NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > SANS> 2010

RISK: The Consensus Security Vulnerability Alert Vol. 9 No. 23

From: The SANS Institute (ConsensusSecurityVulnerabilityAlertsans.org)
Date: Fri Jun 04 2010 - 08:00:07 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

******************************************************************
RISK: The Consensus Security Vulnerability Alert
June 3rd, 2010 Vol. 9. Week 23
******************************************************************

RISK is the SANS community's consensus bulletin summarizing the most
important vulnerabilities and exploits identified during the past week
and providing guidance on appropriate actions to protect your systems
(PART I). It also includes a comprehensive list of all new
vulnerabilities discovered in the past week (PART II).

Summary of Updates and Vulnerabilities in this Consensus

Platform Number of Updates and Vulnerabilities
- ------------------------ -------------------------------------

Third Party Windows Apps 9
Linux 2
BSD 1
Aix 1
Unix 1
Novell 2 (#1,#2)
Cross Platform 21 (#3)
Web Application - Cross Site Scripting 14
Web Application - SQL Injection 11
Web Application 15
Network Device 3

******************** Sponsored By VMWare, Inc ********************

REGISTER NOW for the upcoming Industry Analysts Program Webcast - A
Guide to Virtual Hardening Guides
Sponsored By: VMWare
Featuring: Dave Shackleford & Charu Chaubal
http://www.sans.org/info/60103
******************************************************************
TRAINING UPDATE
- -- SANSFIRE 2010, Baltimore, June 6-14, 2010
36 courses. ÿBonus evening presentations include Software Security
Street Fighting Style and The Verizon Data Breach Investigations
Report
http://www.sans.org/sansfire-2010/
- -- SANS Rocky Mountain 2010, Denver, July 12-17, 2010
8 courses. ÿBonus evening presentations include Hiding in Plain Sight:
Forensic Techniques to Counter the Advanced Persistent Threat
http://www.sans.org/rocky-mountain-2010/
- -- SANS Boston 2010, August 2-8, 2010
11 courses. ÿSpecial Events include Rapid Response Security Strategy Competition
http://www.sans.org/boston-2010/
- -- SANS Virginia Beach 2010, August 29-September 3, 2010
9 courses
http://www.sans.org/virginia-beach-2010/
- -- SANS Network Security 2010, Las Vegas, September 19-27, 2010
40 courses. Bonus evening presentations include The Return of Command
Line Kung Fu and Cyberwar or Business as Usual? The State of US
Federal CyberSecurity Initiatives
http://www.sans.org/network-security-2010/
Looking for training in your own community? http://sans.org/community/
Save on On-Demand training (30 full courses) - See samples at
http://www.sans.org/ondemand/spring09.php
Plus Amsterdam, Kuala Lumpur, Canberra and Portland all in the next 90 days.
For a list of all upcoming events, on-line and live: www.sans.org
*************************************************************************

Table Of Contents
Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)
Widely Deployed Software
(1) HIGH: Novell ZENworks Configuration Management Preboot Service Remote Code Execution Vulnerability
(2) MEDIUM: Novell eDirectory Buffer Overflow
(3) MEDIUM: Adobe Photoshop Multiple File Types Buffer Overflow Vulnerabilities

************************* Sponsored Link: ******************************

1) Take our SANS network resiliency survey and help us find out if
organizations have security resiliency on their radars. Complete the
survey and be entered in a drawing for a $250 American Express Gift
Certificate! Results will be announced in our June 30 SANS Analysts
Webcast, 1PM EST. http://www.sans.org/info/60108
*************************************************************************

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from
Qualys (www.qualys.com)

