirmed, updates available
References:
Vendor Home Page
http://www.apple.com
SecurityFocus BID
http://www.securityfocus.com/bid/40238
http://www.securityfocus.com/bid/40240
*************************************************************
(4) MODERATE: Ziproxy Image Parsing Multiple Integer Overflow Vulnerabilities
Affected:
Ziproxy Ziproxy 3.0
Description: Ziproxy is a non-caching, open-source, lightweight web
proxy. Two integer overflow vulnerabilities have been reported in
Ziproxy. A remote attacker can exploit this vulnerability by causing the
proxy to process malicious JPEG or PNG files. Successful exploitation
will result in code execution with the permissions of the Ziproxy server
process.
Status: vendor confirmed, updates available
References:
Vendor Home Page
http://ziproxy.sourceforge.net/
SecurityFocus BID
http://www.securityfocus.com/bid/40344
*************************************************************
(5) MODERATE: Microsoft Windows Canonical Display Driver Remote Code Execution Vulnerability
Affected:
Windows 7 for x64-based systems
Windows Server 2008 R2 for x64-based systems
Windows Server 2008 R2 for Itanium-based systems
Description: When the Windows "Aero" theme is installed, Microsoft's
Canonical Display Driver (cdd.dll) does not properly parse user-mode
data. An attacker can exploit this vulnerability by causing his target
to use the driver maliciously, for example by sending a malicious image.
Code execution is a theoretical possibility, but Microsoft notes that
the code is protected by randomization.
Status: vendor confirmed, updates available
References:
Vendor Home Page
http://www.microsoft.com
Microsoft Security Advisory
http://www.microsoft.com/technet/security/advisory/2028859.mspx
SecurityFocus BID
http://www.securityfocus.com/bid/40237
Common Vulnerabilites and Exposures
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3678
*************************************************************
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from
Qualys (www.qualys.com)
Week 22, 2010
This list is compiled by Qualys ( www.qualys.com ) as part of that
company's ongoing effort to ensure its vulnerability management web
service tests for all known vulnerabilities that can be scanned. As of
this week Qualys scans for 9546 unique vulnerabilities. For this special
SANS community listing, Qualys also includes vulnerabilities that cannot
be scanned remotely.
______________________________________________________________________
10.22.1 CVE: CVE-2009-3678
Platform: Windows
Title: Microsoft Windows Canonical Display Driver Remote Code
Execution
Description: Microsoft Windows is exposed to a remote code execution
issue that affects the Canonical Display Driver. The vulnerable code
resides in the "cdd.dll" library file. Specifically, the vulnerable
driver fails to properly parse information passed from user to kernel
space.
Ref: http://www.microsoft.com/technet/security/advisory/2028859.mspx
______________________________________________________________________
10.22.2 CVE: Not Available
Platform: Third Party Windows Apps
Title: Attachmate Reflection X ActiveX Control "ControlID" Buffer
Overflow
Description: Attachmate Reflection X is an ActiveX control that provides
terminal functionality for remote systems. The Attachmate Reflection X
control is exposed to a buffer overflow issue because it fails to
perform adequate boundary checks on user-supplied data. Attachmate
Reflection X versions 13.0 and 14.0 and Attachmate Reflection Standard
Suite 2008 are affected
Ref: http://support.microsoft.com/kb/240797
______________________________________________________________________
10.22.3 CVE: Not Available
Platform: Third Party Windows Apps
Title: yPlay ".mp3" File Remote Buffer Overflow
Description: yPlay is a media player for Microsoft Windows. yPlay is
exposed to a remote buffer overflow issue because it fails to perform
adequate checks on user-supplied input. Specifically, this issue
occurs when opening a specially crafted ".mp3" file. yPlay version
1.0.76 is affected.
Ref: http://www.securityfocus.com/bid/40301/references
______________________________________________________________________
10.22.4 CVE: Not Available
Platform: Third Party Windows Apps
Title: Pico MP3 Player Multiple Remote Buffer Overflow Vulnerabilities
Description: Pico MP3 Player is an MP3 player for Microsoft Windows.
Pico MP3 Player is exposed to multiple remote buffer overflow issues
because it fails to perform adequate checks on user-supplied input.
Specifically, these issues occur when opening specially crafted ".mp3"
and ".pls" files. Pico MP3 Player version 1.0 is affected.
Ref: http://www.securityfocus.com/bid/40303/references
______________________________________________________________________
10.22.5 CVE: Not Available
Platform: Third Party Windows Apps
Title: Sonique ".pls" File Remote Buffer Overflow
Description: Sonique is a media player for Microsoft Windows. Sonique
is exposed to a remote buffer overflow issue because it fails to
perform adequate checks on user-supplied input. Specifically, this
issue occurs when opening a specially crafted ".pls" file.
Sonique version 2.0 Beta Build 103 is affected.
Ref: http://www.securityfocus.com/bid/40306/references
______________________________________________________________________
10.22.6 CVE: Not Available
Platform: Third Party Windows Apps
Title: Rumba FTP Client "FTPSFtp.dll" ActiveX Control Buffer Overflow
Description: Rumba FTP client is an FTP client for Microsoft Windows.
The "FTPSFtp.dll" ActiveX control is exposed to a buffer overflow issue
because it fails to perform adequate boundary checks on user-supplied
data to the "OpenSession()" method. The issue affects Rumba FTP client
version 4.2.0.0.
Ref: http://support.microsoft.com/kb/240797
______________________________________________________________________
10.22.7 CVE: Not Available
Platform: Third Party Windows Apps
Title: SyncBack Profile File Remote Buffer Overflow
Description: SyncBack is a backup application. SyncBack is exposed to
a remote stack-based buffer overflow issue because it fails to perform
adequate checks on user-supplied input. Specifically, this issue
occurs when importing profiles from specially crafted ".sps" or ".zip"
files. SyncBack version 3.2.20 is affected.
Ref: http://www.2brightsparks.com/freeware/changes.html
______________________________________________________________________
10.22.8 CVE: Not Available
Platform: Third Party Windows Apps
Title: SnugServer FTP Directory Traversal
Description: SnugServer is a Windows based FTP server. The application
is exposed to a directory traversal issue because it fails to
sufficiently sanitize directory traversal strings from user-supplied
commands. SnugServer version 4.3.0.126 is affected.
Ref: http://www.securityfocus.com/bid/40313/references
______________________________________________________________________
10.22.9 CVE: Not Available
Platform: Third Party Windows Apps
Title: Open&Compact FTP Server Multiple Command Remote Denial of
Service Vulnerabilities
Description: Open&Compact FTP Server is an FTP server available for
Microsoft Windows. The application is exposed to a multiple
denial of service issues because the application fails to perform
adequate boundary checks on user-supplied data to the FTP commands.
Open&Compact FTP Server version 1.2 is affected.
Ref: http://www.securityfocus.com/bid/40366/references
______________________________________________________________________
10.22.10 CVE: CVE-2010-0538
Platform: Mac Os
Title: Apple Mac OS X Java "mediaLibImage" Object Handling Remote Code
Execution
Description: Apple Mac OS X is exposed to an issue that lets attackers
run arbitrary code because the software fails to properly handle Java
applets containing malicious "mediaLibImage" objects. Memory can become
corrupted because of an out-of-bounds error in the
"com.sun.medialib.mlib" package. This issue affects Mac OS X 10.6.3 and
prior versions.
