>From - Sat Mar 02 00:57:28 2024
Received: by 10.101.87.3 with SMTP id p3mr1396558anl.15.1318547810738;
Thu, 13 Oct 2011 16:16:50 -0700 (PDT)
X-BeenThere: tscm-l2006_at_googlegroups.com
Received: by 10.101.149.4 with SMTP id b4ls10237368ano.3.gmail; Thu, 13 Oct
2011 16:16:45 -0700 (PDT)
Received: by 10.236.123.83 with SMTP id u59mr8130489yhh.4.1318547805949;
Thu, 13 Oct 2011 16:16:45 -0700 (PDT)
Received: by 10.150.105.12 with SMTP id d12msybc;
Thu, 13 Oct 2011 15:53:41 -0700 (PDT)
Received: by 10.68.21.229 with SMTP id y5mr9101931pbe.1.1318546421124;
Thu, 13 Oct 2011 15:53:41 -0700 (PDT)
Received: by 10.68.21.229 with SMTP id y5mr9101927pbe.1.1318546421066;
Thu, 13 Oct 2011 15:53:41 -0700 (PDT)
Return-Path: <edit..._at_yahoo.com>
Received: from nm15.bullet.mail.sp2.yahoo.com (nm15.bullet.mail.sp2.yahoo.com. [98.139.91.85])
by gmr-mx.google.com with SMTP id l3si1142635pbd.0.2011.10.13.15.53.40;
Thu, 13 Oct 2011 15:53:41 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of edit..._at_yahoo.com designates 98.139.91.85 as permitted sender) client-ip=98.139.91.85;
Authentication-Results: gmr-mx.google.com; spf=pass (google.com: best guess record for domain of edit..._at_yahoo.com designates 98.139.91.85 as permitted sender) smtp.mail=edit..._at_yahoo.com; dkim=pass (test mode) head..._at_yahoo.com
Received: from [98.139.91.62] by nm15.bullet.mail.sp2.yahoo.com with NNFMP; 13 Oct 2011 22:53:40 -0000
Received: from [98.139.91.51] by tm2.bullet.mail.sp2.yahoo.com with NNFMP; 13 Oct 2011 22:53:40 -0000
Received: from [127.0.0.1] by omp1051.mail.sp2.yahoo.com with NNFMP; 13 Oct 2011 22:53:40 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 428211..._at_omp1051.mail.sp2.yahoo.com
Received: (qmail 26273 invoked by uid 60001); 13 Oct 2011 22:53:40 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1318546420; bh=URSa+rLAJYryMNkPp54u11zPJE/rCN9HGp1OQ8hhAF4=; h=X-YMail-OSG:Received:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:In-Reply-To:MIME-Version:Content-Type; b=n77DaF3VCVrVThcq8Icytvd8Sj0tlHtk6IUIc51ye6xPwbjfjTKrZX9IP2wuA6OB5wYX91ZP4ivVCkqmem2F8WfUTyU+6BdzZrqoTHMKRHix1twwWKYxOkfWnlS6aHIcpTOeIL1aFzZiqg2Qo9GL0oJguDD6Zegpt0HKimQFjZM=
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
s=s1024; d=yahoo.com;
h=X-YMail-OSG:Received:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:In-Reply-To:MIME-Version:Content-Type;
b=1dTlha7PsRNGU53GwpCruZYE5eassXn20E+hNWHr2uPBfszgXsqyFEIFdnUXFc5vH655H2Y2Q6DdrpZZCuUe34hYt8SzExS3j+abIH6zLJGQBkJeG+ThgLmama4JxXe5UPUCzdIN4d7PxyGq6LI+5iyrdSkI1zZRJk7W+6ts+8E=;
X-YMail-OSG: LussV8MVM1lVuM1.Vb6RdIg.SdGFEoc0V1P.qucOfYGb6Dq
Ihhi2zQvrpNBZ0HrKfOOZWJRFiMxZ.MBTsrLlCUkj_OVqYl7d5RSzuYOffoM
5XFQPjFjdAzswYbkmqOk9w2tkgPaMonhVg.6kvv_5OjA.pD7Tm7sbY18voQI
clxnGyiXhdWL_EiR0ff9Ke1_DlPhqBPkSh9bIpEcajVJxtfFlDB1_5tgDXI0
JKnX7moh5aPrLqGKxVVisZSH92YO6pJ_UcplY_rHyy2eyiy1KdofQ8YmsGUO
3aZTC_hMR9aoBzoaaAueOU3_y1edvizthvP8xXoVIdLLkDddaZD3RohxEbaC
EPulmIt2riLDltdoT136L.Ec.oMCv1ej_U7MRxuxWEEs.YspmSn958_m.ZU2
hceoHwygQXD3EXD3h5T34N_Lc7cWgf4mLPTT_0sOtPYdH0s26niZrgdt6jEm
MOZpbWk15Zx9bH1iV5c4L1t4_nug9CkRJV3CUkwldseuSHwhM41ui9h5xQoL
HdHomWzErYQiEntJvZL9OK83qW4cum_O9aSBWpZ5HIaQxf6LvuSRCvEWfHae
eE5ARB9J2PEx1hzhOi0oXCKjbv3K5.mVTlgfAdrSqu3VOLwGmPxaMenQFcuJ
ZBb984w6ApU643XP8DVBiqVtK.NLlHpdBa.uaJoeuamErWkCo9EYmXbbTjxm
zHKUDuJ7EGG2EsB6Eu6vS4l5fWyy3CD6dfvHKtP7pQf7EpmcmMNlysSeG6fz
