@RISK: The Consensus Security Alert http://www.sans.org/newsletters/risk/display.php All Updates From Vol: 9 - Issue: 6 en-us (C) SANS Institute 2010 webmaster@sans.org SANS RSS Feed http://www.sans.org/images/rss_logo.gif http://www.sans.org/newsletters/risk/display.php SANS 2009 http://www.sans.org/info/35964/ http://www.sans.org/info/35964/ More than 35 courses, SANS top instructors, all in one great place! SANS 2009 is being held in Orlando, FL on March 2-9. Register today! (1) HIGH: Apple iPhone and Apple iPod Touch Multiple Vulnerabilities http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#widely1 http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#widely1 Category: Widely Deployed Software

Affected:

  • iPhone OS 3.1.3
  • iPhone OS 3.1.3 for iPod touch

]]> (2) HIGH: IBM DB2 Buffer Overflow and Denial of Service Vulnerabilities http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#widely2 http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#widely2 Category: Widely Deployed Software

Affected:

  • IBM DB2 version 9.7 and prior

]]> (3) MODERATE: Apache mod_proxy Integer Overflow Vulnerability http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#widely3 http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#widely3 Category: Widely Deployed Software

Affected:

  • Apache 1.3.x

]]> (4) MODERATE: Multiple Hitachi Products Buffer Overflow Vulnerability http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#widely4 http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#widely4 Category: Widely Deployed Software

Affected:

  • Cosminexus Version 8
  • Cosminexus Version 7
  • Cosminexus Version 6.x
  • Cosminexus Version 5
  • Cosminexus Version 4
  • uCosminexus Navigation Platform(*2)
  • uCosminexus Navigation Platform - User License(*2)
  • uCosminexus Navigation Platform - Authoring License(*2)
  • uCosminexus Navigation Developer(*2)
  • Electronic Form Workflow Set(*2)
  • Electronic Form Workflow - Professional Set(*2)
  • Electronic Form Workflow - Developer Set(*2)
  • Electronic Form Workflow - Standard Set(*2)
  • Electronic Form Workflow - Professional Library Set(*2)
  • Electronic Form Workflow - Developer Client Set(*2)
  • uCosminexus Collaboration - Server(*2)
  • Groupmax Collaboration - Server(*2)
  • uCosminexus/OpenTP1 Web Front-end Set(*2)
  • Cosminexus/OpenTP1 Web Front-end Set(*2)
  • uCosminexus Portal Framework Entry Set(*3)
  • Cosminexus/OpenTP1 Web Front-end Set
  • Electronic Form Workflow 7.x
  • Groupmax Collaboration - Server
  • Hitachi Developer's Kit for Java
  • Hitachi Electronic Form Workflow 6.x
  • Hitachi Processing Kit for XML

]]> (5) MODERATE: yaSSL Certificate handling Buffer Overflow Vulnerability http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#widely5 http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#widely5 Category: Widely Deployed Software

Affected:

  • yaSSL Library 1.x

]]> (6) MODERATE: Wireshark Multiple Buffer Overflow Vulnerabilities http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#widely6 http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#widely6 Category: Widely Deployed Software

Affected:

  • Wireshark 1.x

]]> (7) MODERATE: Ingres Database Buffer Overflow Vulnerability http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#widely7 http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#widely7 Category: Widely Deployed Software

Affected:

  • Ingres Database 9.3 and prior

]]> (8) LOW: IRCD-Hybrid and ircd-ratbox Integer Underflow Vulnerability http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#widely8 http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#widely8 Category: Widely Deployed Software

Affected:

  • ircd-ratbox 2.2.x
  • ircd-ratbox 2.0 rc7
  • ircd-ratbox 2.0 rc6
  • ircd-hybrid 7.x

]]> 10.6.9 OpenBSD "ptrace()" Local Denial of Service http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.9 http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.9 CVEs: CVE: Not Available

Platform: BSD

]]> 10.6.11 IBM DB2 "REPEAT()" Heap Buffer Overflow http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.11 http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.11 CVEs: CVE: Not Available

Platform: Cross Platform

]]> 10.6.12 IRCD-Hybrid and ircd-ratbox "LINKS" Command Remote Integer Underflow http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.12 http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.12 CVEs: CVE: CVE-2009-4016

Platform: Cross Platform

]]> 10.6.13 ircd-ratbox "HELP" Command Denial of Service http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.13 http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.13 CVEs: CVE: CVE-2010-0300