Ref: http://www.securityfocus.com/bid/40238/info
______________________________________________________________________
10.22.11 CVE: CVE-2010-0539
Platform: Mac Os
Title: Apple Mac OS X Java Window Drawing Handling Remote Code
Execution
Description: Apple Mac OS X is exposed to an issue that lets attackers
run arbitrary code because the software fails to properly handle
window drawing in specially crafted Java applets. This issue occurs
because of an unspecified signedness error. Successful exploits will
allow an attacker to run arbitrary code in the context of the affected
software.
Ref: http://www.securityfocus.com/bid/40240
______________________________________________________________________
10.22.12 CVE: Not Available
Platform: Linux
Title: Linux Kernel Btrfs Cloned File Security Bypass
Description: The Linux Kernel is exposed to a security bypass issue
that affects the Btrfs filesystem implementation. Specifically, this
issue affects the "btrfs_ioctl_clone()" IOCTL which fails to verify
if the source file descriptor has been opened for reading before it
was copied.
Ref: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/579585
______________________________________________________________________
10.22.13 CVE: Not Available
Platform: Linux
Title: Linux Mint "mintUpdate" Insecure Temporary File Creation
Description: LinuxMint is a GNU/Linux desktop distribution. The
LinuxMint "mintUpdate" tool creates temporary files in the
"/tmp/mintUpdate/" directory in an insecure manner. Successfully
mounting a symlink attack may allow the attacker to delete or corrupt
sensitive files, which may result in a denial of service.
Ref: http://www.securityfocus.com/bid/40296
______________________________________________________________________
10.22.14 CVE: Not Available
Platform: Linux
Title: Linux Kernel GFS2 File Attribute Security Bypass
Description: The Linux kernel is exposed to a security bypass issue
affecting the GFS2 file system. Specifically, the "setflags" IOCTL
fails to properly verify file ownership when setting file attributes.
This issue affects the "do_gfs2_set_flags()" function in the
"fs/gfs2/file.c" source code file.
Ref:
http://www.linux-archive.org/cluster-development/375481-gfs2-fix-permissions-checking-setflags-ioctl.html
______________________________________________________________________
10.22.15 CVE: CVE-2010-1039
Platform: HP-UX
Title: HP-UX ONCplus Unspecified Remote Privilege Escalation
Description: HP-UX is a UNIX based operating system. The ONCplus
package provides distributed applications such as NFS, AutoFS,
CacheFS, and NIS. The application is exposed to an unspecified remote
privilege escalation issue. HP-UX versions B.11.11, B.11.23, and
B.11.31 running NFS/ONCplus B.11.31_09 are affected.
Ref: http://www.securityfocus.com/archive/1/511342
______________________________________________________________________
10.22.16 CVE: Not Available
Platform: Solaris
Title: Sun Solaris Nested Directory Tree Local Denial of Service
Description: Sun Solaris is exposed to a local denial of service issue
because it fails to properly handle deeply nested directories with
certain filesystem commands. Specifically, when running the "rm" and
"find" commands on a directory that is nested 8000 or more times, a
segfault occurs. Other commands may also be affected. Sun Solaris 10
is affected.
Ref: http://securityreason.com/achievement_securityalert/85
______________________________________________________________________
10.22.17 CVE: Not Available
Platform: Solaris
Title: Sun Solaris "in.ftpd" Long Command Handling Security
Description: Sun Solaris "in.ftpd" FTP server is exposed to a security
issue that allows attackers to perform cross-site request forgery
attacks. The issue stems from an error in processing long FTP
commands. The application truncates an overly long FTP command and
interprets the remaining string as a new FTP command. Sun Solaris 10
version 10/09 and OpenSolaris version 2009.06 are affected.
Ref: http://www.securityfocus.com/bid/40320/references
______________________________________________________________________
10.22.18 CVE: Not Available
Platform: Solaris
Title: Sun Solaris Multiple libc Numeric Conversion Functions Buffer
Overflow Vulnerabilities
Description: Sun Solaris is exposed to a buffer overflow issue affecting
multiple functions in the libc library. This issue affects the
"econvert()" and "fconvert()" functions called by "ecvt()" and "fcvt()",
respectively. Similar functions may also be affected. Solaris 10 is
affected.
Ref: http://securityreason.com/achievement_securityalert/86
______________________________________________________________________
10.22.19 CVE: Not Available
Platform: Cross Platform
Title: TeamViewer Remote Buffer Overflow
Description: TeamViewer is a remote desktop sharing application
available for multiple operating systems. TeamViewer is exposed to a
remote buffer overflow issue because it fails to perform adequate
boundary checks on user-supplied data. This issue occurs when handling
a maliciously crafted large string sent to the listening network port
of the application. TeamViewer version 5.0.8232 is affected.
Ref: http://www.securityfocus.com/bid/40242
______________________________________________________________________
10.22.20 CVE: Not Available
Platform: Cross Platform
Title: Orbit Downloader Metalink File Directory Traversal
Description: Orbit Downloader is a downloading application for music,
video and other files. Orbit Downloader is exposed to a directory
traversal issue because the application fails to sufficiently sanitize
user-supplied input. Specifically, the application fails to sanitize
directory-traversal strings (../) from the "name" attribute of the "file"
element in the metalink files. Orbit Downloader versions 3.0.0.4 and
3.0.0.5 are affected.
Ref: http://www.securityfocus.com/bid/40245
______________________________________________________________________
10.22.21 CVE: Not Available
Platform: Cross Platform
Title: Dell OpenManage "file" Parameter URI Redirection
Description: Dell OpenManage is a collection of network and systems
management applications. OpenManage is exposed to an open redirection
issue because it fails to properly sanitize user-supplied input to the
"file" parameter of the "servlet/HelpViewer" application. OpenManage
versions 5.5 and 6.2 are affected.
Ref: http://www.securityfocus.com/bid/40247
______________________________________________________________________
10.22.22 CVE: Not Available
Platform: Cross Platform
Title: e107 BBCode Arbitrary PHP Code Execution
Description: e107 is a PHP-based content manager. e107 is exposed to a
remote PHP code execution issue because it fails to properly restrict
access to BBCode functionality. Specifically, attackers can bypass
access restrictions by accessing certain scripts indirectly. e107
versions 0.7.20 and prior are affected.
Ref:
http://www.php-security.org/2010/05/19/mops-2010-035-e107-bbcode-remote-php-code-execution-vulnerability/index.html
______________________________________________________________________
10.22.23 CVE: Not Available
Platform: Cross Platform
Title: McAfee Email Gateway "systemWebAdminConfig.do" Remote Security
Bypass
Description: McAfee Email Gateway (formerly IronMail) is an email
gateway security application. The application is exposed to a
security bypass issue. Specifically, the
"admin/systemWebAdminConfig.do" script fails to properly perform
user-profile checks. McAfee Email Gateway version 6.7.1 is affected.
Ref:
http://www.cybsec.com/vuln/cybsec_advisory_2010_0501_Ironmail_Advisory_Web_Access_Broken.pdf
______________________________________________________________________
10.22.24 CVE: CVE-2010-1626
Platform: Cross Platform
Title: Oracle MySQL DROP TABLE MyISAM Symbolic Link Local Security
Bypass
Description: Oracle MySQL is an open source SQL database available for
multiple operating systems. MySQL is exposed to a security bypass
issue because of an error when handling symbolic links between MyISAM
files. MySQL versions prior to 5.1.46 are affected.
