NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > SANS> 2010

RISK: The Consensus Security Vulnerability Alert Vol. 9 No. 49

From: The SANS Institute (ConsensusSecurityVulnerabilityAlertsans.org)
Date: Fri Dec 03 2010 - 12:37:42 CST

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

******************************************************************
RISK: The Consensus Security Vulnerability Alert
December 3rd, 2010 Vol. 9. Week 49
******************************************************************

Summary of Updates and Vulnerabilities in this Consensus

Platform Number of Updates and Vulnerabilities
- ------------------------ -------------------------------------

Windows 1
Microsoft Office 1
Third Party Windows Apps 2 (#2)
Linux 7
BSD 1
Cross Platform 9 (#1)
Web Application - Cross Site Scripting 7
Web Application - SQL Injection 8
Web Application 3
Network Device 1

***************** Sponsored By Palo Alto Networks ****************

REGISTER NOW! Please join us for the SANS Analyst Webcast: Taming the
Social Networking Beast on December 7, 1PM EST sponsored by Palo Alto
Networks. In this webcast, learn the risks social networking brings to
enterprises and how to enable social networking while protecting against
risks. Featuring SANS Fellow Eric Cole, PhD. Register for this webcast
to receive an advance copy of a special SANS accompanying whitepaper on
the same topic. Go to: http://www.sans.org/info/67353
******************************************************************
TRAINING UPDATE
New "Combating Malware in the Enterprise" course at SANS (SEC569).
How do you fight off malware when you have thousands of hosts?
Learn the answers in Washington DC in December or in Orlando in March:
http://www.sans.org/security-training/combating-malware-enterprise-1482-mid
-- SANS London 2010, November 27-December 6, 2010
14 courses. Bonus evening presentations include Latest Advances in
Computer Forensics; and Continuous Vulnerability Testing and
Remediation: The 20 Critical Security Controls Perspective
http://www.sans.org/london-2010/
-- SANS Cyber Defense Initiative 2010, Washington DC, December 10-17, 2010
24 courses. Bonus evening presentations include Browser Based
Defenses; Continuous Vulnerability Testing and Remediation: the 20
Critical Security Controls Perspective; and Cyberwar or Business as
Usual? The State of US Federal CyberSecurity Efforts
http://www.sans.org/cyber-defense-initiative-2010/
-- SANS Security East 2011, New Orleans, LA, January 20-27, 2011
12 courses. Bonus evening presentations and special events include
Happy Little Clouds: Governing, Assessing and Auditing Cloud
Environments; and Future Trends in Network Security
http://www.sans.org/security-east-2011/
-- North American SCADA 2011, Lake Buena Vista, FL, February 23-March 2, 2011
http://www.sans.org/north-american-scada-2011/
-- SANS 2011, Orlando, FL, March 27-April 4, 2011
39 courses. Bonus evening presentations and special events include
Hiding in Plain Sight: Forensic Techniques to Counter the Advanced
Persistent Threat; and Law and the Public's Perception of Data
Security
http://www.sans.org/sans-2011/
-- Looking for training in your own community?
http://sans.org/community/
Save on On-Demand training (30 full courses) - See samples at
http://www.sans.org/ondemand/discounts.php#current
Plus Los Angeles, Atlanta, San Francisco and Bangalore all in the next 90 days.
For a list of all upcoming events, on-line and live: www.sans.org
****************************************************************************

Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)
Widely Deployed Software
(1) MEDIUM: ProFTPD Backdoor Unauthorized Access Vulnerability
(2) MEDIUM: Nullsoft Winamp Multiple Security Vulnerabilities

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys
(www.qualys.com)