Platform: Cross Platform

]]> 10.6.14 HP OpenView Storage Data Protector Unspecified Remote Unauthorized Access http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.14 http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.14 CVEs: CVE: CVE-2009-4183

Platform: Cross Platform

]]> 10.6.15 Cisco Unified MeetingPlace Multiple Vulnerabilities http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.15 http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.15 CVEs: CVE: CVE-2010-0139, CVE-2010-0140, CVE-2010-0141,CVE-2010-0142

Platform: Cross Platform

]]> 10.6.16 Apache 1.3 mod_proxy HTTP Chunked Encoding Integer Overflow Vulnerability http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.16 http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.16 CVEs: CVE: CVE-2010-0010

Platform: Cross Platform

]]> 10.6.17 sudosh3 "replay.c" Multiple Buffer Overflow Vulnerabilities http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.17 http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.17 CVEs: CVE: Not Available

Platform: Cross Platform

]]> 10.6.18 PostgreSQL "bitsubstr" Buffer Overflow http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.18 http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.18 CVEs: CVE: CVE-2010-0442

Platform: Cross Platform

]]> 10.6.19 FUSE "fusermount" Race Condition http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.19 http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.19 CVEs: CVE: CVE-2009-3297

Platform: Cross Platform

]]> 10.6.20 GNU Mailman Unspecified Privilege Escalation http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.20 http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.20 CVEs: CVE: Not Available

Platform: Cross Platform

]]> 10.6.21 Wireshark Dissector LWRES Multiple Buffer Overflow Vulnerabilities http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.21 http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.21 CVEs: CVE: CVE-2010-0304

Platform: Cross Platform

]]> 10.6.22 Symantec Altiris Notification Server Static Encryption Key Unauthorized Access http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.22 http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.22 CVEs: CVE: CVE-2009-3035

Platform: Cross Platform

]]> 10.6.23 ZABBIX "node_process_command()" Remote Command Execution http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.23 http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.23 CVEs: CVE: CVE-2009-4998

Platform: Cross Platform

]]> 10.6.24 Samba "mount.cifs" Utility Local Privilege Escalation http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.24 http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.24 CVEs: CVE: CVE-2009-3297

Platform: Cross Platform

]]> 10.6.25 Libpurple MSN Protocol "slp.c" Remote Denial of Service http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.25 http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.25 CVEs: CVE: CVE-2010-0227

Platform: Cross Platform

]]> 10.6.26 Sun Java System Application Server HTTP TRACE Information Disclosure http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.26 http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.26 CVEs: CVE: CVE-2010-0386

Platform: Cross Platform

]]> 10.6.27 Hitachi Multiple Products Image File Parsing Buffer Overflow http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.27 http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.27 CVEs: CVE: Not Available

Platform: Cross Platform

]]> 10.6.28 Ingres Database Heap Buffer Overflow http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.28 http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.28 CVEs: CVE: Not Available

Platform: Cross Platform

]]> 10.6.29 SQLite "SQLITE_SECURE_DELETE" Local Information Disclosure http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.29 http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.29 CVEs: CVE: Not Available

Platform: Cross Platform

]]> 10.6.30 ejabberd "client2server" Message Remote Denial of Service http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.30 http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.30 CVEs: CVE: Not Available

Platform: Cross Platform

]]> 10.6.31 Hybserv2 ":help" Command Denial of Service http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.31 http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.31 CVEs: CVE: CVE-2010-0303

Platform: Cross Platform

]]> 10.6.32 Adobe ColdFusion Solr Service Information Disclosure http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.32 http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.32 CVEs: CVE: CVE-2010-0185

Platform: Cross Platform

]]> 10.6.33 bitfolge snif Remote File Disclosure http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.33 http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.33 CVEs: CVE: Not Available

Platform: Cross Platform

]]> 10.6.34 IBM DB2 "kuddb2" Remote Denial of Service http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.34 http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.34 CVEs: CVE: Not Available

Platform: Cross Platform

]]> 10.6.35 Oracle Times Ten In-Memory Database Remote Denial of Service http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.35 http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.35 CVEs: CVE: Not Available

Platform: Cross Platform

]]> 10.6.36 C++ Sockets Library HTTP Headers Remote Denial of Service http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.36 http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.36 CVEs: CVE: Not Available

Platform: Cross Platform

]]> 10.6.37 lighttpd Slow Request Handling Remote Denial of Service http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.37 http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.37 CVEs: CVE: CVE-2010-0295

