[Owasp-alabama] FW: @RISK: The Consensus Security Vulnerability Alert - Week 35 2009

owasp-alabama at lists.owasp.org owasp-alabama at lists.owasp.org
Thu Aug 27 13:45:48 EDT 2009


Thought you may find this interesting. There are several new APP based vulnerabilities in this report, along with Cisco and others.

 

JP

 

From: Qualys, Inc. [mailto:sans-qualys at qualys.com] 
Sent: Thursday, August 27, 2009 12:34 PM
To: pci at packetfocus.com
Subject: @RISK: The Consensus Security Vulnerability Alert - Week 35 2009

 

josh,

In partnership with SANS, Qualys is pleased to provide you with the @RISK 
Newsletter. This is a weekly newsletter that provides in-depth analysis of 
the latest vulnerabilities with straight forward remediation advice. Qualys 
supplies a large part of the newly-discovered vulnerability content used in 
this newsletter.  

*************************************************************************

            @RISK: The Consensus Security Vulnerability Alert

August 27, 2009                                           Vol. 8. Week 35

*************************************************************************

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

 

Summary of Updates and Vulnerabilities in this Consensus

Platform                        Number of Updates and Vulnerabilities

------------------------        -------------------------------------

Other Microsoft Products                        1

Third Party Windows Apps                        4

Linux                                           4

BSD                                             2

Solaris                                         5

Cross Platform                                 27 (#1, #2, #3, #4)

Web Application - Cross Site Scripting          8

Web Application - SQL Injection                19

Web Application                                14

Network Device                                  3

 
*************************************************************************


Table Of Contents

Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com <http://www.tippingpoint.com/> )

Widely Deployed Software

(1) CRITICAL: Autonomy KeyView Excel File Parsing Buffer Overflow Vulnerability

(2) HIGH: Google Chrome V8 JavaScript Engine Unauthorized Memory Read Vulnerability

(3) MODERATE: Symantec Altiris Deployment Solution Multiple Vulnerabilities

(4) MODERATE: Labtam ProFTP Vulnerability 'Welcome Message' Buffer Overflow Vulnerability


*************************************************************************

 

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com <http://www.qualys.com/>   <http://www.qualys.com/> <http://www.qualys.com>)

 

- -- Other Microsoft Products

09.35.1  - Microsoft Internet Explorer "li" Element Denial of Service

- -- Third Party Windows Apps

09.35.2  - Acer LunchApp ActiveX Control Remote Code Execution

09.35.3  - Avast! Antivirus Professional File System Filter Driver Buffer Overflow

09.35.4  - Novell Client ActiveX Control "nwsetup.dll" Unspecified Remote Denial of Service

09.35.5  - Nokia Lotus Notes Connector "lnresobject.dll" Unspecified Remote Denial of Service

- -- Linux

09.35.6  - Linux Kernel with SELinux "mmap_min_addr" Low Memory NULL Pointer Dereference

09.35.7  - Linux Kernel "cmp_ies()" Remote Null Pointer Dereference

09.35.8  - Linux Kernel "udp_sendmsg()" MSG_MORE Flag Local Privilege Escalation

09.35.9  - Linux Kernel "net/llc/af_llc.c" Local Information Disclosure

- -- BSD

09.35.10 - FreeBSD "kevent()" Race Condition

09.35.11 - FreeBSD ftpd "setusercontext()" Remote Privilege Escalation

- -- Solaris

09.35.12 - Sun Virtual Desktop Infrastructure (VDI) Secure LDAP

09.35.13 - Sun Solaris Filesystem and Virtual Memory Subsystems Local Denial of Service

09.35.14 - Sun Solaris sendfile(3EXT) and sendfilev(3EXT) Local Denial of Service

09.35.15 - Sun Solaris pollwakeup(9F) Local Denial of Service

09.35.16 - Sun Solaris Print Service (in.lpd(1M)) Remote Denial of Service

- -- Cross Platform

09.35.17 - Blue Coat ProxySG Proxy Authentication Bypass

09.35.18 - Adobe JRun "logviewer.jsp" Directory Traversal

09.35.19 - Adobe JRun Multiple Unspecified Cross-Site Scripting Vulnerabilities

09.35.20 - Adobe ColdFusion Session Fixation

09.35.21 - IBM DB2 Multiple Security Vulnerabilities

09.35.22 - Cisco IOS XR Invalid Border Gateway Protocol (BGP) Update Denial of Service

09.35.23 - Pidgin "msn_slplink_process_msg()" NULL Pointer Dereference Remote Code Execution

09.35.24 - ntop HTTP Basic Authentication NULL Pointer Dereference Denial of Service

09.35.25 - Computer Associates Internet Security Suite "vetmonnt.sys" Denial of Service

09.35.26 - Computer Associates Host-Based Intrusion Prevention System Remote Denial of Service

09.35.27 - Neon "ne_xml*" expat XML Parsing Denial of Service

09.35.28 - "Compress::Raw::Bzip2" Perl Module Remote Code Execution

09.35.29 - Kaspersky Products URI Parsing Denial of Service

09.35.30 - Cisco Firewall Services Module ICMP Packet Remote Denial of Service

09.35.31 - Squid Web Proxy Cache Authentication Header Parsing Remote Denial of Service

09.35.32 - Cisco IOS XR Long Length Border Gateway Protocol (BGP) Update Denial of Service

09.35.33 - Cisco IOS XR Border Gateway Protocol (BGP) Update AS Prepend Denial of Service

09.35.34 - Adobe ColdFusion Double-Encoded NULL Character Information Disclosure

09.35.35 - Expat UTF-8 Character XML Parsing Remote Denial of Service

09.35.36 - Cisco Security Monitoring Analysis and Response System Password Information Disclosure

09.35.37 - IBM AFS Client Denial of Service

09.35.38 - ProFTP "Welcome Message" Remote Buffer Overflow

09.35.39 - Cerberus FTP Server "ALLO" Command Buffer Overflow

09.35.40 - Autonomy KeyView Module Excel Document Processing Buffer Overflow

09.35.41 - Lxlabs Kloxo Hosting Platform and HyperVM Local Information Disclosure

09.35.42 - Cisco Lightweight Access Point Over The Air Manipulation Denial of Service

09.35.43 - Google Chrome V8 JavaScript Engine Remote Code Execution

- -- Web Application - Cross Site Scripting

09.35.44 - Adobe ColdFusion Multiple Cross-Site Scripting Vulnerabilities

09.35.45 - Adobe ColdFusion Unspecified Cross-Site Scripting

09.35.46 - Computer Associates SiteMinder "%00" Cross-Site Scripting Protection Security Bypass

09.35.47 - Adobe Flex SDK "index.template.html" Cross-Site Scripting

09.35.48 - Computer Associates SiteMinder Unicode Cross-Site Scripting Protection Security Bypass

09.35.49 - Drupal Printer, e-mail and PDF versions Module Multiple Cross-Site Scripting Vulnerabilities

09.35.50 - Geeklog mycaljp Plugin Cross-Site Scripting

09.35.51 - FreeNAS Unspecified Cross-Site Scripting

- -- Web Application - SQL Injection

09.35.52 - Discuz! "2fly_gift.php" SQL Injection

09.35.53 - IBM WebSphere Partner Gateway Console SQL Injection

09.35.54 - Joomla! "com_content" Component "ItemID" Parameter SQL Injection

09.35.55 - AJ Auction Pro OOPD "store.php" SQL Injection

09.35.56 - Dreamlevels Dreampics Builder "exhibition_id" Parameter SQL Injection

09.35.57 - Agares Media Arcadem Pro "index.php" SQL Injection

09.35.58 - Subdreamer CMS Multiple SQL Injection Vulnerabilities

09.35.59 - SugarCRM Unspecified SQL Injection

09.35.60 - Joomla! "com_ninjamonial" Component "testimID" Parameter SQL Injection