-- Third Party Windows Apps
10.23.1 - Muziic Player ".mp3" File Remote Buffer Overflow
10.23.2 - Home FTP Server Cross-Site Request Forgery
10.23.3 - Brekeke PBX "pbx/gate" Cross-Site Request Forgery
10.23.4 - emesene "/tmp/emsnpic" Insecure Temporary File Creation
10.23.5 - Zip Explorer ".zar" File Buffer Overflow
10.23.6 - Xftp "LIST" Response Remote Buffer Overflow
10.23.7 - JustSystems Ichitaro Character Attributes Processing Remote Code Execution
10.23.8 - Audiotran ".pls" File Remote Buffer Overflow
10.23.9 - Microsoft Internet Explorer CSS "expression" Remote Denial of Service
-- Linux
10.23.10 - Linux Kernel "knfsd" "current->mm" Modifier Local Denial of Service
10.23.11 - Red Hat Client Tools "loginAuth.pkl" Local Security Bypass
-- BSD
10.23.12 - FreeBSD jail(8) Local Security Bypass
-- Aix
10.23.13 - IBM Communications Server for AIX Remote Denial of Service
-- Unix
10.23.14 - Exim MBX Locking Insecure Temporary File Creation
-- Novell
10.23.15 - Novell Access Manager Identity Server X.509 Authentication Security Bypass
10.23.16 - Novell ZENworks Configuration Management Preboot Service Stack Buffer Overflow
-- Cross Platform
10.23.17 - Python "audioop" Module Integer Overflow
10.23.18 - TheGreenBow VPN Client Stack Buffer Overflow
10.23.19 - Adobe Photoshop Multiple File Types Remote Code Execution
10.23.20 - EMC Avamar "gsan" Service Denial of Service
10.23.21 - Mozilla Firefox Error Handling Information Disclosure
10.23.22 - FreeBSD OPIE "__opiereadrec()" Off By One Heap Memory Corruption
10.23.23 - Nemesis Player ".nsp" File Remote Denial of Service
10.23.24 - Home FTP Server Directory Traversal
10.23.25 - nginx Directory Traversal
10.23.26 - Ghostscript Insecure Temporary File Creation
10.23.27 - VLC Media Player Multiple Media File Formats Buffer Overflow
10.23.28 - nginx Space String Remote Source Code Disclosure
10.23.29 - IBM Lotus Connections Multiple
10.23.30 - IBM DB2 prior to 9.7 Fix Pack 2 Multiple Security Vulnerabilities
10.23.31 - Exim Sticky Mail Directory Local Privilege Escalation
10.23.32 - DM Database Server "SP_DEL_BAK_EXPIRED" Memory Corruption
10.23.33 - Websense "Via" HTTP Header Web Filtering Security Bypass
10.23.34 - Ghostscript "gs_init.ps" With "-P-" Flag Search Path Local Privilege Escalation
10.23.35 - SBLIM-SFCB Multiple Buffer Overflow Vulnerabilities
10.23.36 - Winamp AVI File RIFF Data Remote Denial of Service
10.23.37 - Accoria Rock Web Server Multiple Security
-- Web Application - Cross Site Scripting
10.23.38 - GetSimple CMS "components.php" Cross-Site Scripting
10.23.39 - RuubikCMS "index.php" Cross-Site Scripting
10.23.40 - md5 Encryption Decryption PHP Script "index.php" Cross-Site Scripting
10.23.41 - PHPCalendar Calendar Script Multiple Cross-Site Scripting Vulnerabilities
10.23.42 - BackLinkSpider Multiple Cross-Site Scripting Vulnerabilities
10.23.43 - ZoneCheck "zc.cgi" Cross-Site Scripting
10.23.44 - MediaWiki CSS Input Cross-Site Scripting
10.23.45 - Toronja CMS "index.php" Cross-Site Scripting
10.23.46 - CMScout Cross-Site Scripting
10.23.47 - wsCMS "news.php" Cross-Site Scripting
10.23.48 - Zeeways eBay Clone Auction Script "signinform.php" Cross-Site Scripting
10.23.49 - Smart Statistics "smart_statistics_admin.php" Cross-Site Scripting
10.23.50 - dotDefender Log Viewer Cross-Site Scripting
10.23.51 - Datetopia Match Agency BiZ Multiple Cross-Site Scripting Vulnerabilities
-- Web Application - SQL Injection
10.23.52 - 360 Web Manager "webpages-form-led-edit.php" SQL Injection
10.23.53 - Multi Shop CMS "pages.php" SQL Injection
10.23.54 - BackLinkSpider "cat_id" Parameter SQL Injection
10.23.55 - MultiShopCMS Multi Vendor Mall Multiple SQL Injection Vulnerabilities
10.23.56 - Toronja CMS Multiple SQL Injection Vulnerabilities
10.23.57 - osCommerce Visitor Web Stats Add-On "Accept-Language" Header SQL Injection
10.23.58 - ImpressPages CMS "admin.php" Multiple SQL Injection Vulnerabilities
10.23.59 - Fusebox "CatDisplay" Parameter SQL Injection
10.23.60 - wsCMS Multiple SQL Injection Vulnerabilities
10.23.61 - YourArcadeScript "username" Parameter SQL Injection
10.23.62 - TermiSBloG Multiple SQL Injection Vulnerabilities
-- Web Application
10.23.63 - razorCMS "admin/index.php" HTML Injection
10.23.64 - Nuked-Klan Search Request Denial of Service
10.23.65 - CiviCRM Multiple HTML Injection Vulnerabilities
10.23.66 - Layout CMS SQL Injection and Cross-Site Scripting Vulnerabilities
10.23.67 - GR Board "page.php" Remote File Include
10.23.68 - Symphony "mode" Parameter Local File Include
10.23.69 - Plugin Gallery For Nucleus Remote File Include and SQL Injection Vulnerabilities
10.23.70 - NP_Twitter Nucleus Plugin "DIR_NUCLEUS" Remote File Include
10.23.71 - Clearsite "header.php" Remote File Include
10.23.72 - PHP Mysqlnd Extension Information Disclosure and Multiple Buffer Overflow Vulnerabilities
10.23.73 - x10media Image Hosting Script "create_image_gallery.php" Arbitrary File Upload
10.23.74 - Visitor Logger "banned.php" Remote File Include
10.23.75 - E107 Persian "usersettings.php" HTML Injection
10.23.76 - CMS Made Simple Cross-Site Scripting and Cross-Site Request Forgery Vulnerabilities
10.23.77 - EvoCam HTTP GET Request Buffer Overflow
-- Network Device
10.23.78 - Apple iPhone PIN Authentication Security Bypass
10.23.79 - Cisco Network Building Mediator System Configuration File multiple vulnerabilities
10.23.80 - NETGEAR WG602v4 Administrator Password Remote Stack Buffer Overflow
______________________________________________________________________

PART I Critical Vulnerabilities
Part I for this issue has been compiled by Josh Bronson at TippingPoint,
a division of 3Com, as a by-product of that company's continuous effort
to ensure that its intrusion prevention products effectively block
exploits using known vulnerabilities. TippingPoint's analysis is
complemented by input from a council of security managers from twelve
large organizations who confidentially share with SANS the specific
actions they have taken to protect their systems. A detailed description
of the process may be found at
http://www.sans.org/newsletters/cva/#process

*****************************
Widely Deployed Software
*****************************

(1) HIGH: Novell ZENworks Configuration Management Preboot Service Remote Code Execution Vulnerability
Affected:
Novell ZENworks prior to 10.3

Description: Novell ZENworks, a configuration management product that
automates software updates, installs, and migration, is susceptible to
a remote buffer overflow vulnerability. By sending a malicious request,
an attacker can exploit this vulnerability in order to execute arbitrary
code with SYSTEM-level permissions.

Status: vendor confirmed, updates available

References:
Vendor Home Page
http://www.novell.com
Vendor Patch
http://www.novell.com/support/viewContent.do?externalId=7005572&sliceId=1
Zero Day Initiative Advisory ZDI-10-090
http://zerodayinitiative.com/advisories/ZDI-10-090
SecurityFocus BID
http://www.securityfocus.com/archive/1/511600

*************************************************************

(2) MEDIUM: Novell eDirectory Buffer Overflow
Affected:
Novell eDirectory 8.8 SP5 FTF1
Novell eDirectory 8.8 SP5
Novell eDirectory 8.8 SP4 FTF1
Novell eDirectory 8.8 SP4
Novell eDirectory 8.8 SP3 FTF3
Novell eDirectory 8.8 SP3
Novell eDirectory 8.8 SP2
Novell eDirectory 8.8 SP1
Novell eDirectory 8.8

Description: Novell eDirectory, an X.500-compatible directory service,
contains multiple remote vulnerabilities. Novell eDirectory uses a
hierarchical object-oriented database to represent employees and company
assets. One of the vulnerabilities in Novell eDirectory, a problem with
the Dhost process, can be used to trigger a buffer overflow
vulnerability. By sending a malicious request to the server, a remote
attacker could potentially execute arbitrary code with the permissions
of the affected process.

Status: vendor confirmed, updates available

References:
Vendor Home Page
http://www.novell.com
History of Issues Resolved in eDirectory 8.8.x
http://www.novell.com/support/viewContent.do?externalId=3426981
Novell Patches
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5076150.html
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5076151.html
SecurityFocus BID
http://www.securityfocus.com/bid/40541

*************************************************************

(3) MEDIUM: Adobe Photoshop Multiple File Types Buffer Overflow Vulnerabilities
Affected:
Adobe Photoshop CS3 10.0
Adobe Photoshop CS4 11.0.1
Adobe Photoshop CS4 11.0.0
Adobe Photoshop CS4
Adobe Photoshop CS3
Adobe Photoshop CS2
Adobe Photoshop CS

Description: Adobe Photoshop, a popular graphic editing program, is
susceptible to multiple buffer overflow vulnerabilities. By enticing the
user to open a malicious .ASL, .ABR, or .GRD file, an attacker can
exploit these vulnerabilities and execute arbitrary code with the
permissions of the currently logged-in user.