Platform: Cross Platform

]]> 10.6.38 MySQL "sql/sql_table.cc" CREATE TABLE Security Bypass http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.38 http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.38 CVEs: CVE: CVE-2008-7247

Platform: Cross Platform

]]> 10.6.39 Asterisk T.38 "FaxMaxDatagram" Remote Denial of Service http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.39 http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.39 CVEs: CVE: CVE-2010-0441

Platform: Cross Platform

]]> 10.6.40 HP OpenVMS RMS Patch Kit Privilege Escalation http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.40 http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.40 CVEs: CVE: CVE-2010-0443

Platform: Cross Platform

]]> 10.6.41 Citrix XenServer Authentication Bypass http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.41 http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.41 CVEs: CVE: Not Available

Platform: Cross Platform

]]> 10.6.8 HP Enterprise Cluster Master Toolkit Privilege Escalation http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.8 http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.8 CVEs: CVE: CVE-2009-4184

Platform: HP-UX

]]> 10.6.4 Debian Lintian Multiple Local Vulnerabilities http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.4 http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.4 CVEs: CVE: CVE-2009-4013, CVE-2009-4014, CVE-2009-4015

Platform: Linux

]]> 10.6.5 Battery Life Toolkit "bltk_sudo" Local Privilege Escalation http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.5 http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.5 CVEs: CVE: Not Available

Platform: Linux

]]> 10.6.6 Linux Kernel 64bit Personality Handling Local Denial of Service http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.6 http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.6 CVEs: CVE: Not Available

Platform: Linux

]]> 10.6.7 Linux Kernel KVM "pit_ioport_read()" Local Denial of Service http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.7 http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.7 CVEs: CVE: Not Available

Platform: Linux

]]> 10.6.10 Sun Solaris "CODE_GET_VERSION IOCTL" Local Denial of Service http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.10 http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.10 CVEs: CVE: Not Available

Platform: Solaris

]]> 10.6.1 Vermillion FTP Daemon "Port" Command Buffer Overflow http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.1 http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.1 CVEs: CVE: Not Available

Platform: Third Party Windows Apps

]]> 10.6.2 Corel Paint Shop Pro Photo X2 "FPX" File Heap Buffer Overflow http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.2 http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.2 CVEs: CVE: Not Available

Platform: Third Party Windows Apps

]]> 10.6.3 360.cn Qihoo 360 Security Guard "bregdrv.sys" Edit Registry Local Privilege Escalation http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.3 http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.3 CVEs: CVE: Not Available

Platform: Third Party Windows Apps

]]> 10.6.64 Drupal Author Contact Module "block" HTML Injection http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.64 http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.64 CVEs: CVE: Not Available

Platform: Web Application

]]> 10.6.65 Drupal Feedback 2 Module User Agent String HTML Injection http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.65 http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.65 CVEs: CVE: Not Available

Platform: Web Application

]]> 10.6.66 Joomla! "com_ccnewsletter" Component Directory Traversal http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.66 http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.66 CVEs: CVE: Not Available

Platform: Web Application

]]> 10.6.67 XAMPP "showcode.php" Local File Include http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.67 http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.67 CVEs: CVE: Not Available

Platform: Web Application

]]> 10.6.68 Maian Greetings Arbitrary File Upload http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.68 http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.68 CVEs: CVE: Not Available

Platform: Web Application

]]> 10.6.69 Xerox WorkCentre PJL Daemon Buffer Overflow http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.69 http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.69 CVEs: CVE: Not Available

Platform: Web Application

]]> 10.6.70 Joomla! "com_jeeventcalendar" Component "event_id" Parameter SQL Injection http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.70 http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.70 CVEs: CVE: Not Available

Platform: Web Application

]]> 10.6.71 MoinMoin Unspecified Security http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.71 http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.71 CVEs: CVE: Not Available

Platform: Web Application

]]> 10.6.72 Drupal MP3 Player MP3 Filename HTML Injection http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.72 http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.72 CVEs: CVE: Not Available

Platform: Web Application

]]> 10.6.73 TYPO3 T3Blog HTML Forms Cross-Site Scripting and SQL Injection Vulnerabilities http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.73 http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.73 CVEs: CVE: Not Available

Platform: Web Application

]]> 10.6.74 Joomla! AutartiTarot Component Directory Traversal http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.74 http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.74 CVEs: CVE: Not Available

Platform: Web Application

]]> 10.6.75 RoundCube Webmail DNS prefetching Domain Name Information Disclosure http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.75 http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.75 CVEs: CVE: CVE-2010-0464