gQZ7kHS3nQBWntMdI9UgX5Vzq6t9ghxd_aK1SNGCnz0IRExzAyqaeAzUqYBS
puv87LoAOAknf9Si1OS.Ol9mnSKz_aEk4_GSQF9EemNFOEycIGZB0P6dUdDY
FXKHT.Dn5jKl3DvdbiZd5FDYyTM2MGjsLMawpnFf0WNOMRI.EfbBqTMJIqbi
u8z9gJ8E-
Received: from [24.4.59.140] by web43407.mail.sp1.yahoo.com via HTTP; Thu, 13 Oct 2011 15:53:40 PDT
X-Mailer: YahooMailWebService/0.8.114.317681
References: <2011101328632.QJT80256_at_mass1a.sans.org>
Message-ID: <1318546420.9625.YahooMailNeo_at_web43407.mail.sp1.yahoo.com>
Date: Thu, 13 Oct 2011 15:53:40 -0700 (PDT)
From: Edith Dinn <edit..._at_yahoo.com>
Reply-To: Edith Dinn <edit..._at_yahoo.com>
Subject: Fw: _at_RISK: The Consensus Security Vulnerability Alert Week 42 2011
To: "tscm-..._at_googlegroups.com" <tscm-..._at_googlegroups.com>
In-Reply-To: <2011101328632.QJT80256_at_mass1a.sans.org>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="633627693-228525171-1318546420=:9625"
--633627693-228525171-1318546420=:9625
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
----- Forwarded Message -----
From: The SANS Institute <ConsensusSecurity..._at_sans.org>
To: edit..._at_yahoo.com
Sent: Thursday, October 13, 2011 2:26 PM
Subject: _at_RISK: The Consensus Security Vulnerability Alert Week 42 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________
=A0 =A0 =A0 =A0 _at_RISK: The Consensus Security Vulnerability Alert
=A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 Week 42 2011
______________________________________________________________________
Summary of Updates and Vulnerabilities in this Consensus
Platform=A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 Number of Updates and Vulne=
rabilities
- ------------------------=A0 =A0 -------------------------------------
Windows=A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =
3 (#1)
Other Microsoft Products=A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 5
Third Party Windows Apps=A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 2
Aix=A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =
=A0 1
Cross Platform=A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 4 (#2=
)
Web Application - Cross Site Scripting=A0 =A0 2
Web Application - SQL Injection=A0 =A0 =A0 =A0 =A0 2
Web Application=A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 5
Hardware=A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0=
2
**************************************************************************
TRAINING UPDATE
--SANS Chicago 2011, Chicago, IL, October 23-28, 2011
6 courses.=A0 Bonus evening presentations include Computer Forensics in
the Virtual Realm and Electrical Grid Security
http://www.sans.org/chicago-2011/
--SANS Seattle 2011, Seattle, WA, November 2-7, 2011
5 courses.=A0 Bonus evening presentations include Future Trends in
Network Security; and Ninja Developers: Penetration Testing and Your SDLC
http://www.sans.org/seattle-2011/
--SANS San Francisco 2011, San Francisco, CA, November 14-19, 2011
6 courses.=A0 Bonus evening presentations include The Worst Mistakes in
Cloud Computing Security; Offensive Countermeasures; and Watching the
Wire at Home
http://www.sans.org/san-francisco-2011/
--EURO SCADA & Process Control System Security Summit, Rome, Dec 1-2, 2011
Gain the most current information regarding SCADA and Control System
threats and learn how to best prepare to defend against them.