-- Windows
10.49.1 - Microsoft Windows User Access Control Bypass Local Privilege Escalation
-- Microsoft Office
10.49.2 - Microsoft Outlook File Attachment Denial of Service
-- Third Party Windows Apps
10.49.3 - Google Desktop "schannel.dll" DLL Loading Arbitrary Code Execution
10.49.4 - Winamp Prior to 5.6 Multiple Vulnerabilities
-- Linux
10.49.5 - Linux Kernel "inotify_init()" Memory Leak Local Denial of Service
10.49.6 - Linux Kernel Unix Sockets Local Denial of Service
10.49.7 - Linux Kernel "hmid_ds structure" Local Information Disclosure
10.49.8 - Linux Kernel Econet Protocol Multiple Local Issues
10.49.9 - Linux Kernel Information Disclosure Issue
10.49.10 - Linux Kernel TIOCGICOUNT Information Disclosure Issue
10.49.11 - Red Hat Enterprise MRG Messaging and Grid Security Bypass Issue
-- BSD
10.49.12 - NetBSD "udp6_output()" Remote Denial of Service issue
-- Cross Platform
10.49.13 - Xen "blkback/blktap/netback" Leaked Kernel Thread Local Denial of Service
10.49.14 - Fedora "Dracut" Package Insecure File Permissions Issue
10.49.15 - xine-lib "asfheader.c" Remote Memory Corruption
10.49.16 - CA Internet Security Suite 2010 "KmxSbx.sys" Local Privilege Escalation
10.49.17 - collectd "cu_rrd_create_file()" Remote Denial of Service
10.49.18 - Lightweight Rich Text Editor Plugin for jQuery
10.49.19 - Apache Archiva Cross-Site Request Forgery Issue
10.49.20 - Xen "fixup_page_fault()" Denial of Service
10.49.21 - Orbis CMS "fileman_file_upload.php" Arbitrary File Upload Issue
-- Web Application - Cross Site Scripting
10.49.22 - SimpLISTic SQL "email.cgi" Cross-Site Scripting
10.49.23 - MCG GuestBook Multiple Cross-Site Scripting Vulnerabilities
10.49.24 - Register Plus "wp-login.php" Multiple Cross-Site Scripting Vulnerabilities
10.49.25 - WordPress Register Plus "wp-login.php" Multiple Cross-Site Scripting Issues
10.49.26 - Diferior "views/post.php" Cross-Site Scripting
10.49.27 - eSyndiCat Directory Software Multiple Cross-Site Scripting Vulnerabilities
10.49.28 - phpMyAdmin Database Search Cross-Site Scripting Issue
-- Web Application - SQL Injection
10.49.29 - JE Ajax Event Calendar "event_id" Parameter SQL Injection Issue
10.49.30 - FreeTicket "contact.php" Multiple SQL Injection Vulnerabilities
10.49.31 - SiteEngine "comments.php" SQL Injection Issue
10.49.32 - Wernhart Guestbook Multiple SQL Injection Vulnerabilities
10.49.33 - Site2Nite Big Truck Broker "news_default.asp" SQL Injection Issue
10.49.34 - E-lokaler CMS Admin Login Multiple SQL Injection Vulnerabilities
10.49.35 - SmartBox "page_id" Parameter SQL Injection Issue
10.49.36 - MicroNetSoft RV Dealer Websites Multiple SQL Injection Vulnerabilities
-- Web Application
10.49.37 - MemHT Portal "User-Agent" HTTP Header HTML Injection
10.49.38 - DaDaBIK HTML Injection
10.49.39 - PHP Web Scripts Easy Banner Free Multiple SQL Injection and HTML Injection Vulnerabilities
-- Network Device
10.49.40 - D-Link DIR-300 WiFi Key Security Bypass Issue
______________________________________________________________________

PART I Critical Vulnerabilities
Part I for this issue has been compiled by Josh Bronson at TippingPoint,
a division of HP, as a by-product of that company's continuous effort
to ensure that its intrusion prevention products effectively block
exploits using known vulnerabilities. TippingPoint's analysis is
complemented by input from a council of security managers from twelve
large organizations who confidentially share with SANS the specific
actions they have taken to protect their systems. A detailed description
of the process may be found at
http://www.sans.org/newsletters/risk/#process

*****************************
Widely Deployed Software
*****************************

(1) MEDIUM: ProFTPD Backdoor Unauthorized Access Vulnerability
Affected:
ProFTPD 1.3.3c md5sum 8571bd78874b557e98480ed48e2df1d2 proftpd-1.3.3c.tar.bz2
ProFTPD 1.3.3c md5sum 4f2c554d6273b8145095837913ba9e5d proftpd-1.3.3c.tar.gz

Description: Between November 28th and December 2nd, 2010, the ProFTPD
FTP site distributed a version of ProFTPD with a backdoor installed.
This was due to an earlier compromise of the server that went undetected
initially; attackers apparently broke into the site and uploaded the
malicious version of the software.