Ref: http://lists.mysql.com/commits/104639
______________________________________________________________________
10.22.25 CVE: Not Available
Platform: Cross Platform
Title: SwiFTP "STOR" Command Remote Buffer Overflow
Description: SwiFTP is an FTP server that runs on the Android platform.
SwiFTP is exposed to a remote buffer overflow issue because it fails
to perform adequate boundary checks on user-supplied input to the
"stor" command. SwiFTP version 1.11 is affected.
Ref: http://www.securityfocus.com/bid/40265
______________________________________________________________________
10.22.26 CVE: Not Available
Platform: Cross Platform
Title: SquirrelMail "mail_fetch" Remote Information Disclosure
Description: SquirrelMail is a webmail application implemented in PHP.
SquirrelMail is exposed to an information disclosure issue because it
fails to properly validate requests to the "mail_fetch" component.
SquirrelMail 1.4.x versions are affected.
Ref:
http://conference.hitb.org/hitbsecconf2010dxb/materials/D1%20-%20Laurent%20Oudot%20-%20Improving%20the%20Stealthiness%20of%20Web%20Hacking.pdf#page=69
______________________________________________________________________
10.22.27 CVE: CVE-2010-1168, CVE-2010-1974, CVE-2010-1447
Platform: Cross Platform
Title: Perl Safe Module "reval()" and "rdo()" Restriction Bypass Vulnerabilities
Description: Perl is a general purpose scripting language. Safe is a
module for Perl which allows the isolated compilation and execution of
additional Perl code within a Perl application. The Perl Safe module
is exposed to multiple restriction bypass issues. Specifically, Safe
may fail to wrap code returned by the "reval()" and "rdo()" functions.
Safe versions prior to 2.27 are affected.
Ref: http://permalink.gmane.org/gmane.comp.security.oss.general/2932
______________________________________________________________________
10.22.28 CVE: Not Available
Platform: Cross Platform
Title: 3Com Intelligent Management Center Multiple Vulnerabilities
Description: 3Com Intelligent Management Center is a network
management application. The application is exposed to multiple issues
because it fails to sufficiently sanitize user-supplied input.
3Com Intelligent Management Center versions 3.3 SP1 and 3.3.9 are
affected.
Ref:
http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr10-01
______________________________________________________________________
10.22.29 CVE: CVE-2010-1975
Platform: Cross Platform
Title: PostgreSQL "RESET ALL" Unauthorized Access
Description: PostgreSQL is an open source relational database.
PostgreSQL is exposed to an unauthorized access issue because it fails
to restrict the use of the "RESET ALL" operation when called through a
"ALTER USER" or "ALTER DATABASE" statement.
Ref: http://www.postgresql.org/docs/current/static/release-8-3-11.html
______________________________________________________________________
10.22.30 CVE: Not Available
Platform: Cross Platform
Title: FileCOPA FTP Server Directory Traversal
Description: FileCOPA FTP Server is a Windows-based FTP server. The
application is exposed to a directory traversal issue because it fails
to sufficiently sanitize directory traversal strings from
user-supplied commands. FileCOPA FTP Server version 5.02 is affected.
Ref: http://www.securityfocus.com/bid/40312
______________________________________________________________________
10.22.31 CVE: Not Available
Platform: Cross Platform
Title: ClamAV "cli_pdf()" PDF File Processing Denial of Service
Description: ClamAV is a multi platform toolkit used for scanning
email messages for viruses. ClamAV is exposed to a denial of service
issue because it fails to handle crafted PDF files. This error occurs
in the "cli_pdf()" function of the "libclamav/pdf.c" source code file.
Versions prior to ClamAV 0.96.1 are affected.
Ref: https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2016
______________________________________________________________________
10.22.32 CVE: CVE-2010-0776, CVE-2010-0777
Platform: Cross Platform
Title: IBM WebSphere Application Server "response.sendRedirect" Remote
Denial of Service
Description: IBM WebSphere Application Server (WAS) is an application
server used for service oriented architecture. WAS is exposed to a
remote denial of service issue. Specifically, this issue is caused by
an error related to calling the "response.sendRedirect" function with
"Transfer-Encoding" set to "chunked". This issue can be triggered by a
crafted GET request. WebSphere Application Server versions 6.0, 6.1 and
7.0 are affected.
Ref: http://xforce.iss.net/xforce/xfdb/58556
______________________________________________________________________
10.22.33 CVE: CVE-2010-0774
Platform: Cross Platform
Title: IBM WebSphere Application Server JAX-RPC WS-Security/JAX-WS
Runtime Security Bypass
Description: IBM WebSphere Application Server (WAS) is available for
various operating systems. WAS is exposed to a security bypass issue
that occurs when using JAX-RPC WS-Security and JAX-WS runtime. The
application fails to handle specially crafted WebServices PKCS#7 and
PKIPath tokens. WebSphere Application Server prior to 6.0.2.41, 6.1.0.31
and 7.0.0.11 are affected.
Ref: http://xforce.iss.net/xforce/xfdb/58554
______________________________________________________________________
10.22.34 CVE: CVE-2010-0775
Platform: Cross Platform
Title: IBM WebSphere Application Server Nodeagent/Deployment Manager
Remote Denial of Service
Description: IBM WebSphere Application Server (WAS) is available for
various operating systems. WAS is exposed to a remote denial of
service issue related to the Nodeagent and Deployment Manager
components. IBM WebSphere Application Server versions prior to WAS
6.0.2.41, 6.1.0.31 and 7.0.0.11 are affected.
Ref: http://xforce.iss.net/xforce/xfdb/58555
______________________________________________________________________
10.22.35 CVE: Not Available
Platform: Cross Platform
Title: SolarWinds TFTP Server "Read" Request (Opcode 0x01) Denial of
Service
Description: SolarWinds TFTP Server is a Trivial File Transfer
Protocol server available for Microsoft Windows platforms. The
application is exposed to a denial of service issue because it fails
to handle maliciously crafted "Read" (opcode 0x01) requests.
SolarWinds TFTP Server version 10.4.0.10 is affected.
Ref: http://www.securityfocus.com/bid/40333
______________________________________________________________________
10.22.36 CVE: Not Available
Platform: Cross Platform
Title: DotNetNuke Remote Arbitrary File Upload
Description: DotNetNuke is an open source framework for creating and
deploying websites. The application is exposed to a remote arbitrary
file upload issue because it fails to sufficiently sanitize
user-supplied input. Specifically, a malicious PHP file whose name is
appended with a ";name.jpg" type extension can be uploaded through the
"fcklinkgallery.aspx" script.
Ref: http://www.securityfocus.com/bid/40341
______________________________________________________________________
10.22.37 CVE: Not Available
Platform: Cross Platform
Title: Kingsoft Webshield "KAVSafe.sys" Driver IOCTL Handling Local
Privilege Escalation
Description: The Webshield component of Kingsoft protects a user's
browser against malware. Kingsoft Webshield is exposed to a local
privilege escalation issue because the "KAVSafe.sys" driver fails to
properly validate IOCTL requests to the "DeviceIoControl" win32 call
using the "0x830020d4" IoControlCode value. The issue affects Kingsoft
Webshield version 3.5.1.2.