http://www.sans.org/eu-scada-2011/
--SANS San Antonio 2011, San Antonio, TX, November 28-December 5, 2011
7 courses.=A0 Bonus evening presentations include Effective Methods for
Implementing the 20 Critical Security Controls; and Assessing
Deception: Are They Lying to You?
http://www.sans.org/san-antonio-2011/
--SANS London 2011, London, UK, December 3-12, 2011
16 courses.=A0 Bonus evening presentations include IPv6 Challenges for
Intrusion Detection and Understanding How Attackers Bypass Network and
Content Restrictions.
http://www.sans.org/london-2011/
--SANS CDI 2011, Washington, DC, December 9-16, 2011
27 courses.=A0 Bonus evening presentations include Emerging Trends in
Data Law and Investigations, and Critical Infrastructure Control
Systems Cybersecurity.
http://www.sans.org/cyber-defense-initiative-2011/
--SANS Security East 2012, New Orleans, LA January 17-26, 2012
11 courses.=A0 Bonus evening presentations include Advanced VoIP Pen
Testing: Current Threats and Methods; and Helping Small Businesses
with Security.
http://www.sans.org/security-east-2012/
--Looking for training in your own community?
http:sans.org/community/ Save on On-Demand training (30 full
courses) - See samples at
http://www.sans.org/ondemand/discounts.php#current
Plus Seoul, Sydney, Tokyo, and Rome all in the next 90 days.
For a list of all upcoming events, on-line and live: www.sans.org
**************************************************************************
Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)
Widely Deployed Software
(1) HIGH: Microsoft Products Multiple Security Vulnerabilities
(2) HIGH: Apple iTunes Multiple Security Vulnerabilities
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qual=
ys
(www.qualys.com)
-- Windows
11.42.1=A0 - Microsoft Active Accessibility Remote Code Execution
11.42.2=A0 - Microsoft Windows Kernel Mode Drivers Remote Code Execution
11.42.3=A0 - Microsoft Ancillary Function Driver Elevation of Privileges
-- Other Microsoft Products
11.42.4=A0 - Microsoft .NET Framework and Silverlight Remote Code Execution
11.42.5=A0 - Microsoft Host Integration Server Remote Denial of Service
11.42.6=A0 - Microsoft Forefront Unified Access Gateway Multiple Remote Iss=
ues
11.42.7=A0 - Microsoft Windows Media Center Remote Code Execution
11.42.8=A0 - Microsoft Internet Explorer Cumulative Security Update
-- Third Party Windows Apps
11.42.9=A0 - IBM Rational AppScan Remote Command Execution Vulnerabilities
11.42.10 - Autonomy KeyView Filter "jtdsr.dll" Multiple Buffer Overflow Vul=
nerabilities
-- Aix
11.42.11 - IBM AIX Fibre Channel Driver QLogic Local Denial of Service
-- Cross Platform
11.42.12 - Apache HTTP Server "mod_proxy" Reverse Proxy Information Disclos=
ure
11.42.13 - Real Networks RealPlayer Cross-Zone Scripting
11.42.14 - VLC Media Player "httpd_ClientRecv()" Heap-Based Buffer Overflow
11.42.15 - Apple iTunes Multiple Vulnerabilities
-- Web Application - Cross Site Scripting
11.42.16 - JAKCMS "userpost" Parameter Cross-Site Scripting
11.42.17 - SilverStripe Multiple Cross-Site Scripting
-- Web Application - SQL Injection
11.42.18 - vtiger CRM "onlyforuser" Parameter SQL Injection
11.42.19 - NexusPHP "thanks.php" SQL Injection
-- Web Application
11.42.20 - XOOPS HTML Injection and Cross-Site Scripting Vulnerabilities
11.42.21 - Movable Type A-Form Plugins Cross-Site Scripting and Unspecified=
Security Vulnerabilities
11.42.22 - Jaws Multiple Remote File Include Vulnerabilities
11.42.23 - KaiBB SQL Injection and Cross-Site Scripting Vulnerabilities
11.42.24 - ZOHO ManageEngine ADSelfService Plus Authentication Bypass
-- Hardware
11.42.25 - Xerox ColorQube Unspecified Authentication Bypass
11.42.26 - D-Link DIR-685 Encryption Failure Authentication Bypass
______________________________________________________________________
PART I Critical Vulnerabilities
Part I for this issue has been compiled by Josh Bronson at TippingPoint,
a division of HP, as a by-product of that company's continuous effort
to ensure that its intrusion prevention products effectively block
exploits using known vulnerabilities. TippingPoint's analysis is
complemented by input from a council of security managers from twelve
large organizations who confidentially share with SANS the specific
actions they have taken to protect their systems. A detailed description
of the process may be found at
http://www.sans.org/newsletters/risk/#process
*************************************************************
(1) HIGH: Microsoft Products Multiple Security Vulnerabilities