Status: vendor confirmed, updates available

References:
Vendor Site
http://www.proftpd.org/
SecurityFocus Bugtraq ID
http://www.securityfocus.com/bid/45150

*************************************************************

(2) MEDIUM: Nullsoft Winamp Multiple Security Vulnerabilities
Affected:
Nullsoft Winamp prior to 5.6

Description: Nullsoft has released a patch for security vulnerabilities
in its Winamp software. By enticing the user to view a malicious NSV
(Nullsoft Video) an attacker can exploit this vulnerability in order to
execute arbitrary code on the target's machine. These vulnerabilities
are due to errors parsing user-supplied input: namely, the table of
contents of the NSV stream.

Status: vendor confirmed, updates available

References:
Vendor Site
http://www.winamp.com/
SecurityFocus Bugtraq IDs
http://www.securityfocus.com/bid/45097

*************************************************************

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys
(www.qualys.com)

This list is compiled by Qualys ( www.qualys.com ) as part of that
company's ongoing effort to ensure its vulnerability management web
service tests for all known vulnerabilities that can be scanned. As of
this week Qualys scans for 10603 unique vulnerabilities. For this
special SANS community listing, Qualys also includes vulnerabilities
that cannot be scanned remotely.
______________________________________________________________________

10.49.1 CVE: Not Available
Platform: Windows
Title: Microsoft Windows User Access Control (UAC) Bypass Local
Privilege Escalation
Description: Microsoft Windows is exposed to a local privilege
escalation issue that affects the "RtlQueryRegistryValues()" API
function. Specifically, the size of the output value may be returned
as either UNICODE_STRING or ULONG size, while the actual returned
buffer size is determined by registry key type.
Ref: http://www.kb.cert.org/vuls/id/529673
______________________________________________________________________

10.49.2 CVE: Not Available
Platform: Microsoft Office
Title: Microsoft Outlook File Attachment Denial of Service
Description: Microsoft Outlook is an email client for Microsoft
Windows platforms. The application is exposed to a denial of service
issue because it fails to properly handle certain email attachments. A
file without extension can trigger the issue when clicked in a preview
pane. Microsoft Outlook 2007 SP2 is affected.
Ref: http://www.csis.dk/en/csis/news/3073/
______________________________________________________________________

10.49.3 CVE: Not Available
Platform: Third Party Windows Apps
Title: Google Desktop "schannel.dll" DLL Loading Arbitrary Code
Execution
Description: Google Desktop is a freely available application that
allows users to search the contents of their computer. The application
is exposed to an issue that lets attackers execute arbitrary code. The
issue arises because the application searches for the "schannel.dll"
Dynamic Link Library file in the current working directory. Google
Desktop version 5.9.1005.12335 is affected.
Ref:
http://blogs.technet.com/b/msrc/archive/2010/08/21/microsoft-security-advisory-2269637-released.aspx
______________________________________________________________________

10.49.4 CVE: Not Available
Platform: Third Party Windows Apps
Title: Winamp Prior to 5.6 Multiple Vulnerabilities
Description: Nullsoft Winamp is a media player for Microsoft Windows.
Winamp is exposed to multiple issues. Successful exploits will allow
attackers to execute arbitrary code in the context of the application
or cause denial of service. Winamp versions prior to 5.6
are affected.
Ref: http://secunia.com/secunia_research/2010-127/
______________________________________________________________________

10.49.5 CVE: Not Available
Platform: Linux
Title: Linux Kernel "inotify_init()" Memory Leak Local Denial of
Service
Description: The Linux kernel is exposed to a local denial of service
issue. Specifically, the issue occurs due to a memory leak in the
"inotify_init()" system call of the "fs/notify/inotify/inotify_user.c"
file.
Ref: http://www.securityfocus.com/bid/45036
______________________________________________________________________

10.49.6 CVE: CVE-2010-4249
Platform: Linux
Title: Linux Kernel Unix Sockets Local Denial of Service
Description: The Linux kernel is exposed to a local denial of service
issue when handling specially crafted UNIX sockets. Linux kernel
version 2.6.35 is affected.
Ref: https://bugzilla.redhat.com/show_bug.cgi?id=656756
______________________________________________________________________