Platform: Web Application

]]> 10.6.42 HP System Management Homepage "servercert" Parameter Cross-Site Scripting http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.42 http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.42 CVEs: CVE: Not Available

Platform: Web Application - Cross Site Scripting

]]> 10.6.43 SAP BusinessObjects URI Redirection and Cross-Site Scripting Vulnerabilities http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.43 http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.43 CVEs: CVE: Not Available

Platform: Web Application - Cross Site Scripting

]]> 10.6.44 Discuz! "tid" Parameter Cross-Site Scripting http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.44 http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.44 CVEs: CVE: Not Available

Platform: Web Application - Cross Site Scripting

]]> 10.6.45 CommonSpot Server "utilities/longproc.cfm" Cross-Site Scripting http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.45 http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.45 CVEs: CVE: Not Available

Platform: Web Application - Cross Site Scripting

]]> 10.6.46 XAMPP Multiple Cross-Site Scripting Vulnerabilities http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.46 http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.46 CVEs: CVE: Not Available

Platform: Web Application - Cross Site Scripting

]]> 10.6.47 Comtrend CT-507 IT ADSL Router "scvrtsrv.cmd" Cross-Site Scripting http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.47 http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.47 CVEs: CVE: Not Available

Platform: Web Application - Cross Site Scripting

]]> 10.6.48 Cisco Secure Desktop "translation" Cross-Site Scripting http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.48 http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.48 CVEs: CVE: CVE-2010-0440

Platform: Web Application - Cross Site Scripting

]]> 10.6.49 WebCalendar Multiple Cross-Site Scripting Vulnerabilities http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.49 http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.49 CVEs: CVE: Not Available

Platform: Web Application - Cross Site Scripting

]]> 10.6.50 NovaBoard "forums" Parameter SQL Injection http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.50 http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.50 CVEs: CVE: Not Available

Platform: Web Application - SQL Injection

]]> 10.6.51 jVideoDirect Component for Joomla! "v" Parameter SQL Injection http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.51 http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.51 CVEs: CVE: Not Available

Platform: Web Application - SQL Injection

]]> 10.6.52 XAMPP Multiple SQL Injection Vulnerabilities http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.52 http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.52 CVEs: CVE: Not Available

Platform: Web Application - SQL Injection

]]> 10.6.53 OCS Inventory NG Server "login" Parameter SQL Injection http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.53 http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.53 CVEs: CVE: Not Available

Platform: Web Application - SQL Injection

]]> 10.6.54 Joomla! "com_rsgallery2" Component "catid" Parameter SQL Injection http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.54 http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.54 CVEs: CVE: Not Available

Platform: Web Application - SQL Injection

]]> 10.6.55 Joomla! "com_simplefaq" Component "catid" Parameter SQL Injection http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.55 http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.55 CVEs: CVE: Not Available

Platform: Web Application - SQL Injection

]]> 10.6.56 Joomla! "com_dms" Component "category_id" Parameter SQL Injection http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.56 http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.56 CVEs: CVE: Not Available

Platform: Web Application - SQL Injection

]]> 10.6.57 Evernew Free Joke Script "id" Parameter SQL Injection http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.57 http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.57 CVEs: CVE: Not Available

Platform: Web Application - SQL Injection

]]> 10.6.58 Joomla! "com_yelp" Component "cid" Parameter SQL Injection http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.58 http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.58 CVEs: CVE: Not Available

Platform: Web Application - SQL Injection

]]> 10.6.59 Joomla! Documents Seller Component "category_id" Parameter SQL Injection http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.59 http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.59 CVEs: CVE: Not Available

Platform: Web Application - SQL Injection

]]> 10.6.60 Joomla! "com_job" Component "id_job" Parameter SQL Injection http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.60 http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.60 CVEs: CVE: Not Available

Platform: Web Application - SQL Injection

]]> 10.6.61 Joomla! JE Quiz Component "eid" Parameter SQL Injection http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.61 http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.61 CVEs: CVE: Not Available

Platform: Web Application - SQL Injection

]]> 10.6.62 Joomla! "com_gambling" Component "gamblingEvent" Parameter SQL Injection http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.62 http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.62 CVEs: CVE: Not Available

Platform: Web Application - SQL Injection

]]> 10.6.63 Joomla! JEvents Search Plug-in "eventsearch.php" SQL Injection http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.63 http://www.sans.org/newsletters/risk/display.php?v=9&i=6&rss=Y#10.6.63 CVEs: CVE: Not Available

Platform: Web Application - SQL Injection

]]>