Status: vendor confirmed, updates available

References:
Vendor Home Page
http://www.adobe.com
Adobe Security Bulletin
http://www.adobe.com/support/security/bulletins/apsb10-13.html
SecurityFocus BID
http://www.securityfocus.com/bid/40389

*************************************************************

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from
Qualys (www.qualys.com)

This list is compiled by Qualys ( www.qualys.com ) as part of that
company's ongoing effort to ensure its vulnerability management web
service tests for all known vulnerabilities that can be scanned. As of
this week Qualys scans for 9555 unique vulnerabilities. For this special
SANS community listing, Qualys also includes vulnerabilities that cannot
be scanned remotely.
______________________________________________________________________

10.23.1 CVE: Not Available
Platform: Third Party Windows Apps
Title: Muziic Player ".mp3" File Remote Buffer Overflow
Description: Muziic Player is a multimedia player for Microsoft
Windows. The application is exposed to a remote buffer overflow issue
because it fails to perform adequate checks on user-supplied input.
Specifically, this issue occurs when parsing a specially crafted
".mp3" file that contains excessive data. Muziic Player version 2.0 is
affected.
Ref: http://www.securityfocus.com/bid/40379/references
______________________________________________________________________

10.23.2 CVE: Not Available
Platform: Third Party Windows Apps
Title: Home FTP Server Cross-Site Request Forgery
Description: Home FTP Server is an FTP server for the Windows
operating system. Home FTP Server is exposed to a cross-site request
forgery issue. This issue occurs because the application allows an
attacker to perform certain actions using an HTTP request without
validating the request. Home FTP Server version 1.10.3 (build 144) is
affected.
Ref:
http://cross-site-scripting.blogspot.com/2010/05/home-ftp-server-1102143-cross-site.html
______________________________________________________________________

10.23.3 CVE: Not Available
Platform: Third Party Windows Apps
Title: Brekeke PBX "pbx/gate" Cross-Site Request Forgery
Description: Brekeke PBX is a PBX application for the Windows
operating system. Brekeke PBX is exposed to a cross-site request
forgery issue affecting the "pbx/gate" script. This issue occurs
because the application allows attackers to perform certain actions
using an HTTP request without validating the request. Brekeke PBX
version 2.4.4.8 is affected.
Ref:
http://cross-site-scripting.blogspot.com/2010/05/brekeke-pbx-2448-cross-site-request.html
______________________________________________________________________

10.23.4 CVE: Not Available
Platform: Third Party Windows Apps
Title: emesene "/tmp/emsnpic" Insecure Temporary File Creation
Description: emesene is an instant messenger for the Windows Live
Messenger network. emesene creates temporary files in the
"/tmp/emsnpic/" directory in an insecure manner. Specifically, it uses
a predictable temporary filename to store pictures. emesene version
1.6.1 is affected.
Ref: http://www.securityfocus.com/bid/40455/references
______________________________________________________________________

10.23.5 CVE: Not Available
Platform: Third Party Windows Apps
Title: Zip Explorer ".zar" File Buffer Overflow
Description: Zip Explorer is a file compression/extraction application
for the Windows operating system. The application is exposed to a
buffer overflow issue because it fails to perform adequate boundary
checks on user-supplied data. This issue occurs when parsing a
specially crafted ".zar" file that contains excessive data. Zip
Explorer version 7.0 is affected.
Ref: http://www.securityfocus.com/bid/40462
______________________________________________________________________

10.23.6 CVE: Not Available
Platform: Third Party Windows Apps
Title: Xftp "LIST" Response Remote Buffer Overflow
Description: Xftp is an SFTP and FTP file transfer program for Windows
platforms. The application is exposed to a stack-based buffer overflow
issue because it fails to properly validate the filenames sent as
response to the "LIST" command in FTP connections before copying it
into an insufficiently sized buffer. Xftp version 3.0 Build 239 is
affected.
Ref: http://www.securityfocus.com/bid/40470/references
______________________________________________________________________

10.23.7 CVE: Not Available
Platform: Third Party Windows Apps
Title: JustSystems Ichitaro Character Attributes Processing Remote
Code Execution
Description: Ichitaro is a word processor available for Microsoft
Windows. The application is exposed to a remote code execution issue.
The issue is due an unspecified error when
processing character attributes from a specially crafted document.
Ichitaro version 2009 is affected.
Ref: http://jvn.jp/en/jp/JVN17293765/index.html
______________________________________________________________________

10.23.8 CVE: Not Available
Platform: Third Party Windows Apps
Title: Audiotran ".pls" File Remote Buffer Overflow
Description: Audiotran is a media player for the Windows operating
system. Audiotran is exposed to a remote buffer overflow issue because
it fails to perform adequate checks on user-supplied input.
Specifically, this issue occurs when opening a specially crafted
".pls" file. Audiotran version 1.4.1 is affected.
Ref: http://www.securityfocus.com/bid/40478
______________________________________________________________________

10.23.9 CVE: Not Available
Platform: Third Party Windows Apps
Title: Microsoft Internet Explorer CSS "expression" Remote Denial of
Service
Description: Microsoft Internet Explorer is a web browser available
for Microsoft Windows. Internet Explorer is exposed to a remote denial
of service issue. This issue occurs when handling web pages that
contain a specially crafted CSS "expression". Internet Explorer
versions 6, 7, and 8 are affected.
Ref: http://www.securityfocus.com/archive/1/511585
______________________________________________________________________

10.23.10 CVE: Not Available
Platform: Linux
Title: Linux Kernel "knfsd" "current->mm" Modifier Local Denial of
Service
Description: The Linux kernel is exposed to a local denial of service
issue due to a NULL pointer deference condition that occurs in the
"knfsd" component. This issue occurs when using the component to
export "shmemfs" objects and run strict over commits. Specifically,
the component fails to check if the "current->> mm" parameter is set
to NULL before accessing it.
Ref: https://bugzilla.redhat.com/show_bug.cgi?id=595970
______________________________________________________________________

10.23.11 CVE: CVE-2010-1439
Platform: Linux
Title: Red Hat Client Tools "loginAuth.pkl" Local Security Bypass
Description: Red Hat Client Tools (rhn-client-tools) provide
programs and libraries that allow the system to receive software
updates from the Red Hat Network. Red Hat rhn-client-tools is exposed
to a local security bypass issue. This issue occurs because the
application sets insecure permissions on the "loginAuth.pkl" file,
which is used to store session credentials for authenticating
connections to the Red Hat Network servers.
Ref: http://www.securityfocus.com/bid/40492/references
______________________________________________________________________

10.23.12 CVE: CVE-2010-2022
Platform: BSD
Title: FreeBSD jail(8) Local Security Bypass
Description: Jail environments allow administrators to limit the
ability of processes to interact with resources located outside of the
configured environment. Jail is exposed to a local security bypass
issue because the utility does not change the current working
directory while imprisoning a process and allows descendants to access
the directory. FreeBSD version 8.0 is affected.
Ref: http://www.securityfocus.com/bid/40399
______________________________________________________________________