09.35.61 - Joomla! Siirler Bileseni Component "sid" Parameter SQL Injection

09.35.62 - Turnkey Arcade Script "id" Parameter Browse SQL Injection

09.35.63 - TYPO3 AIRware Lexicon Extension Unspecified SQL Injection

09.35.64 - TYPO3 Car Extension Unspecified SQL Injection

09.35.65 - TYPO3 AST ZipCodeSearch Extension Unspecified SQL Injection

09.35.66 - TYPO3 Event Registration Extension Unspecified SQL Injection

09.35.67 - TYPO3 Solidbase Bannermanagement Extension Unspecified SQL Injection

09.35.68 - TYPO3 t3m_affiliate Extension Unspecified SQL Injection

09.35.69 - TYPO3 T3M E-Mail Marketing Tool Extension Unspecified SQL Injection

09.35.70 - TYPO3 AJAX Chat Extension Unspecified SQL Injection

- -- Web Application

09.35.71 - Adobe ColdFusion Multiple HTML Injection Vulnerabilities

09.35.72 - DUWare DUgallery "admin/edit.asp" Authentication Bypass

09.35.73 - vtiger CRM Multiple Input Validation Vulnerabilities

09.35.74 - PHP-Lance Multiple Local File Include Vulnerabilities

09.35.75 - Drupal ImageCache Module Security Bypass and HTML Injection Vulnerabilities

09.35.76 - CuteFlow "pages/edituser.php" Security Bypass

09.35.77 - Feed Sidebar RSS Feed HTML Injection

09.35.78 - ScribeFire "<img>" tag HTML Injection

09.35.79 - Wizz RSS "<description>" tag HTML Injection

09.35.80 - Update Scanner "onerror" HTML Injection

09.35.81 - CoolPreviews Stack Preview Feature HTML Injection

09.35.82 - Joomla! jTips ("com_jtips") Component "season" Parameter SQL Injection

09.35.83 - Xerox WorkCentre LPD Requests Remote Denial of Service

09.35.84 - TYPO3 Commerce Extension Unspecified HTML Injection

- -- Network Device

09.35.85 - 2Wire Routers "password_required.html" Password Reset Security Bypass

09.35.86 - NetGear WNR2000 Multiple Information Disclosure Vulnerabilities

09.35.87 - NetGear WNR2000 "upg_restore.cgi" Authentication Bypass

______________________________________________________________________

 

PART I Critical Vulnerabilities

Part I for this issue has been compiled by Rohan Kotian at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

 

*****************************

Widely Deployed Software

*****************************

 

(1) CRITICAL: Autonomy KeyView Excel File Parsing Buffer Overflow Vulnerability

Affected:

Autonomy KeyView Viewer SDK 10.x

Autonomy KeyView Filter SDK 10.x

Autonomy KeyView Export SDK 10.x

IBM Lotus Notes 8.5.x

IBM Lotus Notes 7.0.x

IBM Lotus Notes 6.5.x

IBM Lotus Notes 6.0.x

IBM Lotus Notes 5.0.x

Symantec Mail Security for SMTP 5.0.x

Symantec Mail Security for Microsoft Exchange 6.0.x

Symantec Mail Security for Microsoft Exchange 5.0.x

Symantec Mail Security for Domino 7.5.x

Symantec Mail Security for Domino 8.0

Symantec Mail Security Appliance 5.0.x

Symantec Data Loss Prevention Endpoint Agents 9.0.x

Symantec Data Loss Prevention Endpoint Agents 8.1.1

Symantec Data Loss Prevention Detection Servers for Windows 9.0.1

Symantec Data Loss Prevention Detection Servers for Windows 8.1.1

Symantec Data Loss Prevention Detection Servers for Linux 9.0.1

Symantec Data Loss Prevention Detection Servers for Linux 8.1.1

Symantec Data Loss Prevention Detection Servers 7.2

Symantec BrightMail Appliance 8.0.x

Symantec BrightMail Appliance 5.0

 

Description: Autonomy KeyView Software Developer's Kit (SDK) is a collection of many file parsing libraries and is used by many popular vendors such as Lotus Notes and Symantec. This SDK is used to automatically parse and display different document formats, one of them is Microsoft Excel 97 format. Heap overflow vulnerability has been identified in Autonomy KeyView SDK while parsing a "Shared String Table (SST)" record within an Excel file. A specially crafted Excel file when processed by an application using the vulnerable Autonomy KeyView SDK will trigger the vulnerability. The specific flaw is caused due to an integer overflow error within the KeyView XLS viewer "xlssr.dll". Successful exploitation might allow an attacker to execute arbitrary code execution with different privileges depending on the application that is using the vulnerable Autonomy KeyView SDK. In some products the attack vector will be via an email attachment with the user having to view the malicious file; however in some cases file processing will take place automatically. Some technical details are publicly available for this vulnerability. 

 

Status: Vendor confirmed, updates available.   

 

References:

iDefense Security Advisory

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=823

Symantec Security Advisory

http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory <http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090825_00> &pvid=security_advisory&year=2009&suid=20090825_00

IBM Security Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg21396492

Vendor Home Page

http://www.autonomy.com/content/Products/KeyView/index.en.html

SecurityFocus BID

http://www.securityfocus.com/bid/36042

 

*************************************************************

 

(2) HIGH: Google Chrome V8 JavaScript Engine Unauthorized Memory Read Vulnerability

Affected:

Google Chrome versions prior to 2.0.172.143

 

Description: Google Chrome, a web browser developed by Google, is the fourth most popular web browser with 2.59% usage share among all the web browsers. A vulnerability has been identified in Google Chrome, which can be triggered while parsing a specially crafted web page. The specific flaw is in the V8 JavaScript engine, Google's open source JavaScript engine, which might allow a specially crafted web page with JavaScript to bypass security checks and read restricted memory. Successful exploitation of this vulnerability might allow an attacker to disclose sensitive data or execute arbitrary code within the Google Chrome sandbox. Full technical details publicly available via source code analysis.

 

Status: Vendor confirmed, updates available. 

 

References:

Google Chrome Security Release

http://googlechromereleases.blogspot.com/2009/08/stable-update-security-fixes.html

Wikipedia Article on Google Chrome

http://en.wikipedia.org/wiki/Google_Chrome 

Product Home Page

http://www.google.com/chrome

SecurityFocus BID

http://www.securityfocus.com/bid/36149

 

*************************************************************

 

(3) MODERATE: Symantec Altiris Deployment Solution Multiple Vulnerabilities

Affected:

Altiris Deployment Solution 6.x

 

Description: Symantec Altiris Deployment Solutions is a software tool designed to manage operating system patches and deploy different software’s on servers, desktops, notebooks etc. Multiple vulnerabilities have been identified in Symantec Altiris Deployment Solution which might result in privilege escalation, information disclosure, a denial-of-service condition and potential compromise of the client system. Some technical details are provided for these vulnerabilities. 

 

Status: Vendor confirmed, updates available. 

 

References:

Symantec Security Advisory

http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory <http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090826_00> &pvid=security_advisory&year=2009&suid=20090826_00

Product Home Page

http://www.altiris.com/products/deploymentsol/

SecurityFocus BID's

http://www.securityfocus.com/bid/36110

http://www.securityfocus.com/bid/36111

http://www.securityfocus.com/bid/36112

http://www.securityfocus.com/bid/36113

 

************************************************************* 

 

(4) MODERATE: Labtam ProFTP Vulnerability 'Welcome Message' Buffer Overflow Vulnerability

Affected:

LabTam ProFTP 2.9

 

Description: LabTam ProFTP is a software tool consisting of client implementations of File Transfer Protocol (FTP) program and Trivial File Transfer Protocol (TFTP) program among other features. A buffer overflow vulnerability has been identified in Labtam ProFTP which could be triggered by a specially crafted message sent from a malicious FTP server. The specific flaw is a boundary error while processing long greeting messages sent by a server. Successful exploitation might allow an attacker to execute arbitrary code or cause a denial-of-service condition. The victim user will have to be tricked into connecting to the specially crafted FTP server. Full technical details are publicly available for this vulnerability.  

 

Status: Vendor confirmed, no updates available. 