Affected:
Microsoft Forefront Unified Access Gateway 2010
Microsoft Internet Explorer 7,8, and 9
Microsoft .NET Framework 1.0, 1.1, 2.0, 4
Microsoft Silverlight 4
=A0=A0=A0 =A0=A0=A0 =A0 =A0=20
Description: As part of its Microsoft Tuesday program, Microsoft has
released patches for multiple products. The vulnerabilities include a
signed Java applet in Microsoft Forefront Unified Access Gateway that
can be used by attackers for code execution, several memory safety
vulnerabilities in Internet Explorer, and an input validation
vulnerability in Silverlight and the .NET Framework. By enticing a
target to view a malicious site, an attacker can exploit these
vulnerabilities in order to execute arbitrary code on the target's
machine.
Status: vendor confirmed, updates available
References:
Vendor Site
http://www.microsoft.com
Microsoft Security Bulletins
http://technet.microsoft.com/en-us/security/bulletin/ms11-078
http://technet.microsoft.com/en-us/security/bulletin/ms11-079
http://technet.microsoft.com/en-us/security/bulletin/ms11-081=A0=A0=A0=20
SecurityFocus BugTraq IDs
http://www.securityfocus.com/bid/49947
http://www.securityfocus.com/bid/49960
http://www.securityfocus.com/bid/49961
http://www.securityfocus.com/bid/49962
http://www.securityfocus.com/bid/49963
http://www.securityfocus.com/bid/49964
http://www.securityfocus.com/bid/49965
http://www.securityfocus.com/bid/49983
http://www.securityfocus.com/bid/49999
*************************************************************
(2) HIGH: Apple iTunes Multiple Security Vulnerabilities
Affected:
Apple iTunes 10.5
=A0=A0=A0 =A0=A0=A0 =A0 =A0=20
Description: Apple has released patches for multiple security
vulnerabilities affecting its iTunes media player. The vulnerabilities
include buffer overflows in code responsible for handling audio, images,
and movies; and a man-in-the-middle-attack and memory corruption issues
in WebKit, Apple's browser engine. These vulnerabilities, although
unspecified, can likely be leveraged by an attacker to execute arbitrary
code on a target's machine. In all cases, it appears that an attacker
would have to entice a target to view a malicious site or open a
malicious file.
Status: vendor confirmed, updates available
References:
Vendor Site
http://www.apple.com
Apple Security Update
http://support.apple.com/kb/HT4981
SecurityFocus BugTraq IDs
http://www.securityfocus.com/bid/43228
http://www.securityfocus.com/bid/46262
http://www.securityfocus.com/bid/46614
http://www.securityfocus.com/bid/46703
http://www.securityfocus.com/bid/46785
http://www.securityfocus.com/bid/47029
http://www.securityfocus.com/bid/47604
http://www.securityfocus.com/bid/48416
http://www.securityfocus.com/bid/48437
http://www.securityfocus.com/bid/48479
http://www.securityfocus.com/bid/48820
http://www.securityfocus.com/bid/48823
http://www.securityfocus.com/bid/48825
http://www.securityfocus.com/bid/48827
http://www.securityfocus.com/bid/48840
http://www.securityfocus.com/bid/48842
http://www.securityfocus.com/bid/48843
http://www.securityfocus.com/bid/48844
http://www.securityfocus.com/bid/48845
http://www.securityfocus.com/bid/48846
http://www.securityfocus.com/bid/48847
http://www.securityfocus.com/bid/48848
http://www.securityfocus.com/bid/48849
http://www.securityfocus.com/bid/48850
http://www.securityfocus.com/bid/48851
http://www.securityfocus.com/bid/48852
http://www.securityfocus.com/bid/48853
http://www.securityfocus.com/bid/48854
http://www.securityfocus.com/bid/48855
http://www.securityfocus.com/bid/48856
http://www.securityfocus.com/bid/48857
http://www.securityfocus.com/bid/48858
http://www.securityfocus.com/bid/48960
http://www.securityfocus.com/bid/49279
http://www.securityfocus.com/bid/49658
http://www.securityfocus.com/bid/49850
http://www.securityfocus.com/bid/50065
http://www.securityfocus.com/bid/50066
http://www.securityfocus.com/bid/50067
http://www.securityfocus.com/bid/50068
*************************************************************
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qual=
ys
(www.qualys.com)
This list is compiled by Qualys ( www.qualys.com ) as part of that
company's ongoing effort to ensure its vulnerability management web
service tests for all known vulnerabilities that can be scanned. As of
this week Qualys scans for 12405 unique vulnerabilities. For this
special SANS community listing, Qualys also includes vulnerabilities
that cannot be scanned remotely.