10.23.13 CVE: Not Available
Platform: Aix
Title: IBM Communications Server for AIX Remote Denial of Service
Description: IBM Communications Server provides a enterprise
networking solution for AIX. IBM Communications Server for AIX is
exposed to a remote denial of service issue that occurs when handling
APPC (Advanced Program-to-Program Communications) packets with a GDSID
variable of a small length value. IBM Communications Server for AIX
versions 6.3.1 and earlier are affected.
Ref: http://www-01.ibm.com/support/docview.wss?uid=swg1IZ68810
______________________________________________________________________

10.23.14 CVE: CVE-2010-2024
Platform: Unix
Title: Exim MBX Locking Insecure Temporary File Creation
Description: Exim is a mail transfer agent application available
for Linux and Unix operating systems. The application
creates temporary files in an insecure manner. Specifically, a race
condition exists when temporary files are created. This issue affects
the "MBX locking" feature of Exim. Exim versions prior to 4.72 RC2 are
affected.
Ref: http://bugs.exim.org/show_bug.cgi?id=989
______________________________________________________________________

10.23.15 CVE: CVE-2009-4879
Platform: Novell
Title: Novell Access Manager Identity Server X.509 Authentication
Security Bypass
Description: Novell Access Manager is an application that provides
single sign on for all corporate web applications. The application is
exposed to a security bypass issue because it fails to properly
restrict access for disabled accounts. Novell Access Manager versions
prior to 3.1 SP1 are affected.
Ref:
http://www.novell.com/documentation/novellaccessmanager31/accessmanager_readme/data/accessmanager_readme.html#bktec02
______________________________________________________________________

10.23.16 CVE: Not Available
Platform: Novell
Title: Novell ZENworks Configuration Management Preboot Service Stack
Buffer Overflow
Description: Novell ZENworks Configuration Management is an
IT management application. ZENworks Configuration Management is
exposed to a stack-based buffer overflow issue that affects the
Preboot Service (novell-pbserv.exe), which is listening on TCP port
998 by default. ZENworks Configuration Management versions prior to
10.3 are affected.
Ref: http://www.securityfocus.com/archive/1/511600
______________________________________________________________________

10.23.17 CVE: CVE-2010-1634
Platform: Cross Platform
Title: Python "audioop" Module Integer Overflow
Description: Python is an interpreted, dynamic object oriented
programming language that is available for many operating systems. The
"audioop" module for Python is exposed to multiple integer overflow
issues that affect the "ulaw2lin()", "alam2lin()", "adpcm2lin()" and
"lin2lin()" functions. Specifically, the application fails to perform
adequate boundary checks on an integer value before using it to
reference a buffer.
Ref: https://bugzilla.redhat.com/show_bug.cgi?id=590690
______________________________________________________________________

10.23.18 CVE: CVE-2010-0392
Platform: Cross Platform
Title: TheGreenBow VPN Client Stack Buffer Overflow
Description: TheGreenBow VPN Client is an IPsec VPN client that sets
up a secure channel for data transport. The application is exposed to
a stack-based buffer overflow issue because it fails to perform
adequate boundary checks on user supplied data. This issue occurs when
the application processes certain sections of "tgb" files, and can be
exploited by passing an overly long string to the "OpenScriptAfterUp"
section. TheGreenBow VPN Client versions 4.65.003 and 4.51.001 are
affected.
Ref: http://www.senseofsecurity.com.au/advisories/SOS-10-001.pdf
______________________________________________________________________

10.23.19 CVE: CVE-2010-1296
Platform: Cross Platform
Title: Adobe Photoshop Multiple File Types Remote Code Execution
Description: Adobe Photoshop is an application that allows users to
view and edit various graphic formats. Adobe Photoshop is exposed to
multiple remote code execution issues. These issues occur when
handling specially crafted ASL, ABR, or GRD files. Adobe Photoshop
version CS4 11.01 is affected.
Ref: http://www.adobe.com/support/security/bulletins/apsb10-13.html
______________________________________________________________________

10.23.20 CVE: CVE-2010-1919
Platform: Cross Platform
Title: EMC Avamar "gsan" Service Denial of Service
Description: EMC Avamar is a backup application available for multiple
platforms. EMC Avamar is exposed to a denial of service issue. The
application fails to properly process messages sent through an
unspecified TCP port, causing the "gsan" service to hang. Avamar
versions prior to 5.0 SP1 are affected.
Ref: http://www.securityfocus.com/archive/1/511477
______________________________________________________________________

10.23.21 CVE: Not Available
Platform: Cross Platform
Title: Mozilla Firefox Error Handling Information Disclosure
Description: Mozilla Firefox is a web browser available for various
platforms. Firefox is exposed to a remote information disclosure issue
because the application allows attackers to discover the destination
URL of a redirection using the "window.onerror" handler. Mozilla
Firefox versions 3.6.3 and 3.5.9 are affected.
Ref:
http://soroush.secproject.com/blog/2010/05/cross-site-url-hijacking-by-using-error-object-in-mozilla-firefox/
______________________________________________________________________

10.23.22 CVE: CVE-2010-1938
Platform: Cross Platform
Title: FreeBSD OPIE "__opiereadrec()" Off By One Heap Memory
Corruption
Description: OPIE is a one time password system for BSD and Linux
platforms. The application is exposed to an off by one memory
corruption issue because it fails to properly bounds check
user-supplied data before copying it into a memory buffer. OPIE
supplied with FreeBSD versions 6.x, 7.x, and 8.x are affected.
Ref: http://securityreason.com/achievement_securityalert/87
______________________________________________________________________

10.23.23 CVE: Not Available
Platform: Cross Platform
Title: Nemesis Player ".nsp" File Remote Denial of Service
Description: Nemesis Player is a multimedia player. The application is
exposed to a remote denial of service issue when handling specially
crafted ".nsp" files. Nemesis Player versions 1.1 Beta and 2.0 are
affected.
Ref: http://www.securityfocus.com/bid/40413
______________________________________________________________________

10.23.24 CVE: Not Available
Platform: Cross Platform
Title: Home FTP Server Directory Traversal
Description: Home FTP Server is a FTP server. The
application is exposed to a directory traversal issue because it fails
to sufficiently sanitize input from user-supplied commands. The issue
affects the "RETR", "STOR" and "DELE" commands. Home FTP Server
version 1.10.2.143 is affected.
Ref: http://www.securityfocus.com/bid/40419
______________________________________________________________________

10.23.25 CVE: Not Available
Platform: Cross Platform
Title: nginx Directory Traversal
Description: nginx is a HTTP server, reverse proxy and mail proxy
server. nginx is exposed to a directory traversal issue because it
fails to sufficiently sanitize user supplied input. nginx versions
0.6.36 and earlier are affected.
Ref: http://www.securityfocus.com/bid/40420/references
______________________________________________________________________

10.23.26 CVE: Not Available
Platform: Cross Platform
Title: Ghostscript Insecure Temporary File Creation
Description: Ghostscript is a set of tools and libraries for handling
Portable Document Format and PostScript files. The application
creates temporary files in an insecure manner. Specifically, the
application creates a file in "/tmp" without the "O_EXCL" mode.
Ghostscript version 8.64 is affected.
Ref: http://www.securityfocus.com/bid/40426/references
______________________________________________________________________