 

References:

Proof-of-Concept

http://milw0rm.com/exploits/9508 

Product Home Page

http://www.labtam-inc.com/index.php?act=products <http://www.labtam-inc.com/index.php?act=products&pid=1> &pid=1

SecurityFocus BID

http://www.securityfocus.com/bid/36128

 

*************************************************************  

 

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com <http://www.qualys.com/>   <http://www.qualys.com/> <http://www.qualys.com>)

Week 35, 2009

This list is compiled by Qualys ( www.qualys.com <http://www.qualys.com/>  ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 7394 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

______________________________________________________________________

 

09.35.1 CVE: Not Available

Platform: Other Microsoft Products

Title: Microsoft Internet Explorer "li" Element Denial of Service

Description: Microsoft Internet Explorer is a browser available for

multiple platforms. The browser is exposed to a remote denial of

service issue that is triggered when script code sets the "value"

attribute of an HTML "li" element that has not yet been added to the

Document Object Model (DOM). Internet Explorer versions prior to 8

beta 2 are affected.

Ref: http://www.webmasterworld.com/javascript/3244709.htm

______________________________________________________________________

 

09.35.2 CVE: CVE-2009-2627

Platform: Third Party Windows Apps

Title: Acer LunchApp ActiveX Control Remote Code Execution

Description: Acer LunchApp is an ActiveX control. The LunchApp

control AcerCtrls.APlunch is exposed to a remote code execution

issue because it fails to restrict access to an unsafe "Run()" method.

An attacker can exploit this issue to execute arbitrary code in the

context of the application using the vulnerable ActiveX control.

Ref: http://www.kb.cert.org/vuls/id/485961

______________________________________________________________________

 

09.35.3 CVE: Not Available

Platform: Third Party Windows Apps

Title: Avast! Antivirus Professional File System Filter Driver Buffer

Overflow

Description: Avast! is an antivirus application for Microsoft Windows.

Avast! Antivirus Professional is exposed to a buffer overflow issue

because it fails to adequately sanitize user-supplied data. This issue

affects the "File System Filter" driver. Avast! Antivirus Professional

version 4.8.1335 is affected.

Ref: http://www.securityfocus.com/bid/36115

______________________________________________________________________

 

09.35.4 CVE: Not Available

Platform: Third Party Windows Apps

Title: Novell Client ActiveX Control "nwsetup.dll" Unspecified Remote

Denial of Service

Description: Novell Client for Windows allows users to access Novell

services from remote computers. The Novell Client ActiveX control is

exposed to a remote denial of service issue because of an unspecified

error. This issue affects the "nwsetup.dll" library file. Novell

Client version 4.91.5.1 is affected.

Ref: http://www.novell.com/products/clients/windows/xp2000/overview.ht

ml

______________________________________________________________________

 

09.35.5 CVE: Not Available

Platform: Third Party Windows Apps

Title: Nokia Lotus Notes Connector "lnresobject.dll" Unspecified

Remote Denial of Service

Description: The Nokia Lotus Notes Connector "lnresobject.dll" ActiveX

control is exposed to a remote denial of service issue because of an

unspecified error. This issue affects version 7.1.1.119 of the

"lnresobject.dll" file. A successful attack allows the attacker to

crash an application that is using the ActiveX control, 

denying further service to legitimate users.

Ref: http://support.microsoft.com/kb/240797

______________________________________________________________________

 

09.35.6 CVE: CVE-2009-2695

Platform: Linux

Title: Linux Kernel with SELinux "mmap_min_addr" Low Memory NULL

Pointer Dereference

Description: The Linux kernel is exposed to a local NULL pointer

dereference issue. Local attackers may leverage this issue on

computers that have SELinux enabled to map low memory areas, even if

"mmap_min_addr" restrictions are enabled. This issue occurs because

the "allow_unconfined_mmap_low" boolean is not properly applied to

"unconfined_t" domains. Linux kernel version 2.6.23 is affected.

Ref: http://kbase.redhat.com/faq/docs/DOC-18042

______________________________________________________________________

 

09.35.7 CVE: Not Available

Platform: Linux

Title: Linux Kernel "cmp_ies()" Remote Null Pointer Dereference

Description: The Linux Kernel is exposed to a remote NULL pointer

dereference issue affecting the "cmp_ies()" function of the

"net/wireless/scan.c" source code file. This issue can be triggered if

a vulnerable computer scans and receives a malformed 802.11 beacon

packet which does not contain an SSID IE, and then receives a second

packet which does contain an SSIS IE. Linux kernel versions from

2.6.30-rc1 through 2.6.30.4 are affected.

Ref: http://www.openwall.com/lists/oss-security/2009/08/17/2

______________________________________________________________________

 

09.35.8 CVE: CVE-2009-2698

Platform: Linux

Title: Linux Kernel "udp_sendmsg()" MSG_MORE Flag Local Privilege

Escalation

Description: The Linux kernel is exposed to a local privilege

escalation issue. This issue occurs in the "udp_sendmsg()" function

and arises when the "MSG_MORE" flag on UDP sockets is handled. An

attacker can exploit this issue to execute arbitrary code with

elevated privileges, resulting in a complete compromise of the

affected computer.

Ref: http://www.securityfocus.com/bid/36108

______________________________________________________________________

 

09.35.9 CVE: Not Available

Platform: Linux

Title: Linux Kernel "net/llc/af_llc.c" Local Information Disclosure

Description: The Linux kernel is exposed to a local information

disclosure issue in the "llc_ui_getname()" function of the

"net/llc/af_llc.c" source file. Specifically, this issue occurs

because the software fails to properly clear the "sllc" data

structure. Successful exploits will disclose a certain amount of

kernel stack memory.

Ref: http://jon.oberheide.org/files/llc-getsockname-leak.c

______________________________________________________________________

 

09.35.10 CVE: Not Available

Platform: BSD

Title: FreeBSD "kevent()" Race Condition

Description: FreeBSD is exposed to a race condition issue in the

"kevent()" system call resulting in a kernel mode NULL pointer

dereference. Specifically, the issue can be exploited by spawning two

threads, one thread with looping "open()" and "close()" system calls

and the second thread with looping "kevent()" system call, to add an

invalid file descriptor. FreeBSD 6.1 and prior are vulnerable.

Ref: http://www.securityfocus.com/archive/1/506010

______________________________________________________________________

 

09.35.11 CVE: Not Available

Platform: BSD

Title: FreeBSD ftpd "setusercontext()" Remote Privilege Escalation

Description: FreeBSD is a BSD based operating system. ftpd is a FTP

server application. ftpd is exposed to a remote privilege escalation

issue. Specifically, the server calls the "setusercontext()" function

in an unsafe manner. An authenticated user able to upload or write to

a ".login_conf" configuration file may exploit this issue to set

limits on the server process. FreeBSD versions 5.0 and 7.0 are

affected.

Ref: http://isowarez.de/bsd-setusercontext.txt

______________________________________________________________________

 

09.35.12 CVE: Not Available

Platform: Solaris

Title: Sun Virtual Desktop Infrastructure (VDI) Secure LDAP

Description: Sun Virtual Desktop (VDI) Infrastructure Software is

exposed to an issue that may allow attackers to obtain sensitive

information. Attackers can exploit this issue to view client LDAP

requests for VDI configuration data from insecure connections. Sun VDI

3.0 for SPARC and x86 platforms is affected.

Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-265488-1

 

______________________________________________________________________

 

09.35.13 CVE: Not Available

Platform: Solaris

Title: Sun Solaris Filesystem and Virtual Memory Subsystems Local

Denial of Service

Description: Sun Solaris is a UNIX based operating system. Solaris is

exposed to a local denial of service issue that exists in the Solaris

kernel and occurs when interacting with the filesystem and virtual

memory subsystems. Solaris 8, 9, 10 and OpenSolaris based upon builds

snv_01 through snv_102 are affected for Sparc and x86 platforms.

Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-257848-1

 

______________________________________________________________________

 

09.35.14 CVE: Not Available

Platform: Solaris

Title: Sun Solaris sendfile(3EXT) and sendfilev(3EXT) Local Denial of

Service

Description: Sun Solaris is exposed to a local denial of service issue

that affects the sendfile(3EXT) and sendfilev(3EXT) extended library

functions. Local attackers may exploit this issue to panic a system,

denying service to legitimate users.

Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-258588-1

 

______________________________________________________________________

 

09.35.15 CVE: Not Available

Platform: Solaris

Title: Sun Solaris pollwakeup(9F) Local Denial of Service

Description: Sun Solaris is exposed to a local denial of service issue

that affects the "pollwakeup(9F)" function. Local attackers may exploit

this issue to panic a system, denying service to legitimate users.

Solaris 10 and OpenSolaris builds snv_01 through snv_50 are affected.

Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-265248-1

 

______________________________________________________________________

 

09.35.16 CVE: Not Available

Platform: Solaris

Title: Sun Solaris Print Service (in.lpd(1M)) Remote Denial of Service

Description: Sun Solaris is a UNIX-based operating system. Sun Solaris

is exposed to a remote denial of service issue because of an error in the

print service (in.lpd(1M)). Exploiting this issue allows attackers to

cause the vulnerable system to become unresponsive, effectively

denying service to legitimate users. Solaris 8 and 9 are affected.

Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-264608-1

 

______________________________________________________________________

 

09.35.17 CVE: Not Available

Platform: Cross Platform

Title: Blue Coat ProxySG Proxy Authentication Bypass

Description: Blue Coat ProxySG is an enterprise proxy appliance. Blue

Coat ProxySG is exposed to an authentication bypass vulnerability.

Specifically using a white listed domain in the referrer header of an

HTTP request may allow attackers to access resources that would

otherwise require proxy authentication. Blue Coat ProxySG version 8100

is affected.

Ref: http://www.securityfocus.com/bid/36045

______________________________________________________________________

 

09.35.18 CVE: CVE-2009-1873

Platform: Cross Platform

Title: Adobe JRun "logviewer.jsp" Directory Traversal

Description: Adobe JRun is a J2EE application server that is available

for Microsoft Windows, UNIX, and Linux variants. The application is

exposed to a directory traversal vulnerability because it fails to

sufficiently sanitize user-supplied input to the "logfile" parameter

of the "logging/logviewer.jsp" script. Adobe JRun 4 Updater version 7

is affected.

Ref: http://www.adobe.com/support/security/bulletins/apsb09-12.html

______________________________________________________________________

 

09.35.19 CVE: CVE-2009-1874

Platform: Cross Platform

Title: Adobe JRun Multiple Unspecified Cross-Site Scripting

Vulnerabilities

Description: Adobe JRun is a J2EE application server that is available

for Microsoft Windows, UNIX and Linux variants. JRun is exposed to

multiple unspecified cross-site scripting issues because it fails to

properly sanitize user-supplied input. JRun version 4.0 Updater 7 is

affected.

Ref: http://www.adobe.com/support/security/bulletins/apsb09-12.html

______________________________________________________________________

 

09.35.20 CVE: CVE-2009-1878

Platform: Cross Platform

Title: Adobe ColdFusion Session Fixation

Description: Adobe ColdFusion is an application for developing

websites; it is available for various operating systems. ColdFusion is

exposed to a session fixation issue. Attackers can exploit this issue

to hijack a user's session and gain unauthorized access to the

affected application. ColdFusion versions 8.0.1 and earlier are

affected.

Ref: http://www.adobe.com/support/security/bulletins/apsb09-12.html

______________________________________________________________________

 

09.35.21 CVE: Not Available

Platform: Cross Platform

Title: IBM DB2 Multiple Security Vulnerabilities

Description: IBM DB2 is a database manager. The application is exposed

to multiple remote issues. Successful exploitation of these issues may

allow an attacker to bypass certain security restrictions or cause

denial of service conditions. IBM DB2 versions prior to 8 FixPak 18

are affected.

Ref: http://www-01.ibm.com/support/docview.wss?rs=71 <http://www-01.ibm.com/support/docview.wss?rs=71&uid=swg24024075> &uid=swg24024075

______________________________________________________________________

 

09.35.22 CVE: CVE-2009-2055

Platform: Cross Platform

Title: Cisco IOS XR Invalid Border Gateway Protocol (BGP) Update

Denial of Service

Description: Cisco IOS XR is exposed to a remote denial of service

issue when receiving an invalid Border Gateway Protocol (BGP) update.

An attacker can exploit this issue to cause an affected device to

restart the peering session. The resulting peering session will flap

until the sender ceases to send the invalid update.

Ref: http://www.cisco.com/en/US/products/products_security_advisory091

86a0080af150f.shtml

______________________________________________________________________

 

09.35.23 CVE: CVE-2009-2694

Platform: Cross Platform

Title: Pidgin "msn_slplink_process_msg()" NULL Pointer Dereference

Remote Code Execution

Description: Pidgin is a multi-platform instant messaging client that

supports multiple messaging protocols. Libpurple is a library used to

provide instant-messaging functionality. The Libpurple library is

exposed to a remote code execution issue caused by a NULL pointer

dereference error. This issue occurs in the

"msn_slplink_process_msg()" function when processing specially crafted

SLP messages.

Ref: http://www.coresecurity.com/content/libpurple-arbitrary-write

______________________________________________________________________

 

09.35.24 CVE: CVE-2009-2732

Platform: Cross Platform

Title: ntop HTTP Basic Authentication NULL Pointer Dereference Denial

of Service

Description: ntop is a network traffic analysis tool available for a

number of operating systems. ntop includes an embedded web server used

for remote administration. The embedded web server is exposed to a

denial of service issue caused by a NULL pointer dereference. This

issue occurs when the web server is configured to support HTTP Basic

Authentication. ntop version 3.3.10 is affected.

Ref: http://www.securityfocus.com/archive/1/505876

______________________________________________________________________

 

09.35.25 CVE: CVE-2009-0682

Platform: Cross Platform

Title: Computer Associates Internet Security Suite "vetmonnt.sys"

Denial of Service

Description: Computer Associates Internet Security Suite is an

Internet security application. Internet Security Suite is exposed to a

denial of service issue because the application fails to sufficiently

sanitize user-supplied input to an IOCTL call before passing the data

to the "vetmonnt.sys" driver.

Ref: https://support.ca.com/irj/portal/anonymous/phpsupcontent?content

ID=214673

______________________________________________________________________

 

09.35.26 CVE: CVE-2009-2740

Platform: Cross Platform

Title: Computer Associates Host-Based Intrusion Prevention System

Remote Denial of Service

Description: Computer Associates Host-Based Intrusion Prevention

System is a firewall and IDS security application. Host-Based

Intrusion Prevention System is affected by a denial of service issue

because the application fails to properly handle malformed

user-supplied input. This issue occurs in the "kmxIds.sys" driver.

Host-Based Intrusion Prevention System version 8.1 is affected.

Ref: https://support.ca.com/irj/portal/anonymous/phpsupcontent?content

ID=214665

______________________________________________________________________

 

09.35.27 CVE: CVE-2009-2473

Platform: Cross Platform

Title: Neon "ne_xml*" expat XML Parsing Denial of Service

Description: Neon is an HTTP and WebDAV client library. Neon is

exposed to a denial of service  issue. Specifically, the issue affects

the expat XML parser in the "ne_xml_*" interface. An attacker may

exploit the issue via a crafted XML document or a malicious webDAV

server. Neon versions prior to 0.28.6 are affected.

Ref: http://lists.manyfish.co.uk/pipermail/neon/2009-August/001045.htm

l

______________________________________________________________________

 

09.35.28 CVE: CVE-2009-1884

Platform: Cross Platform

Title: "Compress::Raw::Bzip2" Perl Module Remote Code Execution

Description: Perl is a multiplatform programming language. The

"Compress::Raw::Bzip2" module provides a low level interface to the

"bzip2" compression library. The "Compress::Raw::Bzip2" Perl module is

exposed to a remote code execution issue that is triggered when the

module is used to process compressed data. "Compress::Raw::Bzip2"

versions prior to 2.019 are affected.