10.49.7 CVE: CVE-2010-4072
Platform: Linux
Title: Linux Kernel "hmid_ds structure" Local Information Disclosure
Description: The Linux kernel is exposed to a local information
disclosure issue that affects the "ipc/shm.c" source file. This issue
occurs because the "shmid_ds" structure is copied to user space with
the second and third field being uninitialized.
Ref:
http://git.kernel.org/?p=linux/kernel/git/eugeneteo/linux-2.6-cve-tagged.git;a=commit;h=3af54c9bd9e6f14f896aac1bb0e8405ae0bc7a44
______________________________________________________________________

10.49.8 CVE: CVE-2010-3850,CVE-2010-3849,CVE-2010-3848
Platform: Linux
Title: Linux Kernel Econet Protocol Multiple Local Issues
Description: The Linux kernel is exposed to multiple local issues that
affect the Econet protocol.
Ref: http://www.securityfocus.com/bid/45072
______________________________________________________________________

10.49.9 CVE: CVE-2010-4073
Platform: Linux
Title: Linux Kernel Information Disclosure Issue
Description: The Linux kernel is exposed to an information disclosure
issue that may allow users to read uninitialized stack memory.
Specifically, the kernel fails to clear the "reserved" members of the
memory before allowing a user to use the affected structure.
Ref: https://bugzilla.redhat.com/show_bug.cgi?id=648658
______________________________________________________________________

10.49.10 CVE: CVE-2010-4074
Platform: Linux
Title: Linux Kernel TIOCGICOUNT Information Disclosure Issue
Description: The Linux kernel is exposed to an information disclosure
issue. This issue affects the "TIOCGICOUNT" device and may allow
users to read uninitialized stack memory. Specifically, the kernel
fails to clear the "reserved" members of the
"serial_ircounter_struct" before allowing a user to use the affected
structure.
Ref: http://www.securityfocus.com/bid/45074
______________________________________________________________________

10.49.11 CVE: CVE-2010-4179
Platform: Linux
Title: Red Hat Enterprise MRG Messaging and Grid Security Bypass Issue
Description: Red Hat Enterprise MRG (Messaging, Realtime, and Grid)
and Grid are realtime IT infrastructure for enterprise computing. Red
Hat Enterprise MRG Messaging and Grid are exposed to a security bypass
issue. This issue is due to inadequate access control between "cumin"
process and the Condor QMF plugin.
Ref: http://www.securityfocus.com/bid/45113
______________________________________________________________________

10.49.12 CVE: Not Available
Platform: BSD
Title: NetBSD "udp6_output()" Remote Denial of Service Issue
Description: NetBSD is an open-source BSD UNIX operating system.
NetBSD is exposed to a remote denial of service issue. Specifically,
the "udp6_output()" function may attempt to release packet options
even if they were never created, leading to a NULL pointer dereference
error.
Ref:
http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2010-013.txt.asc
______________________________________________________________________

10.49.13 CVE: CVE-2010-3699
Platform: Cross Platform
Title: Xen "blkback/blktap/netback" Leaked Kernel Thread Local Denial
of Service
Description: Xen is an open-source hypervisor or virtual machine
monitor. Xen is exposed to a denial of service issue because it fails
to properly remove a guest's references to the host device. This issue
affects the "blkback", "blktap", and "netback" kernel device drivers.
Ref: http://www.securityfocus.com/bid/45039
______________________________________________________________________

10.49.14 CVE: CVE-2010-4176
Platform: Cross Platform
Title: Fedora "Dracut" Package Insecure File Permissions Issue
Description: Dracut is a generic, modular initramfs-generation tool.
The Fedora "Dracut" package is exposed to an insecure file permissions
issue. Specifically, this issue occurs because the Dracut-generated
initramfs scripts create the "/dev/systty" device file with insecure
permissions.
Ref: http://www.securityfocus.com/bid/45046
______________________________________________________________________

10.49.15 CVE: Not Available
Platform: Cross Platform
Title: xine-lib "asfheader.c" Remote Memory Corruption
Description: The xine-lib library allows various media players to play
multiple media formats. The xine-lib library is exposed to a memory
corruption issue that occurs because the application uses an
uninitialized variable. xine-lib versions prior to 1.1.19 are
affected.
Ref: http://www.securityfocus.com/bid/45047
______________________________________________________________________