Ref: http://www.securityfocus.com/bid/40342/references
______________________________________________________________________
10.22.38 CVE: Not Available
Platform: Cross Platform
Title: Apache Axis2 "xsd" Parameter Directory Traversal
Description: Apache Axis2 is a Web Services/SOAP/WSDL engine. Apache
Axis2 is exposed to a directory traversal issue because it fails to
sufficiently sanitize user-supplied input to the "xsd" parameter.
Apache Axis2 version 1.4.1 is affected.
Ref: http://www.securityfocus.com/bid/40343
______________________________________________________________________
10.22.39 CVE: CVE-2010-1513
Platform: Cross Platform
Title: Ziproxy Image Parsing Multiple Integer Overflow Vulnerabilities
Description: Ziproxy is a forwarding proxy server that also compresses
data. Ziproxy is exposed to multiple integer overflow issues because
it fails to properly validate user-supplied data when parsing PNG and
JPG images. Specifically, these issues arise in the "jpg2bitmap()"
and "png2bitmap()" functions of the "src/image.c" source file. Ziproxy
version 3.0 is affected.
Ref: http://secunia.com/secunia_research/2010-75/
______________________________________________________________________
10.22.40 CVE: Not Available
Platform: Cross Platform
Title: Simple:Press Plugin for WordPress Security Bypass and Arbitrary
File Upload Vulnerabilities
Description: Simple:Press is a forum plugin for the WordPress
publishing application. Simple:Press is exposed to multiple issues. 1) A
security bypass issue that affects the TinyBrowser component that
allows users to upload arbitrary files without proper permission. 2) A
security issue in the TinyBrowser component that allows attackers to
upload files with multiple extensions. 3) A security issue that allows
attackers to upload files with multiple extensions as avatars.
Simple:Press versions prior to 4.1.3 are affected.
Ref:
http://simple-press.com/support-forum/simplepress-forum-4-1/spf-v4-1-3-security-release-now-available/
______________________________________________________________________
10.22.41 CVE: Not Available
Platform: Cross Platform
Title: TinyBrowser Remote File Upload
Description: TinyBrowser is a file browser built for the TinyMCE
WYSIWYG content editor. TinyBrowser is exposed to an issue that lets
attackers upload arbitrary files because it fails to adequately limit
the types of files that can be uploaded. Attackers can execute their
uploaded script through the "type" parameter of the
"tinybrowser/upload.php" script.
Ref: http://www.securityfocus.com/bid/40358
______________________________________________________________________
10.22.42 CVE: CVE-2009-4134
Platform: Cross Platform
Title: Python "rgbimg" Module ZSIZE Value Buffer Underflow
Description: Python is an interpreted, dynamic object oriented
programming language that is available for many operating systems.
Python's "rgbimg" module is exposed to a buffer underflow issue
because the application fails to perform adequate boundary checks on
user-supplied data. This issue occurs because the application fails
to properly check if the "ZSIZE" value is less than or equal to "4".
Ref: https://bugzilla.redhat.com/show_bug.cgi?id=541698#c9
______________________________________________________________________
10.22.43 CVE: CVE-2010-1449
Platform: Cross Platform
Title: Python "rgbimg" Module "rv" Array Buffer Overflow
Description: Python is an interpreted, dynamic object oriented
programming language that is available for many operating systems.
Python's "rgbimg" module is exposed to a buffer overflow issue because
the application fails to perform adequate boundary checks on
user-supplied data. This issue occurs when handling a specially crafted image.
Ref: https://bugzilla.redhat.com/show_bug.cgi?id=541698#c9
______________________________________________________________________
10.22.44 CVE: CVE-2010-1450
Platform: Cross Platform
Title: Python "rgbimg" RLE Decoder Multiple Buffer Overflow Vulnerabilities
Description: Python is an interpreted, dynamic object oriented
programming language that is available for many operating systems.
Python's "rgbimg" module is exposed to multiple buffer overflow issues
because the application fails to perform adequate boundary checks on
user-supplied data. Successful exploits may allow attackers to execute
arbitrary code in the context of applications using the vulnerable
Python module.
Ref: https://bugzilla.redhat.com/show_bug.cgi?id=541698#c9
______________________________________________________________________
10.22.45 CVE: Not Available
Platform: Cross Platform
Title: Google Chrome prior to 5.0.375.55 Multiple Security
Vulnerabilities
Description: Google Chrome is a web browser for multiple platforms.
Google Chrome is exposed to multiple issues. 1) An unspecified issue
caused by an error in canonicalizing URIs. 2) A URI spoofing issue
related to "unload" event handlers. 3) A memory corruption issue related
to the "Safe Browsing" feature. 4) A security bypass issue affecting the
whitelist mode plugin blocker. 5) A memory corruption error related to
drag and drop behavior. 6) An unspecified issue affecting JavaScript
execution within the "extension" context. Chrome versions prior to
5.0.375.55 are affected.
Ref:
http://googlechromereleases.blogspot.com/2010/05/stable-channel-update.html
______________________________________________________________________
10.22.46 CVE: Not Available
Platform: Cross Platform
Title: Ghostscript "./Encoding/" Search Path Local Privilege
Escalation
Description: Ghostscript is a set of tools and libraries for handling
Portable Document Format (PDF) and PostScript files. The application
is exposed to a local privilege escalation issue. Specifically,
"./Encoding/" is part of the application's execution path.
Ghostscript version 8.64 is affected.
Ref: http://bugs.ghostscript.com/show_bug.cgi?id=691316
______________________________________________________________________
10.22.47 CVE: CVE-2010-1959
Platform: Cross Platform
Title: HP TestDirector for Quality Center Unauthorized Access
Description: HP TestDirector for Quality Center is a quality
management solution for Software QA professionals. HP TestDirector for
Quality Center is exposed to an unauthorized access issue. The cause
of this issue is unknown. HP TestDirector for Quality Center version
9.2 Patch7 and earlier versions running on AIX, Linux and Solaris are
affected.
Ref: http://www.securityfocus.com/bid/40371/references
______________________________________________________________________
10.22.48 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: FunkGallery "index.php" Cross-Site Scripting
Description: FunkGallery is an image gallery application implemented
in PHP. The application is exposed to a cross-site scripting issue
because it fails to sanitize user-supplied input to the "gll"
parameter of the "index.php" script.
Ref: http://www.securityfocus.com/bid/40239/references
______________________________________________________________________
10.22.49 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Shopzilla Affiliate Script PHP "search.php" Cross-Site
Scripting
Description: Shopzilla Affiliate Script PHP is a web-based application
implemented in PHP. The application is exposed to a cross-site scripting
issue because it fails to sanitize user-supplied input to the "s"
parameter of the "search.php" script.
Ref: http://www.securityfocus.com/bid/40246/references
______________________________________________________________________
10.22.50 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Caucho Resin Professional "resin-admin/digest.php" Multiple
Cross-Site Scripting Vulnerabilities
Description: Caucho Resin Professional is an open source application
server available for multiple operating platforms. The application is
exposed to multiple cross-site scripting issues because it fails to
properly sanitize user-supplied input to the "digest_realm" and
"digest_username" parameters of the "resin-admin/digest.php" script.
Resin Professional version 3.1.5 is affected.