______________________________________________________________________
11.42.1 CVE: CVE-2011-1247
Platform: Windows
Title: Microsoft Active Accessibility Remote Code Execution
Description: The Microsoft Active Accessibility component is a
Component Object Model based technology that improves the way
accessibility aids work with applications running on Microsoft
Windows. The Active Accessibility component is exposed to an arbitrary
code execution issue. The issue arises because the application
searches for a Dynamic Link Library file in the current working
directory. All supported releases of Microsoft Windows are affected.
Ref:
http://technet.microsoft.com/en-us/security/bulletin/ms11-075
______________________________________________________________________
11.42.2 CVE: CVE-2011-1985,CVE-2011-1985,CVE-2011-2002,CVE-2011-2003
Platform: Windows
Title: Microsoft Windows Kernel Mode Drivers Remote Code Execution
Description: The "Win32k.sys" kernel mode device driver provides
various functions such as the window manager, collection of user
input, screen output and Graphics Device Interface. It also
serves as a wrapper for DirectX support. The driver is exposed to
multiple issues. See reference for further details. All supported
releases of Microsoft Windows are affected.
Ref:
http://technet.microsoft.com/en-us/security/bulletin/ms11-077
______________________________________________________________________
11.42.3 CVE: CVE-2011-2005
Platform: Windows
Title: Microsoft Ancillary Function Driver Elevation of Privileges
Description: Microsoft Windows is exposed to a local privilege
escalation issue. This issue affects the ancillary function driver
("AFD.sys"). This issue occurs because the AFD driver fails to
properly validate data passed from user mode to kernel mode. All
supported editions of Windows XP and Windows Server 2003 are affected.
Ref:
http://technet.microsoft.com/en-us/security/bulletin/ms11-080
______________________________________________________________________
11.42.4 CVE: CVE-2011-1253
Platform: Other Microsoft Products
Title: Microsoft .NET Framework and Silverlight Remote Code Execution
Description: The Microsoft .NET Framework is a software framework for
applications designed to run under Microsoft Windows. Microsoft
Silverlight is a web application framework that provides support for
.NET applications. Microsoft Silverlight and Microsoft .NET Framework
are exposed to a remote code execution issue due to the way in which
they restrict inheritance within classes. Microsoft .NET Framework 1.0
Service Pack 3, Microsoft .NET Framework 1.1 Service Pack 1, Microsoft
.NET Framework 2.0 Service Pack 2, Microsoft .NET Framework 3.5.1,
Microsoft .NET Framework 4 and Microsoft Silverlight 4 are affected.
Ref:
http://technet.microsoft.com/en-us/security/bulletin/ms11-078
______________________________________________________________________
11.42.5 CVE: CVE-2011-2008,CVE-2011-2007
Platform: Other Microsoft Products
Title: Microsoft Host Integration Server Remote Denial of Service
Description: Microsoft Host Integration Server facilitates integration
between Microsoft and IBM technologies. Microsoft Host Integration
Server is exposed to a denial of service issue caused by
improper input validation when Host Integration Server processes
specially crafted network traffic. All supported editions of Microsoft
Host Integration Server 2004, Microsoft Host Integration Server 2006,
Microsoft Host Integration Server 2009 and Microsoft Host Integration
Server 2010 are affected.