10.49.16 CVE: Not Available
Platform: Cross Platform
Title: CA Internet Security Suite 2010 "KmxSbx.sys" Local Privilege
Escalation
Description: CA Internet Security Suite 2010 is an Internet security
application. CA Internet Security Suite is exposed to a local
privilege escalation issue that affects the "KmxSbx.sys" file when
handling the "0x88000080" IOCTL call. CA Internet Security Suite 2010
version 6.2.0.22 is affected.
Ref: http://www.securityfocus.com/bid/45071
______________________________________________________________________

10.49.17 CVE: Not Available
Platform: Cross Platform
Title: collectd "cu_rrd_create_file()" Remote Denial of Service
Description: collectd is a system performance monitoring application.
collectd is exposed to a remote denial of service issue that affects
the "RRDtool" and "RRDCacheD" plugins. An attacker can exploit this
issue to crash the service, resulting in a denial of service.
collectd versions prior to 4.9.4 and 4.10.2 are affected.
Ref: http://collectd.org/news.shtml#news86
______________________________________________________________________

10.49.18 CVE: Not Available
Platform: Cross Platform
Title: Lightweight Rich Text Editor Plugin for jQuery
Description: Lightweight Rich Text Editor is a plugin for jQuery. The
application is exposed to a file upload issue because the application
fails to properly sanitize user-supplied input to the "uploader.php"
script. Lightweight Rich Text Editor version 1.2 is affected.
Ref: http://www.securityfocus.com/bid/45085
______________________________________________________________________

10.49.19 CVE: CVE-2010-3449
Platform: Cross Platform
Title: Apache Archiva Cross-Site Request Forgery Issue
Description: Apache Archiva is data repository management software.
Apache Archiva is exposed to a cross-site request forgery issue
because the application does not properly validate the origin of
requests. The following versions are affected:
Archiva versions 1.0 through 1.0.3, Archiva versions 1.1 through 1.1.4,
Archiva versions 1.2 through 1.2.2, Archiva versions 1.3 through 1.3.1
Ref: http://www.securityfocus.com/bid/45095
______________________________________________________________________

10.49.20 CVE: Not Available
Platform: Cross Platform
Title: Xen "fixup_page_fault()" Denial of Service
Description: Xen is a hypervisor or virtual machine monitor. Xen is
exposed to a denial of service issue. This issue occurs because the
"fixup_page_fault()" function in the "xen/arch/arch/x86/traps.c"
script fails to properly validate the memory addresses used for
indirect access.
Ref: http://www.securityfocus.com/bid/45099
______________________________________________________________________

10.49.21 CVE: CVE-2010-4313
Platform: Cross Platform
Title: Orbis CMS "fileman_file_upload.php" Arbitrary File Upload
Issue
Description: Orbis CMS is a PHP-based content manager. The application
is exposed to a file upload issue because the application fails to
properly sanitize user-supplied input to the "fileman_file_upload.php"
script. Orbis CMS version 1.0.2 is affected.
Ref: http://www.securityfocus.com/bid/45103
______________________________________________________________________

10.49.22 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: SimpLISTic SQL "email.cgi" Cross-Site Scripting
Description: SimpLISTic SQL is a PHP-based link manager. The
application is exposed to a cross-site scripting issue because it
fails to properly sanitize user-supplied input to the "email"
parameter of the "email.cgi" script. SimpLISTic SQL version 2.0 is
affected.
Ref: http://www.securityfocus.com/archive/1/514885
______________________________________________________________________

10.49.23 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: MCG GuestBook Multiple Cross-Site Scripting Vulnerabilities
Description: MCG GuestBook is a guestbook application. The application
is exposed to multiple cross-site scripting issues because it fails to
sanitize user-supplied input. MCG GuestBook version 1.0 is affected.
Ref: http://evuln.com/vulns/144/description.html
______________________________________________________________________

10.49.24 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Register Plus "wp-login.php" Multiple Cross-Site Scripting
Vulnerabilities
Description: Register Plus is a plugin for WordPress. WordPress is a
web-based publishing application. The application is exposed to
multiple cross-site scripting issues because it fails to sanitize
user-supplied input. Register Plus version 3.5.1 is affected.
Ref: http://www.securityfocus.com/archive/1/514903
______________________________________________________________________