Ref: http://www.securityfocus.com/archive/1/511341
______________________________________________________________________
10.22.51 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: ManageEngine ADAudit Plus "reportList" Parameter Cross-Site
Scripting
Description: ManageEngine ADAudit Plus is an Active Directory auditing
and reporting application. ManageEngine ADAudit Plus is exposed to a
cross-site scripting issue because it fails to sufficiently sanitize
user-supplied input to the "reportList" parameter of the
"jsp/audit/reports/ExportReport.jsp" script. ManageEngine ADAudit Plus
version 4.0.0 build 4043 is affected.
Ref: http://www.securityfocus.com/bid/40253
______________________________________________________________________
10.22.52 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: PHP F1 Max's Site Protector "index.php" Cross-Site Scripting
Description: PHP F1 Max's Site Protector is a PHP-based
user authentication application. The application is exposed to a
cross-site scripting issue because it fails to sanitize user-supplied
input to the "index.php" script.
Ref: http://www.securityfocus.com/bid/40267
______________________________________________________________________
10.22.53 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: SoftDirec "delete_confirm.php" Cross-Site Scripting
Description: SoftDirec is a PHP-based repository application.
SoftDirec is exposed to a cross-site scripting issue because it fails
to properly sanitize user-supplied input to the "id" parameter of the
"softdirec/library/delete_confirm.php" script. SoftDirec version 1.05
is affected.
Ref: http://www.securityfocus.com/bid/40269
______________________________________________________________________
10.22.54 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Drupal download_count Module Cross-Site Scripting
Description: download_count is a module for Drupal content manager.
The module is exposed to a cross-site scripting issue because it fails
to properly sanitize unspecified input before displaying it in a
user's browser. download_count versions 5.x-1.0 and 6.x-1.3 are
affected.
Ref: http://drupal.org/node/803728
______________________________________________________________________
10.22.55 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Private Message Module For Drupal Delete User Cross-Site
Request Forgery
Description: Private Message is a module for the Drupal content
manager. Private Message is exposed to a cross-site request forgery
issue affecting the "delete message" form. Versions prior to Private
Message 6.x are affected.
Ref: http://drupal.org/node/803728
______________________________________________________________________
10.22.56 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: User Queue Module For Drupal Delete User Cross-Site Request
Forgery
Description: User Queue is a module for the Drupal content manager.
User Queue is exposed to a cross-site request forgery issue affecting
the "delete user" functionality. Versions prior to User Queue 6.x-1.1
are affected.
Ref: http://drupal.org/node/803840
______________________________________________________________________
10.22.57 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Drupal External Link Page Module Cross-Site Scripting
Description: External Link Page is a PHP-based module for the Drupal
content manager. The module is exposed to a cross-site scripting issue
because it fails to properly sanitize unspecified input in its
administrator page. Versions prior to External Link Page 6.x-1.2 and
5.x-1.0 are affected.
Ref: http://drupal.org/node/803766
______________________________________________________________________
10.22.58 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: StivaSoft Stiva SHOPPING CART "demo.php" Cross-Site Scripting
Description: Stiva SHOPPING CART is a shopping cart application. The
application is exposed to a cross-site scripting issue because it
fails to sanitize user-supplied input to the "cat" parameter of the
"demo.php" script. Stiva SHOPPING CART version 1.0 is affected.
Ref: http://www.securityfocus.com/bid/40310
______________________________________________________________________
10.22.59 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Triburom "forum.php" Cross-Site Scripting
Description: Triburom is a PHP-based web forum application. The
application is exposed to a cross-site scripting issue because it
fails to sanitize user-supplied input to the "cat" parameter of the
"forum.php" script.
Ref: http://www.securityfocus.com/bid/40316
______________________________________________________________________
10.22.60 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Apache Axis2 "engagingglobally" Cross-Site Scripting
Description: Apache Axis2 is a Web Services/SOAP/WSDL engine. The
application is exposed to a cross-site scripting issue because it
fails to properly sanitize user-supplied input. Specifically, the
"modules" parameter of the "axis2-admin/engagingglobally" script is
vulnerable. Apache Axis2 version 1.4.1 is affected.
Ref:
http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr10-03
______________________________________________________________________
10.22.61 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: NPDS Revolution "admin.php" Cross-Site Request Forgery
Description: NPDS Revolution is a web application implemented in PHP.
The software is exposed to a cross-site request forgery issue because
it fails to properly verify the source of HTTP requests. Specifically,
this issue affects the "admin.php" script. NPDS Revolution version
10.02 is affected.
Ref: http://www.securityfocus.com/archive/1/511399
______________________________________________________________________
10.22.62 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Cacti Multiple Cross-Site Scripting Vulnerabilities
Description: Cacti is a frontend to RRDTool. It is implemented in PHP
and uses an SQL backend database. The application is exposed to
multiple cross-site scripting issues because it fails to sufficiently
sanitize user-supplied input to the "hostname", "host_id", and
"description" parameters of unspecified scripts. Cacti versions prior
to 0.8.7f are affected.
Ref: http://www.securityfocus.com/archive/1/511393
______________________________________________________________________
10.22.63 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: gpEasy CMS "editing_files.php" Cross-Site Scripting
Description: gpEasy CMS is a PHP-based content manager. The
application is exposed to a cross-site scripting issue because it
fails to sanitize user-supplied input to the "gpcontent" parameter of
the "include/tool/editing_files.php" script. Versions prior to gpEasy
CMS 1.6.3 are affected.
Ref: http://www.securityfocus.com/archive/1/511388
______________________________________________________________________
10.22.64 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: PHP Calendar Multiple Cross-Site Scripting Vulnerabilities
Description: PHP-Calendar is a PHP-based web application. The
application is exposed to multiple cross-site scripting issues because
it fails to sanitize user-supplied input to the "description" and
"lastaction" parameters of unspecified scripts. PHP-Calendar version
2.0 Beta6 is affected.
Ref: http://www.vupen.com/english/advisories/2010/1202
______________________________________________________________________
10.22.65 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: U.S.Robotics USR5463 Firmware "/cgi-bin/setup_ddns.exe"
Cross-Site Request Forgery
Description: U.S.Robotics USR5463 firmware is a web-based router
management application. The software is exposed to a cross-site
request forgery issue because it fails to properly verify the source
of HTTP requests. Specifically, this issue affects the
"/cgi-bin/setup_ddns.exe" script. U.S.Robotics USR5463 firmware
versions 0.01 through 0.06 are affected.
Ref: http://www.securityfocus.com/bid/40348
______________________________________________________________________
10.22.66 CVE: CVE-2010-1459
Platform: Web Application - Cross Site Scripting
Title: Mono "EnableViewStateMac" Cross-Site Scripting
Description: Mono is a web server application. The application is
exposed to a cross-site scripting weakness because it does not allow a
user to enable the "EnableViewStateMac" property. The issue affects
versions prior to Mono 2.6.4.
Ref:
http://www.mono-project.com/Vulnerabilities#ASP.NET_View_State_Cross-Site_Scripting
______________________________________________________________________
10.22.67 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: ManageEngine ADManager Plus "computerName" Parameter Cross-Site
Scripting
Description: ManageEngine ADManager Plus is an Active Directory
reporting and management application. ADManager Plus is exposed to a
cross-site scripting issue because it fails to sufficiently sanitize
user-supplied input to the "computerName" parameter of the
"jsp/admin/tools/remote_share.jsp" script. ManageEngine ADManager Plus
version 4.4.0 is affected.