Ref: http://bugs.gentoo.org/show_bug.cgi?id=281955

______________________________________________________________________

 

09.35.29 CVE: Not Available

Platform: Cross Platform

Title: Kaspersky Products URI Parsing Denial of Service

Description: Kaspersky products are exposed to a denial of service

issue. The issue presents itself when a vulnerable application parses

a specially crafted URI containing excessive number of dots.

Reportedly the issue will cause the application to consume all

available CPU resources and become unresponsive.

Ref: http://securityreason.com/achievement_securityalert/66

______________________________________________________________________

 

09.35.30 CVE: CVE-2009-0638

Platform: Cross Platform

Title: Cisco Firewall Services Module ICMP Packet Remote Denial of

Service

Description: Cisco Firewall Services Module (FWSM) is a firewall

module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series

Routers. FWSM is exposed to a remote denial of service issue because

it fails to handle malformed ICMP packets.

Ref: http://www.securityfocus.com/archive/1/505926

______________________________________________________________________

 

09.35.31 CVE: CVE-2009-2855

Platform: Cross Platform

Title: Squid Web Proxy Cache Authentication Header Parsing Remote

Denial of Service

Description: Squid is an open source proxy server available for a

number of platforms. Squid is exposed to a remote denial of service

issue because the proxy server fails to properly parse certain

external authentication headers that contain comma delimiters. This

issue occurs in the "strListGetItem()" function in the

"src/HttpHeaderTools.c" source file. This issue requires that the

"external_acl_type" configuration option defining a different

delimiter than a comma is set.

Ref: https://bugzilla.redhat.com/show_bug.cgi?id=518182

______________________________________________________________________

 

09.35.32 CVE: CVE-2009-1154

Platform: Cross Platform

Title: Cisco IOS XR Long Length Border Gateway Protocol (BGP) Update

Denial of Service

Description: Cisco IOS XR is exposed to a remote denial of service

issue when sending an excessively large Border Gateway Protocol (BGP)

update. An attacker can exploit this issue to cause the BGP process to

crash, creating a denial of service condition.

Ref: http://www.cisco.com/en/US/products/products_security_advisory091

86a0080af150f.shtml

______________________________________________________________________

 

09.35.33 CVE: CVE-2009-2056

Platform: Cross Platform

Title: Cisco IOS XR Border Gateway Protocol (BGP) Update AS Prepend

Denial of Service

Description: Cisco IOS XR is exposed to a remote denial of service

issue when constructing a Border Gateway Protocol (BGP) update which

includes a large number of AS (autonomous system) prepends. An

attacker can exploit this issue to cause the BGP process to crash,

creating a denial of service condition.

Ref: http://www.cisco.com/en/US/products/products_security_advisory091

86a0080af150f.shtml

______________________________________________________________________

 

09.35.34 CVE: CVE-2009-1876

Platform: Cross Platform

Title: Adobe ColdFusion Double-Encoded NULL Character Information

Disclosure

Description: Adobe ColdFusion is an application for developing

websites. ColdFusion is exposed to an information disclosure issue

caused by a double-encoded NULL character. Attackers can exploit this

issue to obtain sensitive information. ColdFusion versions 8.0.1 and

earlier are affected.

Ref: http://www.adobe.com/support/security/bulletins/apsb09-12.html

______________________________________________________________________

 

09.35.35 CVE: Not Available

Platform: Cross Platform

Title: Expat UTF-8 Character XML Parsing Remote Denial of Service

Description: Expat is a C library used for parsing XML documents. The

Expat library is exposed to a denial of service issue because it fails

to handle specially crafted XML data. Specifically, processing crafted

XML documents containing UTF-8 characters may result in the parser

entering an infinite loop. Expat version 2.0.1 is affected.

Ref: http://mail.python.org/pipermail/expat-bugs/2009-January/002781.h

tml

______________________________________________________________________

 

09.35.36 CVE: Not Available

Platform: Cross Platform

Title: Cisco Security Monitoring Analysis and Response System Password

Information Disclosure

Description: Cisco Security Monitoring, Analysis, and Response System

(MARS) is a security system that correlates and analyzes data in event

logs received from various network devices. The application is exposed

to a local information disclosure issue because log files created with

the "pnlog" utility contain multiple instances of passwords that the

application uses to connect to remote devices. Cisco Security MARS

versions 6.0.4 and earlier are vulnerable.

Ref: http://www.securityfocus.com/archive/1/505995

______________________________________________________________________

 

09.35.37 CVE: Not Available

Platform: Cross Platform

Title: IBM AFS Client Denial of Service

Description: IBM AFS client application for Linux is exposed to a

remote denial of service issue due to an unspecified error. Attackers

can exploit this issue to crash the application, denying service to

legitimate users. IBM AFS versions prior to 3.6 Patch 19 are affected.

Ref: http://www-01.ibm.com/support/docview.wss?uid=swg21396389

______________________________________________________________________

 

09.35.38 CVE: Not Available

Platform: Cross Platform

Title: ProFTP "Welcome Message" Remote Buffer Overflow

Description: ProFTP is an FTP client application. ProFTP is exposed to

a remote buffer overflow issue because the application fails to

perform adequate boundary checks on user-supplied data. The

vulnerability occurs when handling a specially crafted welcome

message. ProFTP version 2.9 is affected.

Ref: http://www.securityfocus.com/bid/36128

______________________________________________________________________

 

09.35.39 CVE: Not Available

Platform: Cross Platform

Title: Cerberus FTP Server "ALLO" Command Buffer Overflow

Description: Cerberus FTP Server is an FTP server application for

Microsoft Windows platforms. The software is exposed to a buffer

overflow issue caused by a boundary error within the "ALLO" command.

Ref: http://www.securityfocus.com/bid/36134

______________________________________________________________________

 

09.35.40 CVE: Not Available

Platform: Cross Platform

Title: Autonomy KeyView Module Excel Document Processing Buffer

Overflow

Description: Autonomy KeyView is a component used in multiple

applications. It adds high-speed filtering, high-fidelity viewing, and

exporting of documents to web-ready HTML or valid XML. The KeyView

module is exposed to a buffer overflow issue because it fails to

perform adequate boundary checks on user-supplied data before copying

it to insufficiently sized buffers. This issue occurs in the Keyview

XLS file viewer ("xlssr.dll") when a user views a specially crafted

Microsoft Excel Spreadsheet (XLS) file attachment. Multiple products

using the KeyView module are affected.

Ref: http://www.symantec.com/business/security_response/securityupdate

s/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090825_00

______________________________________________________________________

 

09.35.41 CVE: Not Available

Platform: Cross Platform

Title: Lxlabs Kloxo Hosting Platform and HyperVM Local Information

Disclosure

Description: Kloxo Hosting Platform (formerly known as Lxadmin) is an

application for managing multiple websites, domains, and webservers. 

HyperVM is a virtualization management application. The applications

are exposed to a local information disclosure issue that occurs

because backup files created with the "Backup Home" feature are stored

with world-readable permissions. Kloxo Hosting Platform version 5.75

is affected.

Ref: http://www.securityfocus.com/archive/1/506085

______________________________________________________________________

 

09.35.42 CVE: Not Available

Platform: Cross Platform

Title: Cisco Lightweight Access Point Over The Air Manipulation Denial

of Service

Description: Cisco Lightweight Access Point is a configuration

management access point device. Cisco Lightweight Access Point is

exposed to a remote denial of service issue due to insufficient

protection during the wireless access point association sequence.

Specifically the device can configure access points with a preferred

controller list that will bypass the OTAP provisioning process.

Ref: http://tools.cisco.com/security/center/viewAlert.x?alertId=18919

______________________________________________________________________

 

09.35.43 CVE: CVE-2009-2935

Platform: Cross Platform

Title: Google Chrome V8 JavaScript Engine Remote Code Execution

Description: Google Chrome is a web browser. Chrome is exposed to a

remote code execution issue. Specifically, this issue arises when the

V8 JavaScript engine handles malformed JavaScript code. Malicious

JavaScript code may gain unauthorized access to memory allowing the

attacker to gain access to sensitive information and execute arbitrary

code in the Chrome sandbox. Chrome versions prior to 2.0.172.43 are

affected.