10.49.25 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: WordPress Register Plus "wp-login.php" Multiple Cross-Site
Scripting Issues
Description: Register Plus is a plugin for WordPress. WordPress is a
web-based publishing application implemented in PHP. The application
is exposed to multiple cross-site scripting issues because it fails to
sanitize user-supplied input. Register Plus version 3.5.1 is affected.
Ref: http://www.securityfocus.com/bid/45069
______________________________________________________________________

10.49.26 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Diferior "views/post.php" Cross-Site Scripting
Description: Diferior is a PHP-based content management system. The
application is exposed to a cross-site scripting issue because it
fails to sufficiently sanitize user-supplied input to the
"post_content" variable of the "views/post.php" script. Diferior
version 8.03 is affected.
Ref: http://www.securityfocus.com/bid/45088
______________________________________________________________________

10.49.27 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: eSyndiCat Directory Software Multiple Cross-Site Scripting
Vulnerabilities
Description: eSyndiCat Directory Software is a web application. The
application is exposed to multiple cross-site scripting issues.
eSyndiCat Directory Software version 2.3 is affected.
Ref: http://www.securityfocus.com/bid/45093
______________________________________________________________________

10.49.28 CVE: CVE-2010-4329
Platform: Web Application - Cross Site Scripting
Title: phpMyAdmin Database Search Cross-Site Scripting Issue
Description: phpMyAdmin is a web-based administration interface for
MySQL databases. It is implemented in PHP. phpMyAdmin is exposed to a
cross-site scripting issue because it fails to sufficiently sanitize
user-supplied data to an unspecified parameter in the database search
script when spoofed requests are sent. phpMyAdmin versions prior to
3.3.8.1 and 2.11.11.1 are affected.
Ref: http://www.securityfocus.com/bid/45100
______________________________________________________________________

10.49.29 CVE: Not Available
Platform: Web Application - SQL Injection Issue
Title: JE Ajax Event Calendar "event_id" Parameter SQL Injection
Description: JE Ajax Event Calendar is a component for the Joomla
content manager. The JE Ajax Event Calendar "com_jeajaxeventcalendar"
component for Joomla is exposed to an SQL injection issue because it
fails to sufficiently sanitize user-supplied data to the "event_id"
parameter in the "index.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/45050
______________________________________________________________________

10.49.30 CVE: Not Available
Platform: Web Application - SQL Injection
Title: FreeTicket "contact.php" Multiple SQL Injection Vulnerabilities
Description: FreeTicket is a web-based application. FreeTicket is
exposed to multiple SQL injection issues because it fails to
sufficiently sanitize user-supplied data passed to the "id" and
"email" parameters of the "contact.php" script. FreeTicket version
1.0.0 is affected.
Ref: http://www.securityfocus.com/archive/1/514890
______________________________________________________________________

10.49.31 CVE: Not Available
Platform: Web Application - SQL Injection
Title: SiteEngine "comments.php" SQL Injection Issue
Description: SiteEngine is a PHP-based content manager. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "module" parameter of
the "comments.php" script before using it in an SQL query. SiteEngine
version 7.1 is affected.
Ref: http://www.securityfocus.com/bid/45056
______________________________________________________________________

10.49.32 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Wernhart Guestbook Multiple SQL Injection Vulnerabilities
Description: Wernhart Guestbook is a web-based application. Wernhart
Guestbook is exposed to multiple SQL injection issues because it fails
to sufficiently sanitize user-supplied data passed to the "LastName"
parameter of the "insert.phtml" script and certain unspecified
parameters to the "insert.phtml" and "select.phtml" scripts. Wernhart
Guestbook version 2001.03.28 is affected.
Ref: http://www.securityfocus.com/bid/45084
______________________________________________________________________

10.49.33 CVE: Not Available
Platform: Web Application - SQL Injection Issue
Title: Site2Nite Big Truck Broker "news_default.asp" SQL Injection
Description: Site2Nite Big Truck Broker is an ASP-based web
application. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"txtSiteId" parameter of the "news_default.asp" script before using it
in an SQL query.
Ref: http://www.securityfocus.com/bid/45077
______________________________________________________________________