Ref: http://www.securityfocus.com/bid/40355/references
______________________________________________________________________
10.22.68 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Debliteck DBCMS "article.php" SQL Injection
Description: Debliteck DBCMS is a PHP-based content manager. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied input to the "id" parameter of the
"article.php" script before using it in an SQL query. DBCMS version
2.01 is affected.
Ref: http://www.securityfocus.com/bid/40250
______________________________________________________________________
10.22.69 CVE: Not Available
Platform: Web Application - SQL Injection
Title: MigasCMS "function.php" SQL Injection
Description: MigasCMS is a PHP-based content manager. The application
is exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied input to the "categ" parameter of the
"function.php" script before using it in an SQL query. MigasCMS
version 1.0 is affected.
Ref: http://www.securityfocus.com/bid/40256/references
______________________________________________________________________
10.22.70 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Debliteck DBCMS "section.php" SQL Injection
Description: Debliteck DBCMS is a PHP-based content manager. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied input to the "id" parameter of the
"section.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/40259
______________________________________________________________________
10.22.71 CVE: CVE-2010-1923
Platform: Web Application - SQL Injection
Title: Web 2.0 Social Network Freunde Community System "user.php" SQL
Injection
Description: Web 2.0 Social Network Freunde Community System is a
PHP-based social networking application. The application is exposed to
an SQL injection issue because it fails to sufficiently sanitize
user-supplied data to the "id" parameter of the "cms/user.php" script
before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/40264/references
______________________________________________________________________
10.22.72 CVE: NOT SET YET
Platform: Web Application - SQL Injection
Title: MoME CMS Login "username" Field SQL Injection
Description: MoME CMS is a content management application implemented
in PHP. The application is exposed to an SQL injection issue because
it fails to sufficiently sanitize user-supplied data. This issue
affects the application's login functionality. Specifically, the
"username" field is not properly sanitized before it is used in an SQL
query. MoME CMS version 0.8.5 is affected.
Ref: http://www.securityfocus.com/bid/40266
______________________________________________________________________
10.22.73 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Renista CMS "Default.aspx" SQL Injection
Description: Renista CMS is a web-based content management system. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied input to the "id" parameter of the
"rtl/Default.aspx" script.
Ref: http://www.securityfocus.com/bid/40299
______________________________________________________________________
10.22.74 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Specialized Data Systems Parent Connect Multiple SQL Injection
Vulnerabilities
Description: Specialized Data Systems Parent Connect is an ASP-based
student reporting application. The application is exposed to multiple
SQL injection issues because it fails to sufficiently sanitize
user-supplied input. These issues affect the "password" field of the
application's login page, and the "Link Accounts" form. Parent Connect
version 2010.4.11 is affected.
Ref: http://www.securityfocus.com/bid/40324
______________________________________________________________________
10.22.75 CVE: Not Available
Platform: Web Application - SQL Injection
Title: ConPresso CMS "firma.php" SQL Injection
Description: ConPresso CMS is a PHP-based content management system.
The application is exposed to an SQL injection issue because it fails
to sufficiently sanitize user-supplied input to the "id" parameter of
the "firma.php" script. ConPresso version 4.0.7 is affected.
Ref: http://www.securityfocus.com/bid/40335
______________________________________________________________________
10.22.76 CVE: Not Available
Platform: Web Application - SQL Injection
Title: PSI CMS "index.php" Multiple SQL Injection Vulnerabilities
Description: PSI CMS is a PHP-based content management system. The
application is exposed to multiple SQL injection issues because it
fails to sufficiently sanitize user-supplied data to the "page",
"subj", and "subpage" parameters of the "index.php" script. PSI CMS
version 0.3.1 is affected.
Ref: http://www.securityfocus.com/bid/40337
______________________________________________________________________
10.22.77 CVE: Not Available
Platform: Web Application - SQL Injection
Title: ECShop "search.php" SQL Injection
Description: ECShop is a PHP-based web application. The application
is exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied input to the "encode" parameter of the
"search.php" script.
Ref: http://www.securityfocus.com/bid/40338
______________________________________________________________________
10.22.78 CVE: Not Available
Platform: Web Application - SQL Injection
Title: NITRO Web Gallery "PictureId" Parameter SQL Injection
Description: NITRO Web Gallery is a PHP-based image gallery. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "PictureId" parameter
before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/40350/references
______________________________________________________________________
10.22.79 CVE: Not Available
Platform: Web Application - SQL Injection
Title: WebAsyst Shop-Script "index.php" SQL Injection
Description: WebAsyst Shop-Script is a PHP-based web application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied input to the "blog_id" parameter
of the "index.php" script.
Ref: http://www.securityfocus.com/bid/40349
______________________________________________________________________
10.22.80 CVE: Not Available
Platform: Web Application - SQL Injection
Title: cyberhost "default.asp" SQL Injection
Description: cyberhost is an ASP-based domain and sales hosting
application. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"id" parameter of the "default.asp" script before using it in an SQL
query.
Ref: http://www.securityfocus.com/bid/40357/references
______________________________________________________________________
10.22.81 CVE: Not Available
Platform: Web Application - SQL Injection
Title: BLOX CMS "c" Parameter SQL Injection
Description: BLOX CMS is a content management system. The application
is exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied input to the "c" parameter of the
"app/classifieds/rentals" script.
Ref: http://www.securityfocus.com/bid/40359/references
______________________________________________________________________
10.22.82 CVE: Not Available
Platform: Web Application - SQL Injection
Title: WebAsyst "blog_id" parameter SQL Injection
Description: WebAsyst is a PHP-based web application suite. WebAsyst
is exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied input to the "blog_id" parameter of the
"index.php" script.
Ref: http://www.securityfocus.com/bid/40362/references
______________________________________________________________________
10.22.83 CVE: Not Available
Platform: Web Application - SQL Injection
Title: CU Village CMS Site "index.php" SQL Injection
Description: CU Village CMS Site is a PHP-based content manager. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "print_view" parameter
of the "index.php" script before using it in an SQL query. CMS Site
version 1.0 is affected.
Ref: http://www.securityfocus.com/bid/40360/references
______________________________________________________________________
10.22.84 CVE: Not Available
Platform: Web Application
Title: DataTrack System "Home.aspx" HTML Injection
Description: DataTrack System is an ASP-based service and support
management system. DataTrack System is exposed to an HTML injection
issue because it fails to sufficiently sanitize user-supplied input.
Specifically, this issue affects the "Work_Order_Summary" parameter of
the "Home.aspx" script when the "CurrentPage" parameter is set to "0".
DataTrack System version 3.5.8019.4 is affected.
Ref:
http://cross-site-scripting.blogspot.com/2010/05/datatrack-system-35-persistent-xss.html
______________________________________________________________________
10.22.85 CVE: Not Available
Platform: Web Application
Title: Battle Scrypt "upload.php" Remote Arbitrary File Upload
Description: Battle Scrypt is a PHP-based voting script. The
application is exposed to a remote arbitrary file upload issue because
it fails to sufficiently sanitize user-supplied input. Specifically, a
malicious PHP file named with a ".jpg" extension can be uploaded
through the "upload.php" script and run through the "images/uploads/"
directory.