Ref:
http://technet.microsoft.com/en-us/security/bulletin/ms11-082
______________________________________________________________________
11.42.6 CVE:
CVE-2011-1895,CVE-2011-1896,CVE-2011-1897,CVE-2011-1969,CVE-2011-2012
Platform: Other Microsoft Products
Title: Microsoft Forefront Unified Access Gateway Multiple Remote
Issues
Description: Microsoft Forefront Unified Access Gateway provides
remote access to enterprise resources. Microsoft Forefront Unified
Access Gateway is exposed to multiple remote issues. See reference for
further details. All supported versions of Microsoft Forefront Unified
Access Gateway 2010 are affected.
Ref:
http://technet.microsoft.com/en-us/security/bulletin/ms11-079
______________________________________________________________________
11.42.7 CVE: CVE-2011-2009
Platform: Other Microsoft Products
Title: Microsoft Windows Media Center Remote Code Execution
Description: Media Center is an audio/visual application for Microsoft
Windows. Media Center is exposed to an arbitrary code execution issue.
The issue arises because the application searches for a Dynamic Link
Library file in the current working directory. All supported editions
of Windows Vista, Windows 7 and Windows Media Center TV Pack
for Windows Vista are affected.
Ref:
http://technet.microsoft.com/en-us/security/bulletin/ms11-076
______________________________________________________________________
11.42.8 CVE:
CVE-2011-1993,CVE-2011-1995,CVE-2011-1996,CVE-2011-1997,CVE-2011-1998
CVE-2011-1999,CVE-2011-2000,CVE-2011-2001
Platform: Other Microsoft Products
Title: Microsoft Internet Explorer Cumulative Security Update
Description: Microsoft Internet Explorer is a web browser available
for Microsoft Windows platforms. Microsoft Internet Explorer is
exposed to multiple remote issues. See reference for further details.
Internet Explorer 6, 7, 8 and 9 are affected.
Ref:
http://technet.microsoft.com/en-us/security/bulletin/ms11-081
______________________________________________________________________
11.42.9 CVE: CVE-2011-1366,CVE-2011-1367
Platform: Third Party Windows Apps
Title: IBM Rational AppScan Remote Command Execution Vulnerabilities
Description: IBM Rational AppScan is a web-based tool for scanning and
reporting vulnerabilities. The application is exposed to multiple
remote command execution issues that occurs when handling specially
crafted "ZIP" files and "scan" files. Versions 5.2 through 8.0.1 of
IBM Rational AppScan Enterprise and IBM Rational AppScan Reporting
Console running on Microsoft Windows are affected.
Ref:
https://www-304.ibm.com/support/docview.wss?uid=3Dswg21515110
______________________________________________________________________
11.42.10 CVE: CVE-2011-0339,CVE-2011-0338,CVE-2011-0337
Platform: Third Party Windows Apps
Title: Autonomy KeyView Filter "jtdsr.dll" Multiple Buffer Overflow
Vulnerabilities
Description: Autonomy KeyView Filter is a component used in multiple
applications. It allows the filtering, viewing and exporting of
documents to Web-ready HTML or valid XML. Autonomy KeyView Filter is
exposed to multiple buffer overflow issues because it fails to
properly bounds check user-supplied data. Autonomy KeyView Filter 10.3
is vulnerable and other versions may also be affected.
Ref:
http://www.securityfocus.com/bid/50006/references
______________________________________________________________________
11.42.11 CVE: CVE-2011-3982
Platform: Aix
Title: IBM AIX Fibre Channel Driver QLogic Local Denial of Service
Description: IBM AIX is exposed to a local denial of service issue.
This issue occurs because the Fiber Channel driver for the QLogic
adapters fail to properly handle DMA resource limitation. IBM AIX
version 6.1 and 7.1 are affected.
Ref:
http://www.securityfocus.com/bid/50000/references
______________________________________________________________________
11.42.12 CVE: CVE-2011-3368
Platform: Cross Platform
Title: Apache HTTP Server "mod_proxy" Reverse Proxy Information
Disclosure
Description: Apache HTTP Server is an HTTP web server application. Apache
HTTP Server is exposed to an information disclosure issue that exists
in the "mod_proxy" component. Specifically, when using the
"RewriteRule" or "PrxyPassMatch" directives to configure a reverse
proxy using a pattern match, it may be possible to disclose the
internal servers. Apache HTTP Server 1.3.x through 1.3.42, 2.0.x
through 2.0.64 and 2.2.x through 2.2.21 are affected.