Ref: http://googlechromereleases.blogspot.com/2009/08/stable-update-se

curity-fixes.html

______________________________________________________________________

 

09.35.44 CVE: CVE-2009-1875

Platform: Web Application - Cross Site Scripting

Title: Adobe ColdFusion Multiple Cross-Site Scripting Vulnerabilities

Description: Adobe ColdFusion is software for developing web

applications. Since the application fails to sufficiently sanitize

user-supplied input, it is exposed to multiple cross-site scripting

issues. The attacker could exploit these vulnerabilities to execute

arbitrary script code in the context of the affected website.

Ref: http://www.adobe.com/support/security/bulletins/apsb09-12.html

______________________________________________________________________

 

09.35.45 CVE: CVE-2009-1877

Platform: Web Application - Cross Site Scripting

Title: Adobe ColdFusion Unspecified Cross-Site Scripting

Description: Adobe ColdFusion is an application for developing

websites; it is available for various operating systems. The

application is exposed to an unspecified cross-site scripting issue

because it fails to properly sanitize user-supplied input. ColdFusion

versions 8.0.1 and earlier are affected.

Ref: http://www.adobe.com/support/security/bulletins/apsb09-12.html

______________________________________________________________________

 

09.35.46 CVE: CVE-2009-2704

Platform: Web Application - Cross Site Scripting

Title: Computer Associates SiteMinder "%00" Cross-Site Scripting

Protection Security Bypass

Description: Computer Associates SiteMinder (formerly Netegrity

SiteMinder) is a web access management application. SiteMinder is

exposed to a security bypass issue because it fails to properly

validate user-supplied URIs.

Ref: http://i8jesus.com/?p=55

______________________________________________________________________

 

09.35.47 CVE: CVE-2009-1879

Platform: Web Application - Cross Site Scripting

Title: Adobe Flex SDK "index.template.html" Cross-Site Scripting

Description: Adobe Flex SDK is a development framework for web

applications. Flex SDK is exposed to a cross-site scripting issue

because it fails to properly sanitize user-supplied input. An attacker

could exploit this vulnerability to execute arbitrary script code in

the context of a web application built using the SDK. Flex SDK

versions prior to 3.4 are affected.

Ref: http://www.adobe.com/support/security/bulletins/apsb09-13.html

______________________________________________________________________

 

09.35.48 CVE: CVE-2009-2705

Platform: Web Application - Cross Site Scripting

Title: Computer Associates SiteMinder Unicode Cross-Site Scripting

Protection Security Bypass

Description: Computer Associates SiteMinder (formerly Netegrity

SiteMinder) is an application for managing access to web applications.

SiteMinder is exposed to a security bypass issue because it fails to

properly validate user-supplied URIs. Specifically, attackers can

bypass cross-site scripting protections for J2EE applications with a

request that substitutes blacklisted characters with noncanonical

overlong Unicode characters.

Ref: http://i8jesus.com/?p=55

______________________________________________________________________

 

09.35.49 CVE: Not Available

Platform: Web Application - Cross Site Scripting

Title: Drupal Printer, e-mail and PDF versions Module Multiple Cross-

Site Scripting Vulnerabilities

Description: Printer, e-mail and PDF versions is a Drupal module for

generating printer friendly versions of any node. The application is

exposed to multiple cross-site scripting issues because it fails to

sufficiently sanitize user-supplied data.

Ref: http://drupal.org/node/554448

______________________________________________________________________

 

09.35.50 CVE: Not Available

Platform: Web Application - Cross Site Scripting

Title: Geeklog mycaljp Plugin Cross-Site Scripting

Description: Geeklog is a web-based application. mycaljp is a plugin

for Geeklog. The application is exposed to a cros- site scripting

issue because it fails to sanitize user-supplied input to an

unspecified parameter. mycaljp versions prior to 2.0.7 are affected.

Ref: http://www.securityfocus.com/bid/36095

______________________________________________________________________

 

09.35.51 CVE: CVE-2009-2739

Platform: Web Application - Cross Site Scripting

Title: FreeNAS Unspecified Cross-Site Scripting

Description: FreeNAS is a network attached storage (NAS) server.

FreeNAS is exposed to a cross-site scripting issue because it fails to

sufficiently sanitize user-supplied data. An attacker may leverage

this issue to execute arbitrary script code in the browser of an

unsuspecting user in the context of the affected site. FreeNAS

versions prior to 0.69.2 are affected.

Ref: http://jvn.jp/en/jp/JVN89791790/index.html

______________________________________________________________________

 

09.35.52 CVE: Not Available

Platform: Web Application - SQL Injection

Title: Discuz! "2fly_gift.php" SQL Injection

Description: Discuz! is a web-based application. The application is

exposed to an SQL injection issue because it fails to sufficiently

sanitize user-supplied data to the "gameid" parameter of the

"2fly_gift.php" script before using it an SQL query. Discuz! version

6.0 is affected.

Ref: http://www.securityfocus.com/bid/36044

______________________________________________________________________

 

09.35.53 CVE: CVE-2009-2093

Platform: Web Application - SQL Injection

Title: IBM WebSphere Partner Gateway Console SQL Injection

Description: IBM WebSphere Partner Gateway (WPG) is a

business-to-business tool for use with WebSphere Application Server.

The application is exposed to an SQL injection issue because it fails

to sufficiently sanitize user-supplied data to an unspecified

parameter of the console  before using it an SQL query.

Ref: http://www-01.ibm.com/support/docview.wss?uid=swg21382117

______________________________________________________________________

 

09.35.54 CVE: CVE-2008-6923

Platform: Web Application - SQL Injection

Title: Joomla! "com_content" Component "ItemID" Parameter SQL

Injection

Description: Joomla! is a PHP-based content management system. The

application is exposed to an SQL injection issue because it fails to

sufficiently sanitize user-supplied data to the "ItemID" parameter of

the "com_content" component before using it in an SQL query. Joomla!

version 1.0.0 is affected.

Ref: http://www.securityfocus.com/bid/36064

______________________________________________________________________

 

09.35.55 CVE: Not Available

Platform: Web Application - SQL Injection

Title: AJ Auction Pro OOPD "store.php" SQL Injection

Description: AJ Auction Pro OOPD is a web-based application. The

application is exposed to an SQL injection issue because it fails to

sufficiently sanitize user-supplied data to the "id" parameter of the

"store.php" script before using it in an SQL query. AJ Auction Pro

OOPD version 2.x is affected.

Ref: http://www.securityfocus.com/bid/36066

______________________________________________________________________

 

09.35.56 CVE: Not Available

Platform: Web Application - SQL Injection

Title: Dreamlevels Dreampics Builder "exhibition_id" Parameter SQL

Injection

Description: Dreampics Builder is a PHP-based content manager and

photo/video gallery application. The application is exposed to an SQL

injection issue because it fails to sufficiently sanitize

user-supplied data to the "exhibition_id" parameter of the "index.php"

script before using it in an SQL query.

Ref: http://www.securityfocus.com/bid/36067

______________________________________________________________________

 

09.35.57 CVE: Not Available

Platform: Web Application - SQL Injection

Title: Agares Media Arcadem Pro "index.php" SQL Injection

Description: Arcadem Pro is an arcade script. The application is

exposed to an SQL injection issue because it fails to properly

sanitize user-supplied input to the "article" parameter of the

"index.php" script before using it in an SQL query. Arcadem Pro

version 2.0 is affected.

Ref: http://www.securityfocus.com/bid/36069

______________________________________________________________________

 

09.35.58 CVE: Not Available

Platform: Web Application - SQL Injection

Title: Subdreamer CMS Multiple SQL Injection Vulnerabilities

Description: Subdreamer CMS is a Web-based content manager. The

application is exposed to multiple SQL injection issues because it

fails to sufficiently sanitize user-supplied data to the following

scripts: "includes/usersystems/phpbb3.php" and

"includes/usersystems/ipb2.php". Subdreamer CMS versions prior to

2.5.3.3 are affected.