10.23.27 CVE: Not Available
Platform: Cross Platform
Title: VLC Media Player Multiple Media File Formats Buffer Overflow
Description: VLC media player is a cross-platform media player that
can be used to serve streaming data.
The application is exposed to a buffer overflow issue because it fails
to perform adequate boundary checks on user-supplied input. This issue
occurs when handling multiple common media file formats.
Specifically, the issue can be triggered with a specially crafted
".avi", ".mpg", ".mp4", ".asf" or ".mov" file. VLC media player
version 1.0.6 is affected.
Ref: http://www.securityfocus.com/bid/40428/references
______________________________________________________________________

10.23.28 CVE: Not Available
Platform: Cross Platform
Title: nginx Space String Remote Source Code Disclosure
Description: nginx is an HTTP server, reverse proxy, and mail proxy
server. The application is exposed to a source code disclosure issue
because it fails to properly sanitize user-supplied input.
Specifically, an attacker can obtain the source code of a file by
providing a "%20" string at the end of the filename in an HTTP
request. nginx versions prior to 0.8.36 are affected.
Ref: http://www.securityfocus.com/archive/1/509420
______________________________________________________________________

10.23.29 CVE: Not Available
Platform: Cross Platform
Title: IBM Lotus Connections Multiple
Description: IBM Lotus Connections is social collaboration software for
business. The application is exposed to multiple security issues.
Cross-site scripting issues affect the "create" and "edit" forms in the
Community component, the "verbiage" parameter in the Bookmarks component
and the mobile Blogs component. Information disclosure issues exist
because the Bookmarklet popup window and "Top Updates" links in the
Homepage component use HTTP when "force SSL" is enabled. An open
redirection issue occurs because the application fails to properly
sanitize unspecified user-supplied input. IBM Lotus Connections prior
to 2.5.0 Fix Pack 2 (2.5.0.2) are affected.
Ref: http://www-01.ibm.com/support/docview.wss?uid=swg21431472
______________________________________________________________________

10.23.30 CVE: CVE-2010-0472
Platform: Cross Platform
Title: IBM DB2 prior to 9.7 Fix Pack 2 Multiple Security
Vulnerabilities
Description: IBM DB2 is a database manager. The application is exposed
to multiple issues. A denial of service issue affects the Tivoli
monitoring agent. An issue with an unspecified impact arises due to
system granted privileges not being regenerated on views. Unauthorized
users may access Monitor Administrative Views in "SYSIBMADM SCHEMA". IBM
DB2 versions 9.2 prior to Fix Pack 2 (9.7.2) are affected.
Ref: http://www-01.ibm.com/support/docview.wss?uid=swg21432298
______________________________________________________________________

10.23.31 CVE: CVE-2010-2023
Platform: Cross Platform
Title: Exim Sticky Mail Directory Local Privilege Escalation
Description: Exim is a mail transfer agent application available
for Linux and Unix operating systems. The application is
exposed to a local privilege escalation issue. Specifically, the
application may follow hard links when delivering mail to mailbox
files. This issue can be exploited when Exim is configured to use a
world writable mail directory which has the "sticky bit" set. Since
this issue requires that the sticky bit is set, attackers may only
target users who do not have pre-existing mailbox files. Exim versions
prior to 4.72 RC2 are affected.
Ref: http://www.securityfocus.com/bid/40451/references
______________________________________________________________________

10.23.32 CVE: Not Available
Platform: Cross Platform
Title: DM Database Server "SP_DEL_BAK_EXPIRED" Memory Corruption
Description: DM Database Server is a database application. DM Database
Server is exposed to a remote memory corruption issue that affects the
"CALL SP_DEL_BAK_EXPIRED" function when a large string is passed to
the first argument.
Ref: http://www.securityfocus.com/archive/1/511559
______________________________________________________________________

10.23.33 CVE: Not Available
Platform: Cross Platform
Title: Websense "Via" HTTP Header Web Filtering Security Bypass
Description: Websense is a web filtering application. The application
is exposed to a security bypass issue because it fails to properly
enforce filtering rules. Specifically, HTTP requests which include the
"Via" header are not filtered or logged. Websense Enterprise version
6.3.3 is affected.
Ref:
http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0376.html
______________________________________________________________________

10.23.34 CVE: Not Available
Platform: Cross Platform
Title: Ghostscript "gs_init.ps" With "-P-" Flag Search Path Local
Privilege Escalation
Description: Ghostscript is a set of tools and libraries for handling
Portable Document Format and PostScript files. The application
is exposed to a local privilege escalation issue. Specifically, the
"gs_init.ps" file is executed in the current directory first, even if
the "-P-" option is used to explicitly prevent this. Ghostscript
version 8.64 is affected.
Ref: http://www.securityfocus.com/archive/1/511578
______________________________________________________________________

10.23.35 CVE: Not Available
Platform: Cross Platform
Title: SBLIM-SFCB Multiple Buffer Overflow Vulnerabilities
Description: SBLIM-SFCB (Small Footprint CIM Broker) is a CIM server.
The application is exposed to multiple security issues. A heap based
buffer overflow issue exists because the application does not
properly verify the size value provided via the "Content-Length"
header. A heap-based buffer overflow issue exists due to an
integer overflow error when receiving an overly large value in the
"Content-Length" header. SBLIM-SFCB versions prior to 1.3.8 are
affected.
Ref:
http://sourceforge.net/tracker/index.php?func=detail&aid=3001915&group_id=128809&atid=712784
______________________________________________________________________

10.23.36 CVE: Not Available
Platform: Cross Platform
Title: Winamp AVI File RIFF Data Remote Denial of Service
Description: NullSoft Winamp is a media player application. The
application is exposed to a remote denial of service issue when
handling specially crafted AVI files. Specifically, the application
fails to handle files which are missing RIFF header data. This issue
can also be triggered by zero length files. NullSoft Winamp versions
prior to 5.572 are affected.
Ref: http://www.securityfocus.com/archive/1/511577
______________________________________________________________________

10.23.37 CVE: Not Available
Platform: Cross Platform
Title: Accoria Rock Web Server Multiple Security
Description: Accoria Rock Web Server is an HTTP server for Unix and
Linux platforms. Accoria Rock Web Server is exposed to multiple
security issues that affect the web-based administrative interface.
Rock Web Server version 1.4.7 is affected.
Ref: http://www.kb.cert.org/vuls/id/245081
______________________________________________________________________

10.23.38 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: GetSimple CMS "components.php" Cross-Site Scripting
Description: GetSimple CMS is a PHP-based content management system.
GetSimple CMS is exposed to a cross-site scripting issue because it
fails to sufficiently sanitize user-supplied input to the "val[]"
parameter of the "/admin/components.php" script. GetSimple CMS version
2.01 is affected.
Ref: http://www.securityfocus.com/archive/1/511458
______________________________________________________________________