Ref:
http://www.apache.org/dist/httpd/patches/apply_to_2.2.21/
http://www.securityfocus.com/bid/49957/references
______________________________________________________________________
11.42.13 CVE: CVE-2011-1221
Platform: Cross Platform
Title: Real Networks RealPlayer Cross-Zone Scripting
Description: Real Networks RealPlayer is a media player available for
multiple platforms. The application is exposed to a cross-zone
scripting issue because the RealPlayer ActiveX control allows users to
run local HTML files with scripting enabled without providing any
warning. RealPlayer 11.0 to 11.1, SP 1.0 to 1.1.5 and Enterprise 2.0
to 2.1.5 are affected.
Ref:
http://www.securityfocus.com/bid/49996/references
______________________________________________________________________
11.42.14 CVE: Not Available
Platform: Cross Platform
Title: VLC Media Player "httpd_ClientRecv()" Heap-Based Buffer
Overflow
Description: VLC is a cross-platform media player. The application is
exposed to a heap-based memory corruption issue because it fails to
properly bounds check user-supplied data before copying it into an
insufficiently sized buffer. Specifically, this issue occurs due to a
NULL pointer dereference error in the "httpd_ClientRecv()" function of
the "src/network/httpd.c" source file. The issue affects the "HTTP"
and "RTSP" server components. VLC Media Player 1.1.11 and prior
versions are affected.
Ref:
http://www.videolan.org/security/sa1107.html
______________________________________________________________________
11.42.15 CVE:
CVE-2011-0259,CVE-2011-0200,CVE-2011-3252,CVE-2011-3219,CVE-2011-0204,CVE-2=
011-0215,CVE-2010-1823,CVE-2011-0164,CVE-2011-0218,
CVE-2011-0221,CVE-2011-0222,CVE-2011-0223,CVE-2011-0225,CVE-2011-0232,CVE-2=
011-0233,CVE-2011-0234,CVE-2011-0235,CVE-2011-0237,
CVE-2011-0238,CVE-2011-0240,CVE-2011-0253,CVE-2011-0254,CVE-2011-0255,CVE-2=
011-0981,CVE-2011-0983,CVE-2011-1109,CVE-2011-1114,
CVE-2011-1115,CVE-2011-1117,CVE-2011-1121,CVE-2011-1188,CVE-2011-1203,CVE-2=
011-1204,CVE-2011-1288,CVE-2011-1293,CVE-2011-1296,
CVE-2011-1440,CVE-2011-1449,CVE-2011-1451,CVE-2011-1453,CVE-2011-1457,CVE-2=
011-1462,CVE-2011-1797,CVE-2011-2338,CVE-2011-2339,
CVE-2011-2341,CVE-2011-2351,CVE-2011-2352,CVE-2011-2354,CVE-2011-2356,CVE-2=
011-2359,CVE-2011-2788,CVE-2011-2790,CVE-2011-2792,
CVE-2011-2797,CVE-2011-2799,CVE-2011-2809,CVE-2011-2811,CVE-2011-2813,CVE-2=
011-2814,CVE-2011-2815,CVE-2011-2816,CVE-2011-2817,
CVE-2011-2818,CVE-2011-2820,CVE-2011-2823,CVE-2011-2827,CVE-2011-2831,CVE-2=
011-3232,CVE-2011-3233,CVE-2011-3234,CVE-2011-3235
Platform: Cross Platform
Title: Apple iTunes Multiple Vulnerabilities
Description: Apple iTunes is a media player for Microsoft Windows and
Apple Mac OS X. iTunes components CoreFoundation, ColorSync,
CoreAudio, CoreMedia, ImageIO and WebKit are exposed to multiple
issues ranging from buffer overflow to memory corruption. Apple iTunes
versions prior to 10.5 are affected.
Ref:
http://lists.apple.com/archives/security-announce/2011//Oct/msg00000.h=
tml
______________________________________________________________________
11.42.16 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: JAKCMS "userpost" Parameter Cross-Site Scripting
Description: JAKCMS is a content manager implemented in PHP. The
application is exposed to a cross-site scripting issue because it
fails to properly sanitize user-supplied input submitted to the
"userpost" parameter of the "index.php" script. JAKCMS 2.0.4.1 is
vulnerable and other versions may also be affected.