Ref: http://www.securityfocus.com/archive/1/505979

______________________________________________________________________

 

09.35.59 CVE: Not Available

Platform: Web Application - SQL Injection

Title: SugarCRM Unspecified SQL Injection

Description: SugarCRM is a PHP-based web application. The application

is exposed to an SQL injection issue because it fails to sufficiently

sanitize user-supplied data before using it in an SQL query. A

successful exploit may allow an attacker to compromise the

application, access or modify data, or exploit latent vulnerabilities

in the underlying database. SugarCRM  versions prior to 5.2.0h,

5.0.0l, and 4.5.1p are affected.

Ref: http://www.sugarcrm.com/forums/showthread.php?t=50907

______________________________________________________________________

 

09.35.60 CVE: Not Available

Platform: Web Application - SQL Injection

Title: Joomla! "com_ninjamonial" Component "testimID" Parameter SQL

Injection

Description: The "com_ninjamonial" component facilitates managing

testimonials from users for the Joomla! content manager. The

application is exposed to an SQL injection issue because it fails to

sufficiently sanitize user-supplied data to the "testimID" parameter

of the "com_ninjamonial" component before using it in an SQL query.

Ref: http://www.securityfocus.com/bid/36122

______________________________________________________________________

 

09.35.61 CVE: Not Available

Platform: Web Application - SQL Injection

Title: Joomla! Siirler Bileseni Component "sid" Parameter SQL

Injection

Description: Siirler Bileseni is a component for the Joomla! content

manager. The application is exposed to an SQL injection issue because

it fails to sufficiently sanitize user-supplied data to the "sid"

parameter of the "com_siirler" component before using it an SQL query.

Siirler Bileseni version 1.2 RC is affected.

Ref: http://www.securityfocus.com/bid/36127

______________________________________________________________________

 

09.35.62 CVE: Not Available

Platform: Web Application - SQL Injection

Title: Turnkey Arcade Script "id" Parameter Browse SQL Injection

Description: Turnkey Arcade Script is a PHP-based web application. The

application is exposed to an SQL injection issue because it fails to

sufficiently sanitize user-supplied data to the "id" parameter of the

"index.php" script when the "action" parameter is set to "browse"

before using it in an SQL query.

Ref: http://www.securityfocus.com/bid/36129

______________________________________________________________________

 

09.35.63 CVE: Not Available

Platform: Web Application - SQL Injection

Title: TYPO3 AIRware Lexicon Extension Unspecified SQL Injection

Description: AIRware Lexicon extension ("air_lexicon") is an extension

for the TYPO3 content manager. The extension is exposed to an SQL

injection issue because it fails to sufficiently sanitize input before

using it in an SQL-query. AIRware Lexicon version 0.0.1 is affected.

Ref: http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-

013/

______________________________________________________________________

 

09.35.64 CVE: Not Available

Platform: Web Application - SQL Injection

Title: TYPO3 Car Extension Unspecified SQL Injection

Description: Car ("car") is an extension for the TYPO3 content

manager. The extension is exposed to an SQL injection issue because it

fails to sufficiently sanitize input before using it in an SQL query.

Car versions prior to 0.1.1 are affected.

Ref: http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-

013/

______________________________________________________________________

 

09.35.65 CVE: Not Available

Platform: Web Application - SQL Injection

Title: TYPO3 AST ZipCodeSearch Extension Unspecified SQL Injection

Description: AST ZipCodeSearch ("ast_addresszipsearch") is an

extension for the TYPO3 content manager. The extension is exposed to

an SQL injection issue because it fails to sufficiently sanitize input

before using it in an SQL query. AST ZipCodeSearch version 0.5.4 is

affected.

Ref: http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-

013/

______________________________________________________________________

 

09.35.66 CVE: Not Available

Platform: Web Application - SQL Injection

Title: TYPO3 Event Registration Extension Unspecified SQL Injection

Description: Event Registration ("event_registr") is an extension for

the TYPO3 content manager. The extension is exposed to an SQL

injection issue because it fails to sufficiently sanitize input before

using it in an SQL query. Event Registration versions 1.0.0 and

earlier are affected.

Ref: http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-

013/

______________________________________________________________________

 

09.35.67 CVE: Not Available

Platform: Web Application - SQL Injection

Title: TYPO3 Solidbase Bannermanagement Extension Unspecified SQL

Injection

Description: Solidbase Bannermanagement ("SBbanner") is an extension

for the TYPO3 content manager. 

The extension is prone to an SQL injection vulnerability because it

fails to sufficiently sanitize input before using it in an SQL query.

Solidbase Bannermanagement versions 1.0.1 and earlier are affected.

Ref: http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-

013/

______________________________________________________________________

 

09.35.68 CVE: Not Available

Platform: Web Application - SQL Injection

Title: TYPO3 t3m_affiliate Extension Unspecified SQL Injection

Description: t3m_affiliate ("t3m_affiliate") is an extension for the

TYPO3 content manager. The extension is exposed to an SQL injection

issue because it fails to sufficiently sanitize input before using it

in an SQL query. t3m_affiliate versions 0.5.0 and earlier are

affected.

Ref: http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-

013/

______________________________________________________________________

 

09.35.69 CVE: Not Available

Platform: Web Application - SQL Injection

Title: TYPO3 T3M E-Mail Marketing Tool Extension Unspecified SQL

Injection

Description: T3M E-Mail Marketing Tool extension ('t3m') is an

extension for the TYPO3 content manager. The extension is exposed to

an SQL injection issue because it fails to sufficiently sanitize input

before using it in an SQL query. T3M E-Mail Marketing Tool versions

0.2.4 and earlier are affected.

Ref: http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-

012/

______________________________________________________________________

 

09.35.70 CVE: Not Available

Platform: Web Application - SQL Injection

Title: TYPO3 AJAX Chat Extension Unspecified SQL Injection

Description: AJAX Chat ("vjchat") is an extension for the TYPO3

content manager. The extension is exposed to an SQL injection issue

because it fails to sufficiently sanitize input before using it in an

SQL query. AJAX Chat versions prior to 0.3.3 are affected.

Ref: http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-

013/

______________________________________________________________________

 

09.35.71 CVE: CVE-2009-1872

Platform: Web Application

Title: Adobe ColdFusion Multiple HTML Injection Vulnerabilities

Description: Adobe ColdFusion is an application for developing

websites; it is available for various operating systems. The

application is exposed to multiple HTML injection issues because it

fails to properly sanitize user-supplied input before using it in

dynamically generated content. Adobe ColdFusion version 8 is affected.

Ref: http://www.adobe.com/support/security/bulletins/apsb09-12.html

______________________________________________________________________

 

09.35.72 CVE: Not Available

Platform: Web Application

Title: DUWare DUgallery "admin/edit.asp" Authentication Bypass

Description: DUgallery is a web-based image gallery application

implemented in ASP. The application is exposed to an

authentication bypass vulnerability. This issue occurs because the

application fails to properly restrict access to the

"Accessories/admin/edit.asp" script when the "iPic" parameter is set

to arbitrary values. DUgallery version 3.0 is affected.

Ref: http://www.securityfocus.com/archive/1/505802

______________________________________________________________________

 

09.35.73 CVE: Not Available

Platform: Web Application

Title: vtiger CRM Multiple Input Validation Vulnerabilities

Description: vtiger CRM is a PHP-based Customer Relationship

Management application. The application is exposed to multiple issues

because it fails to sanitize user-supplied input. Attackers can

exploit these issues to execute arbitrary script code within the

context of the webserver, perform unauthorized actions, compromise the

affected application, steal cookie-based authentication credentials or

obtain information that could aid in further attacks. vtiger CRM

version 5.0.4 is affected.