10.23.39 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: RuubikCMS "index.php" Cross-Site Scripting
Description: RuubikCMS is a PHP-based content management tool.
RuubikCMS is exposed to a cross-site scripting issue because it fails
to properly sanitize user supplied input to the "description"
parameter of the "ruubikcms/cms/index.php" script. RuubikCMS version
1.0.3 is affected.
Ref: http://www.securityfocus.com/archive/1/511460
______________________________________________________________________

10.23.40 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: md5 Encryption Decryption PHP Script "index.php" Cross-Site
Scripting
Description: md5 Encryption Decryption PHP Script is a script for
decrypting md5 strings. md5 Encryption Decryption PHP Script is
exposed to a cross-site scripting issue because it fails to
sufficiently sanitize user supplied input to the "index.php" script.
Ref: http://www.securityfocus.com/bid/40381/references
______________________________________________________________________

10.23.41 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: PHPCalendar Calendar Script Multiple Cross-Site Scripting
Description: PHPCalendar Calendar Script is PHP-based web application.
The application is exposed to multiple cross-site scripting issues
because it fails to sanitize user-supplied input to the "install.php"
script and the "cat" parameter of the "product_list.php" script.
Ref: http://www.securityfocus.com/bid/40391/references
______________________________________________________________________

10.23.42 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: BackLinkSpider Multiple Cross-Site Scripting Vulnerabilities
Description: BackLinkSpider is a PHP-based link exchange application.
BackLinkSpider is exposed to multiple cross-site scripting issues
because it fails to properly sanitize user-supplied input to the
"cat_id", "siteid" and "cat_name" parameters of the "links.php"
script. BackLinkSpider version 1.3.1774.0 is affected.
Ref: http://www.securityfocus.com/bid/40400/references
______________________________________________________________________

10.23.43 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: ZoneCheck "zc.cgi" Cross-Site Scripting
Description: ZoneCheck is a DNS zone checking tool. ZoneCheck is
exposed to a cross-site scripting issue because it fails to
sufficiently sanitize user-supplied input to the "ns" parameter of the
"zc.cgi" script when the "zone" parameter is set to any value.
ZoneCheck version 2.1.0 is affected.
Ref: http://www.securityfocus.com/bid/40404/references
______________________________________________________________________

10.23.44 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: MediaWiki CSS Input Cross-Site Scripting
Description: MediaWiki is a PHP-based wiki application. The
application is exposed to a cross-site scripting issue because it
fails to sanitize user-supplied input. Specifically, the issue affects
the CSS input. MediaWiki versions prior to 1.15.4 and 1.16.0beta3 are
affected.
Ref:
http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-May/000091.html
______________________________________________________________________

10.23.45 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Toronja CMS "index.php" Cross-Site Scripting
Description: Toronja CMS is a PHP-based content management system. The
application is exposed to a cross-site scripting issue because it
fails to sanitize user-supplied input to the "txt_filtro" parameter of
the "index.php" script.
Ref: http://www.securityfocus.com/bid/40424
______________________________________________________________________

10.23.46 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: CMScout Cross-Site Scripting
Description: CMScout is a PHP-based content manager. The application
is exposed to a cross-site scripting issue because it fails to
sufficiently sanitize user-supplied data to the "search" field.
Ref: http://www.securityfocus.com/bid/40442/references
______________________________________________________________________

10.23.47 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: wsCMS "news.php" Cross-Site Scripting
Description: wsCMS is a PHP-based content manager. wsCMS is exposed to
a cross-site scripting issue because it fails to properly sanitize
user-supplied input to the "id" parameter of the "news.php" script.
Ref: http://www.securityfocus.com/bid/40447/references
______________________________________________________________________

10.23.48 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Zeeways eBay Clone Auction Script "signinform.php" Cross-Site
Scripting
Description: Zeeways eBay Clone Auction Script is a web-based
application. The application is exposed to a cross-site scripting
issue because it fails to sanitize user-supplied input to the "msg"
parameter of the "signinform.php" script.
Ref: http://www.securityfocus.com/bid/40452
______________________________________________________________________

10.23.49 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Smart Statistics "smart_statistics_admin.php" Cross-Site
Scripting
Description: Smart Statistics is a PHP-based website statistics
script. The application is exposed to a cross-site scripting issue
because it fails to sufficiently sanitize user-supplied input to the
"name" parameter of the "smart_statistics_admin.php" script. Smart
Statistics version 1.0 is affected.
Ref: http://www.securityfocus.com/bid/40468/references
______________________________________________________________________

10.23.50 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: dotDefender Log Viewer Cross-Site Scripting
Description: dotDefender is a website security application. dotDefender
is exposed to a cross-site scripting issue because it fails to properly
sanitize user-supplied input. Specifically, the application is
vulnerable when the log viewer displays HTTP headers. dotDefender
version 4.0 is affected.
Ref: http://www.securityfocus.com/bid/40484/references
______________________________________________________________________

10.23.51 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Datetopia Match Agency BiZ Multiple Cross-Site Scripting Vulnerabilities
Description: Datetopia Match Agency BiZ is a PHP-based online dating
application. The application is exposed to multiple cross-site scripting
issues because it fails to sufficiently sanitize user-supplied data.
These issues affect the "details_var" parameter of the
"smilies_popup.php" script and the "profile_id" parameter of the
"manage_pictures.php" script.
Ref: http://www.securityfocus.com/bid/40488/references
______________________________________________________________________

10.23.52 CVE: Not Available
Platform: Web Application - SQL Injection
Title: 360 Web Manager "webpages-form-led-edit.php" SQL Injection
Description: 360 Web Manager is a PHP-based content manager. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "IDFM" parameter of
the "/adm/content/webpages/webpages-form-led-edit.php" script before
using it in an SQL query. 360 Web Manager version 3.0 is affected.
Ref: http://www.securityfocus.com/archive/1/511461
______________________________________________________________________

10.23.53 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Multi Shop CMS "pages.php" SQL Injection
Description: Multi Shop CMS is a PHP-based content management system.
The application is exposed to an SQL injection issue because it fails
to sufficiently sanitize user-supplied data to the "id" parameter of
the "pages.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/40388
______________________________________________________________________

10.23.54 CVE: Not Available
Platform: Web Application - SQL Injection
Title: BackLinkSpider "cat_id" Parameter SQL Injection
Description: BackLinkSpider is a PHP-based link exchange application.
The application is exposed to an SQL injection issue because it fails
to sufficiently sanitize user-supplied data to the "cat_id" parameter
of the "links.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/40398/references
______________________________________________________________________

10.23.55 CVE: Not Available
Platform: Web Application - SQL Injection
Title: MultiShopCMS Multi Vendor Mall Multiple SQL Injection Vulnerabilities
Description: MultiShopCMS Multi Vendor Mall is a PHP-based e-commerce
platform. The application is exposed to multiple SQL injection issues
because it fails to sufficiently sanitize user-supplied data to the
"itemid" and "storeid" parameters of the "itemdetail.php" and
"shop.php" scripts respectively.
Ref: http://www.securityfocus.com/bid/40402/references
______________________________________________________________________