Ref: http://www.securityfocus.com/bid/40254/references
______________________________________________________________________
10.22.86 CVE: Not Available
Platform: Web Application
Title: Wordpress Import Drupal Module Unauthorized Access
Description: Wordpress Import is a module for the Drupal content
manager. Wordpress Import is exposed to an unauthorized access issue
that allows unauthorized users to upload arbitrary files and import
data from a remote WXR file. This issue arises because the application
fails to implement sufficient access controls on the WXR file import
form. Versions of Wordpress Import prior to 6.x-2.1 are affected.
Ref: http://drupal.org/node/803484
______________________________________________________________________
10.22.87 CVE: Not Available
Platform: Web Application
Title: Drupal CAPTCHA Module Description HTML Injection
Description: CAPTCHA is a Drupal module that allows users to add a
CAPTCHA (Completely Automated Public Turing test to tell Computers and
Humans Apart) challenge to forms. The module is exposed to an HTML
injection issue because it fails to properly sanitize the CAPTCHA
description before displaying it in a user's browser. CAPTCHA versions
prior to 5.x-3.3 and 6.x-2.2 are affected.
Ref: http://drupal.org/node/803566
______________________________________________________________________
10.22.88 CVE: Not Available
Platform: Web Application
Title: Drupal Heartbeat Module Multiple HTML Injection Vulnerabilities
Description: Heartbeat is a module for the Drupal content manager. The
application is exposed to multiple HTML injection issues because it
fails to sufficiently sanitize user-supplied data. Specifically, issues
occur when processing "shouts", "comments", and "heartbeat_messages".
Versions prior to Heartbeat version 6.x-4.9 are affected.
Ref: http://drupal.org/node/803570
______________________________________________________________________
10.22.89 CVE: Not Available
Platform: Web Application
Title: Drupal Menu Block Split Module HTML Injection
Description: Menu Block Split is a module for the Drupal content
management system. The module is exposed to an HTML injection issue
because it fails to properly sanitize user-supplied input to the
subject of a block. Menu Block Split versions 6.x-2.1 and 5.x-2.1 are
affected.
Ref: http://www.securityfocus.com/bid/40271
______________________________________________________________________
10.22.90 CVE: Not Available
Platform: Web Application
Title: Drupal Weather Underground Module Block Subject HTML Injection
Description: Weather Underground is a Drupal module that retrieves and
displays weather information. The module is exposed to an HTML
injection issue because it fails to properly sanitize the block
subject before displaying it in a user's browser. Weather Underground
version 6.x-2.0 is affected.
Ref: http://drupal.org/node/803728
______________________________________________________________________
10.22.91 CVE: Not Available
Platform: Web Application
Title: Drupal osCommerce Module HTML Injection
Description: osCommerce is a module for Drupal content manager. The
module is exposed to an HTML injection issue because it fails to
properly sanitize the "Title for manufacturers block" configuration
field before displaying it in a user's browser. osCommerce version
6.x-1.0 is affected.
Ref: http://drupal.org/node/803728
______________________________________________________________________
10.22.92 CVE: Not Available
Platform: Web Application
Title: Drupal Comment Page Module Multiple HTML Injection Vulnerabilities
Description: Comment Page is a module for Drupal content manager. The
module is exposed to multiple HTML injection issues because it fails
to properly sanitize some content before displaying it in a user's
browser. Comment Page versions 5.x-1.1 and 6.x-1.1 are affected.
Ref: http://drupal.org/node/803728
______________________________________________________________________
10.22.93 CVE: Not Available
Platform: Web Application
Title: Drupal Comment Page Module Security Bypass
Description: Comment Page is a module for Drupal content manager. The
module is exposed to a security bypass issue because it incorrectly
uses drupal_access_denied function and uses a non-existing "admin
comments" permission as access argument to its administration page.
Comment Page versions 5.x-1.1 and 6.x-1.1 are affected.
Ref: http://drupal.org/node/803728
______________________________________________________________________
10.22.94 CVE: Not Available
Platform: Web Application
Title: Snipe Gallery "cfg_admin_path" Parameter Multiple Remote File
Include Vulnerabilities
Description: Snipe Gallery is a web-based application implemented in
PHP. The application is exposed to multiple remote file include issues
because it fails to properly sanitize user-supplied input to the
"cfg_admin_path" parameter of the "image.php" and "gallery.php"
scripts. The issues affect Snipe Gallery versions 3.1.4 and prior.
Ref: http://www.securityfocus.com/bid/40279/references
______________________________________________________________________
10.22.95 CVE: Not Available
Platform: Web Application
Title: Drupal Rotor Banner Module Multiple HTML Injection Vulnerabilities
Description: Rotor Banner is an image upload module for the Drupal
content manager. The module is exposed to multiple HTML injection
issue because it fails to properly sanitize user-supplied input to the
"srs", "title" and "alt" image attributes. Rotor Banner versions prior
to 5.x-1.8 and 6.x-2.5 are affected.
Ref: http://drupal.org/node/803930
______________________________________________________________________
10.22.96 CVE: Not Available
Platform: Web Application
Title: Panels Module For Drupal Arbitrary PHP Code Execution
Description: Panels is a module for the Drupal content manager for
creating customized layouts. The Mini panels module is included with
the Panels module. Mini panels is exposed to an issue that lets
attackers execute arbitrary PHP code because it fails to sufficiently
restrict user access. Attackers with "create mini panels" permissions
can execute arbitrary PHP code on the server through the import
functionality. Versions of Panels prior to 6.x-3.4 are affected.
Ref: http://drupal.org/node/803952
______________________________________________________________________
10.22.97 CVE: Not Available
Platform: Web Application
Title: Drupal Storm Project HTML Injection
Description: Storm is a billing and project management module for the
Drupal content manager. Storm is exposed to an HTML injection issue
because it fails to properly sanitize user-supplied data. Successful
exploits will allow attacker-supplied HTML and script code to run in
the context of the affected browser, potentially allowing the attacker
to steal cookie-based authentication credentials. Storm versions
prior to 6.x-1.33 are affected.
Ref: http://drupal.org/node/803770
______________________________________________________________________
10.22.98 CVE: Not Available
Platform: Web Application
Title: Drupal Simplenews Module Subscribe To Newsletters Security
Bypass
Description: Simplenews is a module for the Drupal content manager.
The module is exposed to a security bypass issue because it fails to
properly restrict access to sensitive functions. Specifically,
attackers with "subscribe to newsletter" permissions may edit
subscriptions associated with arbitrary users. Versions prior to
Simplenews 6.x-1.2 are affected.
Ref: http://drupal.org/node/803772
______________________________________________________________________
10.22.99 CVE: Not Available
Platform: Web Application
Title: U.S.Robotics USR5463 Firmware "setup_ddns.exe" HTML Injection
Description: U.S.Robotics USR5463 firmware is a web-based router
management application. The application is exposed to an HTML injection
issue because it fails to sufficiently sanitize user-supplied input to
the routers DDNS (Dynamic Domain Name Server) setup page
"cgi-bin/setup_ddns.exe". U.S.Robotics firmware USR5463 version 0.06
is affected.
Ref: http://www.securityfocus.com/archive/1/511370
______________________________________________________________________
10.22.100 CVE: Not Available
Platform: Web Application
Title: Drupal False Account Detector Module Multiple Cross-Site
Scripting and SQL Injection Vulnerabilities
Description: The False Account Detector module for Drupal gives sites
the ability to localize content. The module is exposed to multiple
unspecified cross-site scripting and SQL injection issues because the
application fails to properly sanitize user-supplied input related to
received cookies.