10.49.34 CVE: Not Available
Platform: Web Application - SQL Injection
Title: E-lokaler CMS Admin Login Multiple SQL Injection Vulnerabilities
Description: E-lokaler CMS is a content management application. The
application is exposed to multiple SQL injection issues because it
fails to sufficiently sanitize user-supplied data to the "Username"
and "Password" fields of the "admin" script. E-lokaler CMS 2 is
affected.
Ref: http://packetstormsecurity.org/files/view/96177/elokalercms-sql.txt
______________________________________________________________________

10.49.35 CVE: Not Available
Platform: Web Application - SQL Injection Issue
Title: SmartBox "page_id" Parameter SQL Injection
Description: SmartBox is a PHP-based content manager. The application
is exposed to an SQL injection issue because it fails to properly
sanitize user-supplied input before using it in an SQL query.
Specifically, the application fails to sanitize data supplied to the
"page_id" parameter of the "page.php" script.
Ref: http://www.securityfocus.com/bid/45101
______________________________________________________________________

10.49.36 CVE: Not Available
Platform: Web Application - SQL Injection
Title: MicroNetSoft RV Dealer Websites Multiple SQL Injection
Vulnerabilities
Description: MicroNetSoft RV Dealer Websites is an RV dealership
website implemented in ASP. MicroNetSoft RV Dealer Websites is exposed
to multiple SQL injection issues because it fails to sufficiently
sanitize user-supplied data.
Ref: http://www.securityfocus.com/bid/45089
______________________________________________________________________

10.49.37 CVE: Not Available
Platform: Web Application
Title: MemHT Portal "User-Agent" HTTP Header HTML Injection
Description: MemHT Portal is a content manager. The application is
exposed to an HTML injection issue because it fails to properly
sanitize user-supplied input to the "User-Agent" HTTP Header in the
"inc/inc_getinfo.php" script. MemHT Portal version 4.0.1 is affected.
Ref: http://www.memht.com/news_149_MemHT-Portal-4-0-2.html
______________________________________________________________________

10.49.38 CVE: Not Available
Platform: Web Application
Title: DaDaBIK HTML Injection
Description: DaDaBIK is a PHP-based application that allows users to
create customizable front-end database interfaces. The module is
exposed to an HTML injection issue because it fails to properly
sanitize user-supplied input to the "html content" content type field
or "rich_editor" field type field. DaDaBIK version 4.3 beta3 is
affected.
Ref: https://bugzilla.redhat.com/show_bug.cgi?id=656756
______________________________________________________________________

10.49.39 CVE: Not Available
Platform: Web Application
Title: PHP Web Scripts Easy Banner Free Multiple SQL Injection and
HTML Injection Vulnerabilities
Description: Easy Banner is a banner exchange application. The
application is exposed to multiple issues because it fails to
sufficiently sanitize user-supplied data. Easy Banner Free version
2009.05.18 is affected.
Ref: http://www.securityfocus.com/archive/1/514908
______________________________________________________________________

10.49.40 CVE: Not Available
Platform: Network Device
Title: D-Link DIR-300 WiFi Key Security Bypass Issue
Description: The D-Link DIR-300 is a wireless router. The D-Link
DIR-300 wireless router is exposed to a security bypass issue. This
issue occurs because device allows unauthorized users to modify the
WiFi key.
Ref: http://www.securityfocus.com/bid/45038
______________________________________________________________________

(c) 2010. All rights reserved. The information contained in this
newsletter, including any external links, is provided "AS IS," with no
express or implied warranty, for informational purposes only. In some
cases, copyright for material in this newsletter may be held by a
party other than Qualys (as indicated herein) and permission to use
such material must be requested from the copyright owner.

Subscriptions: RISK is distributed free of charge by the SANS Institute
to people responsible for managing and securing information systems and
networks. You may forward this newsletter to others with such
responsibility inside or outside your organization. For a free
subscription or to update a current subscription, visit
http://portal.sans.org/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Darwin)

iEYEARECAAYFAkz5NMUACgkQ+LUG5KFpTkZmMACfYdkBn7wgWMDJIWMg+00yurnW
SdIAmwa0jgL8KFZJdlX1FY86GPGPvB0C
=uiji
-----END PGP SIGNATURE-----

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]