10.23.56 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Toronja CMS Multiple SQL Injection Vulnerabilities
Description: Toronja CMS is a PHP-based content management system. The
application is exposed to multiple SQL injection issues because it
fails to sufficiently sanitize user-supplied data to the "ncategoria1"
parameter of the "index.php" and "interior.php" scripts before using
it in an SQL query.
Ref: http://www.securityfocus.com/bid/40421
______________________________________________________________________

10.23.57 CVE: Not Available
Platform: Web Application - SQL Injection
Title: osCommerce Visitor Web Stats Add-On "Accept-Language" Header
SQL Injection
Description: Visitor Web Stats is an osCommerce add on implemented in
PHP. The application is exposed to an SQL injection issue because it
fails to sufficiently sanitize user-supplied data to the "Accept
Language" header.
Ref: http://www.securityfocus.com/archive/1/511511
______________________________________________________________________

10.23.58 CVE: Not Available
Platform: Web Application - SQL Injection
Title: ImpressPages CMS "admin.php" Multiple SQL Injection
Vulnerabilities
Description: ImpressPages CMS is a PHP-based content management
system. The application is exposed to multiple SQL injection issues
because it fails to sufficiently sanitize user-supplied data to the
"sort_field" and "page_size" fields of the "admin.php" script.
ImpressPages CMS version 1.0.4 is affected.
Ref: http://www.impresspages.org/cms/forum/viewtopic.php?f=5&t=125
______________________________________________________________________

10.23.59 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Fusebox "CatDisplay" Parameter SQL Injection
Description: Fusebox is a framework for building ColdFusion and PHP web
applications. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"CatDisplay" parameter of the "ProductList.cfm" script before using it
in an SQL query.
Ref: http://www.securityfocus.com/bid/40439/references
______________________________________________________________________

10.23.60 CVE: Not Available
Platform: Web Application - SQL Injection
Title: wsCMS Multiple SQL Injection
Description: wsCMS is a PHP-based content manager. The application is
exposed to multiple SQL injection issues because it fails to
sufficiently sanitize user-supplied data and parameters before using
it in an SQL query.
Ref: http://www.securityfocus.com/bid/40443/references
______________________________________________________________________

10.23.61 CVE: Not Available
Platform: Web Application - SQL Injection
Title: YourArcadeScript "username" Parameter SQL Injection
Description: YourArcadeScript is a PHP-based web application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "username" parameter
of the "includes/saveregister.php" script before using it in an SQL
query. YourArcadeScript version 2.0b1 is affected.
Ref: http://www.securityfocus.com/bid/40459/references
______________________________________________________________________

10.23.62 CVE: Not Available
Platform: Web Application - SQL Injection
Title: TermiSBloG Multiple SQL Injection
Description: TermiSBloG is a PHP-based web log application. The
application is exposed to multiple SQL injection issues because it
fails to sufficiently sanitize user-supplied data to the "id"
parameter of the "kategori.php" and "oku.php" scripts. TermiSBloG
version 1.0 is affected.
Ref: http://www.securityfocus.com/bid/40466/references
______________________________________________________________________

10.23.63 CVE: Not Available
Platform: Web Application
Title: razorCMS "admin/index.php" HTML Injection
Description: razorCMS is a PHP-based content manager. The application
is exposed to an HTML injection issue because it fails to sufficiently
sanitize user-supplied input. Specifically, this issue affects data
submitted through the "content" field of the "admin/index.php" script.
razorCMS version 1.0 Stable is affected.
Ref: http://www.htbridge.ch/advisory/xss_vulnerability_in_razorcms.html
______________________________________________________________________

10.23.64 CVE: Not Available
Platform: Web Application
Title: Nuked-Klan Search Request Denial of Service
Description: Nuked-Klan is a PHP-based content management system. The
application is exposed to a denial of service issue because the search
functionality fails to properly handle multiple search requests.
Nuked-Klan versions 1.7.7 and SP4 are affected.
Ref: http://www.securityfocus.com/bid/40394
______________________________________________________________________

10.23.65 CVE: Not Available
Platform: Web Application
Title: CiviCRM Multiple HTML Injection Vulnerabilities
Description: CiviCRM is a PHP-based customer relationship manager.
CiviCRM is exposed to multiple HTML injection issues because it fails
to properly sanitize user-supplied input. CiviCRM version 3.1 Beta 1 is
affected.
Ref: http://www.securityfocus.com/bid/40406
______________________________________________________________________

10.23.66 CVE: Not Available
Platform: Web Application
Title: Layout CMS SQL-Injection and Cross-Site Scripting
Vulnerabilities
Description: Layout CMS is a PHP-based web application. The
application is exposed to an SQL injection issue and a cross-site
scripting issue because it fails to properly sanitize user-supplied
input to the "id" parameter of the "preview.php" script. Layout CMS
version 1.0 is affected.
Ref: http://www.securityfocus.com/bid/40415/references
______________________________________________________________________

10.23.67 CVE: Not Available
Platform: Web Application
Title: GR Board "page.php" Remote File Include
Description: GR Board is a web-based application. The application is
exposed to a remote file include issue because it fails to
sufficiently sanitize user-supplied input to the "theme" parameter of
the "page.php" script. GR Board version 1.8.6.1 is affected.
Ref: http://www.securityfocus.com/bid/40437
______________________________________________________________________

10.23.68 CVE: Not Available
Platform: Web Application
Title: Symphony "mode" Parameter Local File Include
Description: Symphony is a PHP-based content management system. The
application is exposed to a local file include issue because it fails
to properly sanitize user-supplied input to the "mode" parameter of
the "index.php" script. Symphony version 2.0.7 is affected.
Ref: http://www.securityfocus.com/bid/40441
______________________________________________________________________

10.23.69 CVE: Not Available
Platform: Web Application
Title: Plugin Gallery For Nucleus Remote File Include and SQL
Injection Vulnerabilities
Description: Plugin Gallery for Nucleus is a PHP-based web
application. The application is exposed to multiple input validation
issues. 1) A remote file include issue that affects the "DIR_NUCLEUS"
parameter of the "nucleus/plugins/NP_gallery.php" script. 2) An SQL
injection issue that affects the "id" parameter of the "index.php"
script when "action" is set to "plugin", "name" is set to "gallery",
and "type" is set to "album".
Ref: http://www.securityfocus.com/bid/40448
______________________________________________________________________

10.23.70 CVE: Not Available
Platform: Web Application
Title: NP_Twitter Nucleus Plugin "DIR_NUCLEUS" Remote File Include
Description: NP_Twitter is a plugin for the Nucleus content management
system. The application is exposed to a remote file include issue
because it fails to sufficiently sanitize user-supplied input to the
"DIR_PLUGINS" parameter of the "nucleus/plugins/NP_Twitter.php"
script. NP_Twitter versions 0.8 and 0.9 are affected.
Ref: http://www.securityfocus.com/bid/40453/references
______________________________________________________________________