Ref: http://drupal.org/node/803728
______________________________________________________________________
10.22.101 CVE: Not Available
Platform: Web Application
Title: Horde IMP Remote Information Disclosure
Description: Horde IMP (Internet Messaging Program) is a PHP-based
application that supports IMAP and POP3 webmail access. The
application is exposed to an information disclosure issue because it
fails to properly validate requests.
Ref:
http://conference.hitb.org/hitbsecconf2010dxb/materials/D1%20-%20Laurent%20Oudot%20-%20Improving%20the%20Stealthiness%20of%20Web%20Hacking.pdf#page=74
______________________________________________________________________
10.22.102 CVE: Not Available
Platform: Web Application
Title: Spaw Editor "spawfm" Module Arbitrary File Upload
Description: Spaw Editor is a web-based HTML editor available for
multiple platforms. The application is exposed to an issue that lets
attackers upload arbitrary files because it fails to adequately
sanitize user-supplied files before uploading them onto the web server.
Specifically, users may upload files which contain unsafe extensions.
The following versions of Spaw Editor are affected: Spaw Editor 1.0,
Spaw Editor PHP Edition 2.0 and Spaw Editor .NET Edition 2.0.
Ref: http://www.securityfocus.com/bid/40295/references
______________________________________________________________________
10.22.103 CVE: Not Available
Platform: Web Application
Title: DotNetNuke User Messaging Module HTML Injection
Description: DotNetNuke is an open source framework for creating and
deploying websites. The application is exposed to an HTML injection
issue because it fails to properly sanitize user-supplied input before
displaying it in a browser. Specifically, this issue affects messages
generated in the user messaging module. DotNetNuke 5.3.0 through 5.4.1
are affected.
Ref:
http://www.dotnetnuke.com/News/SecurityPolicy/Securitybulletinno36/tabid/1552/Default.aspx
______________________________________________________________________
10.22.104 CVE: Not Available
Platform: Web Application
Title: Lisk CMS "id" Parameter Multiple Cross-Site Scripting and SQL
Injection Vulnerabilities
Description: Lisk CMS is a PHP-based content management application.
The application is exposed to multiple issues because it fails to
sanitize user-supplied input. Exploiting these issues could allow an
attacker to steal cookie-based authentication credentials, control how
the site is rendered to the user. Lisk CMS version 4.4 is affected.
Ref:
http://www.htbridge.ch/advisory/sql_injection_vulnerability_in_lisk_cms_1.html
______________________________________________________________________
10.22.105 CVE: CVE-2010-1630
Platform: Web Application
Title: phpBB "posting.php" Unspecified Security
Description: phpBB is a PHP-based online bulletin board. The
application is exposed to an unspecified security issue that affects
the "posting.php" script. The issue is related to the use of a "forum
id" when posting global announcements. Versions prior to phpBB 3.0.5
are affected.
Ref: http://www.securityfocus.com/bid/40323
______________________________________________________________________
10.22.106 CVE: Not Available
Platform: Web Application
Title: Alibaba Clone Script SQL Injection and Cross-Site Scripting
Description: Alibaba Clone Script is a PHP-based online trading script.
The application is exposed to the following issues because it fails to
sufficiently sanitize user-supplied input. A cross-site scripting issue
affects the "errmsg" parameter of the "gen_confirm.php" script. An SQL
injection issue affects the "cid" parameter of the "cat_sell.php"
script.
Ref: http://www.securityfocus.com/bid/40336/references
______________________________________________________________________
10.22.107 CVE: Not Available
Platform: Web Application
Title: JV2 Folder Gallery "gallery.php" Remote File Include
Description: JV2 Folder Gallery is an image gallery implemented in
PHP. The application is exposed to a remote file include issue because
it fails to sufficiently sanitize user-supplied input to the
"lang_file" parameter of the "gallery/gallery.php" script. This issue
affects version 3.1.
Ref: http://www.securityfocus.com/bid/40339/references
______________________________________________________________________
10.22.108 CVE: Not Available
Platform: Web Application
Title: Webby HTTP GET Request Buffer Overflow
Description: Webby is an HTTP server implemented in Ruby. Webby is
exposed to a remote buffer overflow issue because it fails to perform
adequate boundary checks on user-supplied input. This issue occurs
when handling a specially crafted HTTP "GET" request. Webby version
1.01 is affected.
Ref: http://www.securityfocus.com/archive/1/511428
______________________________________________________________________
10.22.109 CVE: Not Available
Platform: Web Application
Title: BigACE Cross-Site Request Forgery and HTML Injection
Vulnerabilities
Description: BigACE is a PHP-based content manager. The application is
exposed to multiple remote issues. Cross-site request forgery issues
affect the "$_SERVER["HTTP_REFERER"]" and
"$_SERVER["SERVER_NAME"]" parameters. BigACE versions prior to 2.7.2
are affected.
Ref: http://www.securityfocus.com/archive/1/511417
______________________________________________________________________
10.22.110 CVE: Not Available
Platform: Web Application
Title: OpenForum "saveAsAttachment()" Method Arbitrary File Creation
Description: OpenForum integrated web server and wiki application. The
application is exposed to an issue that can allow remote attackers to
create arbitrary files through the "saveAsAttachment()" method.
User-supplied input passed through POST requests can specify that a
malicious Sugar ".sjs" file be created outside of the webroot.
OpenForum version 2.2 b005 is affected.
Ref: http://www.securityfocus.com/bid/40364/references
______________________________________________________________________
10.22.111 CVE: Not Available
Platform: Network Device
Title: D-Link DI-724P+ Router "wlap.htm" HTML Injection
Description: D-Link DI-724P+ is a router. The router is exposed to an
HTML injection issue. The device's web-based administration tool fails
to sanitize user-supplied input to the "wlap.htm" script before storing
it in the "wireless" properties section.
Ref: http://seclists.org/fulldisclosure/2010/May/262
______________________________________________________________________
10.22.112 CVE: CVE-2010-2025 , CVE-2010-2026
Platform: Network Device
Title: Cisco DPC2100 Multiple Security Bypass and Cross-Site Request
Forgery Vulnerabilities
Description: The Cisco DPC2100 (formerly Scientific Atlanta DPC2100)
is a cable modem and router device for home use. The device is exposed
to multiple issues. 1) Multiple security bypass issues exist because the
device fails to adequately restrict access to sensitive administrative
functions. 2) Multiple cross-site request forgery issues affect
unspecified scripts and parameters. Firmware versions prior to version
2.0.2.r1256-100324as are affected.
Ref:
http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0322.html
______________________________________________________________________
(c) 2010. All rights reserved. The information contained in this
newsletter, including any external links, is provided "AS IS," with no
express or implied warranty, for informational purposes only. In some
cases, copyright for material in this newsletter may be held by a
party other than Qualys (as indicated herein) and permission to use
such material must be requested from the copyright owner.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Darwin)
iEUEARECAAYFAkv/4CYACgkQ+LUG5KFpTkZi3QCXelWAZ3d12LrC66fSF1Om3RUu
mwCePutRcJZTu/eChoy91CjrbqRwF48=
=mjsI
-----END PGP SIGNATURE-----
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]