Ref: http://www.securityfocus.com/archive/1/505834

______________________________________________________________________

 

09.35.74 CVE: Not Available

Platform: Web Application

Title: PHP-Lance Multiple Local File Include Vulnerabilities

Description: PHP-Lance is a PHP-based freelance application. The

application is exposed to multiple local file include issues because

it fails to properly sanitize user-supplied input. The attacker can

exploit these issues to execute arbitrary local script code. This can

allow the attacker to obtain sensitive information that may aid in

further attacks. PHP-Lance version 1.52 is affected.

Ref: http://www.securityfocus.com/bid/36065

______________________________________________________________________

 

09.35.75 CVE: Not Available

Platform: Web Application

Title: Drupal ImageCache Module Security Bypass and HTML Injection

Vulnerabilities

Description: ImageCache is a module for setting image processing

presets for the Drupal content manager. The application is exposed to

multiple issues because it fails to sanitize user-supplied input.

ImageCache versions prior to 5.x-2.5 and 6.x-2.0-beta10 are affected.

Ref: http://drupal.org/node/554084

______________________________________________________________________

 

09.35.76 CVE: Not Available

Platform: Web Application

Title: CuteFlow "pages/edituser.php" Security Bypass

Description: CuteFlow is a PHP-based web application. The application

is exposed to a security bypass issue because it fails to restrict

access to the "pages/edituser.php" script. CuteFlow version 2.10.3 is

affected.

Ref: http://www.securityfocus.com/archive/1/506000

______________________________________________________________________

 

09.35.77 CVE: Not Available

Platform: Web Application

Title: Feed Sidebar RSS Feed HTML Injection

Description: Feed Sidebar is a RSS feed reader extension for Mozilla

Firefox. Feed Sidebar is exposed to an HTML injection issue because it

fails to properly sanitize user-supplied input before using it in

dynamically generated content. Specifically, it fails to properly

sanitize the data in the "<description>" tags. Feed Sidebar versions

prior to 3.2 are affected.

Ref: http://www.securityfocus.com/archive/1/506029

______________________________________________________________________

 

09.35.78 CVE: Not Available

Platform: Web Application

Title: ScribeFire "<img>" tag HTML Injection

Description: ScribeFire is an extension for Mozilla Firefox used to

post blogs. Feed Sidebar is exposed to an HTML injection issue because

it fails to properly sanitize user-supplied input before using it in

dynamically generated content. Specifically, it fails to properly

sanitize the "onLoad" parameter in the "<img>" tag. ScribeFire 

versions prior to 3.4.2 are affected.

Ref: http://www.securityfocus.com/archive/1/506030

______________________________________________________________________

 

09.35.79 CVE: Not Available

Platform: Web Application

Title: Wizz RSS "<description>" tag HTML Injection

Description: Wizz RSS is a feeds reader extension for Mozilla Firefox.

Wizz RSS is exposed to an HTML injection issue because it fails to

properly sanitize user-supplied input before using it in dynamically

generated content. Specifically, it fails to properly sanitize the

data in the "<description>" tag. Wizz RSS versions prior to 3.4.2 and

Wizz RSS Lite version 3.0.0.9b is affected.

Ref: http://www.securityfocus.com/archive/1/506033

______________________________________________________________________

 

09.35.80 CVE: Not Available

Platform: Web Application

Title: Update Scanner "onerror" HTML Injection

Description: Update Scanner is an extension for Mozilla Firefox that

monitors web pages for updates. Update Scanner is exposed to an HTML

injection issue because it fails to properly sanitize user-supplied

input before using it in dynamically generated content. Specifically,

it fails to properly sanitize the data in the "onerror" event handler.

Update Scanner versions prior to 3.0.4 are affected.

Ref: http://www.securityfocus.com/archive/1/506036

______________________________________________________________________

 

09.35.81 CVE: Not Available

Platform: Web Application

Title: CoolPreviews Stack Preview Feature HTML Injection

Description: CoolPreviews is an extension for Mozilla Firefox that

previews links and images via mouseover. CoolPreviews is exposed to an

HTML injection issue because it fails to properly sanitize

user-supplied input before using it in dynamically generated content.

Specifically, this issue affects the extension's "Stack Preview"

feature. CoolPreviews versions prior to 2.7.4 are affected.

Ref: http://www.securityfocus.com/archive/1/506015

______________________________________________________________________

 

09.35.82 CVE: Not Available

Platform: Web Application

Title: Joomla! jTips ("com_jtips") Component "season" Parameter SQL

Injection

Description: The jTips "com_jtips" component facilitates customized

competitions for a site built with the Joomla! content manager. The

application is exposed to an SQL injection issue because it fails to

sufficiently sanitize user-supplied data to the "season" parameter of

the "com_jtips" component before using it in an SQL query.

Ref: http://www.securityfocus.com/bid/36123

______________________________________________________________________

 

09.35.83 CVE: Not Available

Platform: Web Application

Title: Xerox WorkCentre LPD Requests Remote Denial of Service

Description: Xerox WorkCentre is a web-capable printer and

photocopier. WorkCentre is exposed to a remote denial of service issue

that occurs when the device handles  LPD requests containing an

excessively large queue name length. An attacker can exploit this

issue to cause the affected device to stop responding, denying service

to legitimate users.

Ref: http://www.securityfocus.com/archive/1/506066

______________________________________________________________________

 

09.35.84 CVE: Not Available

Platform: Web Application

Title: TYPO3 Commerce Extension Unspecified HTML Injection

Description: Commerce is an e-commerce extension for the TYPO3 content

manager. The application is exposed to an HTML injection issue because

it fails to properly sanitize user-supplied input. Commerce version

0.9.8 is affected.

Ref: http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-

011/

______________________________________________________________________

 

09.35.85 CVE: Not Available

Platform: Network Device

Title: 2Wire Routers "password_required.html" Password Reset Security

Bypass

Description: 2Wire routers are network devices designed for home and

small-office setups. Multiple 2Wire routers are exposed to a security

bypass issue because they fail to adequately authenticate users before

performing certain actions. Specifically, attackers can change

administrative passwords via the "setup/password_required.html"

script.

Ref: http://www.securityfocus.com/bid/36075

______________________________________________________________________

 

09.35.86 CVE: Not Available

Platform: Network Device

Title: NetGear WNR2000 Multiple Information Disclosure Vulnerabilities

Description: The NetGear WNR2000 is a wireless access point. The

device is exposed to multiple remote information disclosure issues

because it fails to restrict access to sensitive information. A remote

attacker can exploit these issues to obtain sensitive information,

possibly aiding in further attacks. The WNR2000 with firmware version

1.2.0.8 is affected.

Ref: http://archives.neohapsis.com/archives/fulldisclosure/2009-08/022

9.html

______________________________________________________________________

 

09.35.87 CVE: Not Available

Platform: Network Device

Title: NetGear WNR2000 "upg_restore.cgi" Authentication Bypass

Description: The NetGear WNR2000 is a Wi-Fi networking router. The

device is exposed to an authentication bypass issue because of a lack

of authentication when users access the "upg_restore.cgi" CGI

application. Specifically, remote attackers may use this script to

upload a new configuration via an HTTP POST request. NetGear WNR2000

running firmware version 1.2.0.8 is affected.

Ref: http://archives.neohapsis.com/archives/fulldisclosure/2009-08/022

9.html

______________________________________________________________________

 

(c) 2009.  All rights reserved.  The information contained in this

newsletter, including any external links, is provided "AS IS," with no

express or implied warranty, for informational purposes only.  In some

cases, copyright for material in this newsletter may be held by a

party other than Qualys (as indicated herein) and permission to use

such material must be requested from the copyright owner.

 

--END-- 

You are receiving this email because you indicated that you wanted to receive information from Qualys about industry news, product updates, security alerts and other information that may be of interest to you.  

Image removed by sender.Image removed by sender.

To manage your subscriptions, visit our  <http://www.qualys.com/company/compref/[email protected]> communication preferences page.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-alabama/attachments/20090827/2e751895/attachment-0001.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 823 bytes
Desc: not available
Url : https://lists.owasp.org/pipermail/owasp-alabama/attachments/20090827/2e751895/attachment-0001.jpe 


More information about the Owasp-alabama mailing list