10.23.71 CVE: Not Available
Platform: Web Application
Title: Clearsite "header.php" Remote File Include
Description: Clearsite is a network monitoring application implemented
in PHP. The application is exposed to a remote file include issue
because it fails to sufficiently sanitize user-supplied input to the
"$cs_base_path" parameter of the "header.php" script.
Ref: http://www.securityfocus.com/archive/1/511507
______________________________________________________________________

10.23.72 CVE: Not Available
Platform: Web Application
Title: PHP Mysqlnd Extension Information Disclosure and Multiple
Buffer Overflow Vulnerabilities
Description: PHP is a general purpose scripting language that is suited
for web development and can be embedded into HTML. The Mysqlnd
extension, or native driver, is a replacement for the MySQL client
library (libmysql). The PHP Mysqlnd extension is exposed to multiple
security issues. 1) An information disclosure issue affects the
"php_mysqlnd_ok_read()" function. 2) The "message_len" field in network
packets is not properly verified, allowing heap memory to be harvested.
3) A heap-based buffer overflow issue that affects the
"php_mysqlnd_rset_header_read()" function because the header size of a
network packet is not properly verified. 4) A heap-based buffer overflow
issue that affects the "php_mysqlnd_read_error_from_line()" function
because it fails to properly calculate the size of a memory buffer. 5)
A stack-based buffer overflow issue that affects the
"php_mysqlnd_auth_write()" function because it fails to properly
validate usernames or database names. PHP versions 5.3 through 5.3.2 are
affected
Ref: http://www.securityfocus.com/bid/40461/references
______________________________________________________________________

10.23.73 CVE: Not Available
Platform: Web Application
Title: x10media Image Hosting Script "create_image_gallery.php"
Arbitrary File Upload
Description: x10media Image Hosting Script is a PHP-based script for
hosting images. The application is exposed to an issue that lets
attackers upload arbitrary files because it fails to adequately
sanitize user-supplied input before uploading it onto the web server.
This issue affects the "74rG37_H057/create_image_gallery.php" script.
Ref: http://www.securityfocus.com/bid/40463/references
______________________________________________________________________

10.23.74 CVE: Not Available
Platform: Web Application
Title: Visitor Logger "banned.php" Remote File Include
Description: Visitor Logger is a PHP-based website visitors logging
script. The application is exposed to a remote file include issue
because it fails to properly sanitize user-supplied input to the
"VL_include_path" parameter of the "banned.php" script.
Ref: http://www.securityfocus.com/bid/40469
______________________________________________________________________

10.23.75 CVE: Not Available
Platform: Web Application
Title: E107 Persian "usersettings.php" HTML Injection
Description: E107 Persian is a PHP-based content manager. The
application is exposed to an HTML injection issue because it fails to
sufficiently sanitize user-supplied input. Specifically, this issue
affects data submitted through the "signature" field of the
"usersettings.php" script.
Ref: http://www.securityfocus.com/bid/40477/references
______________________________________________________________________

10.23.76 CVE: Not Available
Platform: Web Application
Title: CMS Made Simple Cross-Site Scripting and Cross-Site Request
Forgery Vulnerabilities
Description: CMS Made Simple is a PHP-based content manager. The
application is exposed to multiple issues. 1) Multiple cross-site
scripting issues occur because application fails to sufficiently
sanitize input. 2) A cross-site request forgery issue affects the
"Changes Group Permission" module. Specifically, the application fails
to sufficiently check permissions when performing certain tasks. CMS
Made Simple versions 1.7.1 and earlier are affected.
Ref: http://www.securityfocus.com/bid/40483
______________________________________________________________________

10.23.77 CVE: Not Available
Platform: Web Application
Title: EvoCam HTTP GET Request Buffer Overflow
Description: EvoCam is an HTTP server application available for Mac OS
X. EvoCam is exposed to a remote buffer overflow issue because it
fails to perform adequate boundary checks on user-supplied input. The
issue occurs when handling a specially crafted HTTP "GET" request.
EvoCam versions 3.6.6 and 3.6.7 are affected.
Ref: http://www.securityfocus.com/bid/40489
______________________________________________________________________

10.23.78 CVE: Not Available
Platform: Network Device
Title: Apple iPhone PIN Authentication Security Bypass
Description: Apple iPhone is exposed to a security bypass issue due to
a failure to restrict access to locked devices. When a device is
protected with a PIN code, it will normally require the PIN to be
entered before communicating through a physical USB connection.
However, this check is not properly performed when the device is
connected while powered off and then powered on. iPhone 3GS devices
are affected.
Ref:
http://images.apple.com/iphone/business/docs/iPhone_Security_Overview.pdf
______________________________________________________________________

10.23.79 CVE: CVE-2010-0600, CVE-2010-0599, CVE-2010-0595,
CVE-2010-0596, CVE-2010-0598
Platform: Network Device
Title: Cisco Network Building Mediator System Configuration File
multiple vulnerabilities
Description: Cisco Network Building Mediator is a family of hardware
networking devices. Cisco Network Building Mediator (NBM) is exposed
to multiple issues. 1) An information disclosure issue that occurs
because the device allows unauthorized users to read one of the system
configuration files. 2) A remote privilege escalation issue because it
fails to sufficiently protect device configuration details. 3) A remote
information disclosure issue because it fails to encrypt sensitive
information transmitted over the network. 4) A remote information
disclosure issue because it fails to encrypt sensitive information
transmitted over the network. 5) A remote authentication bypass issue
that occurs because the device assigns default credentials to several
predefined user accounts on the device including the administrator's
user account. Network Building Mediator products running software
releases prior to 3.1.1 are affected.
Ref:
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b2c518.shtml#ID
______________________________________________________________________

10.23.80 CVE: Not Available
Platform: Network Device
Title: NETGEAR WG602v4 Administrator Password Remote Stack Buffer
Overflow
Description: The NETGEAR WG602v4 is a wireless-access-point hardware
device. The device supports a web-based administrative interface. The
device is exposed to a remote stack-based buffer overflow issue
because it fails to perform adequate boundary checks on user-supplied
data.
Ref: http://www.securityfocus.com/archive/1/511555
______________________________________________________________________

(c) 2010. All rights reserved. The information contained in this
newsletter, including any external links, is provided "AS IS," with no
express or implied warranty, for informational purposes only. In some
cases, copyright for material in this newsletter may be held by a
party other than Qualys (as indicated herein) and permission to use
such material must be requested from the copyright owner.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Darwin)

iEYEARECAAYFAkwI9aMACgkQ+LUG5KFpTkZgXwCeMhBcTF7yyo8HXAwe461Akmg9
kPsAmwf6t05yj0IPaXiKdOKpUmPpTyqi
=uax6
-----END PGP SIGNATURE-----

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]