Ref:
http://www.securityfocus.com/bid/50034/discuss
______________________________________________________________________
11.42.17 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: SilverStripe Multiple Cross-Site Scripting
Description: SilverStripe is an open source content management system.
The application is exposed to multiple cross-site scripting issues
because it fails to sanitize user supplied input. SilverStripe 2.4.5
is vulnerable and other versions may also be affected.
Ref:
http://www.securityfocus.com/archive/1/520050
______________________________________________________________________
11.42.18 CVE: Not Available
Platform: Web Application - SQL Injection
Title: vtiger CRM "onlyforuser" Parameter SQL Injection
Description: vtiger CRM is a PHP-based customer relationship
management application. The application is exposed to an SQL injection
issue because it fails to sufficiently sanitize user-supplied data
submitted to the "onlyforuser" parameter of the "index.php" script.
vtiger CRM 5.2.1 is vulnerable and prior versions may also be
affected.
Ref:
http://yehg.net/lab/pr0js/advisories/%5BvTiger_5.2.1%5D_blind_sqlin
______________________________________________________________________
11.42.19 CVE: CVE-2011-4026
Platform: Web Application - SQL Injection
Title: NexusPHP "thanks.php" SQL Injection
Description: NexusPHP is a PHP-based Web application. The application
is exposed to an SQL injection issue because it fails to adequately
sanitize user-supplied input submitted to the "id" parameter of the
"thanks.php" script. NexusPHP 1.5 is affected and other versions may
also be vulnerable.
Ref:
http://www.securityfocus.com/bid/50025/discuss
______________________________________________________________________
11.42.20 CVE: Not Available
Platform: Web Application
Title: XOOPS HTML Injection and Cross-Site Scripting Vulnerabilities
Description: XOOPS is a PHP-based content management system. The
application is exposed to multiple issues. A cross-site
scripting issue affects the "img" BBCode tag in the "message"
parameter of the "pmlite.php" script. An HTML injection issue
affects the "text" parameter of the
"include/formdhtmltextarea_preview.php" script. XOOPS 2.5.1a is
vulnerable; other versions may also be affected.
Ref:
http://www.securityfocus.com/bid/49995/references
______________________________________________________________________
11.42.21 CVE: CVE-2011-2676
Platform: Web Application
Title: Movable Type A-Form Plugins Cross-Site Scripting and
Unspecified Security Vulnerabilities
Description: Movable Type is a weblog publishing system. Movable Type
A-Form plugins are exposed to multiple issues. An unspecified
cross-site scripting issue occurs because they fail to sufficiently sanitiz=
e
user-supplied data. A security bypass issue occurs due to tampering of an
admin HTTP parameter. Versions prior to Movable Type 4.36 and 5.05 are
affected.
Ref:
http://www.securityfocus.com/bid/50017/references
______________________________________________________________________
11.42.22 CVE: Not Available
Platform: Web Application
Title: Jaws Multiple Remote File Include Vulnerabilities
Description: Jaws is a Web-based application framework and content
management system written in PHP. The application is exposed to multiple
remote file include issues because it fails to sufficiently sanitize
user-supplied input. Jaws 0.8.14 is vulnerable and other versions may
also be affected.
Ref:
http://www.securityfocus.com/bid/50022/discuss
______________________________________________________________________
11.42.23 CVE: Not Available
Platform: Web Application
Title: KaiBB SQL Injection and Cross-Site Scripting Vulnerabilities
Description: KaiBB is a PHP-based online community application. The
application is exposed to the multiple issues because it fails to
sufficiently sanitize user-supplied input KaiBB 2.0.1 is vulnerable;
other versions may also be affected.
Ref:
http://www.securityfocus.com/bid/50029/references
______________________________________________________________________
11.42.24 CVE: CVE-2011-3485
Platform: Web Application
Title: ZOHO ManageEngine ADSelfService Plus Authentication Bypass
Description: ManageEngine ADSelfService Plus is a web-based end user
password reset management program. The application is exposed to an
authentication bypass issue. Specifically, the authentication process
allows an attacker to bypass it and gain administrative access by
setting "resetUnLock" value to "true" through POST request.
ManageEngine ADSelfService Plus 4.5 Build 4521 is vulnerable and other
versions may also be affected.
Ref:
http://www.securityfocus.com/bid/50071/references
______________________________________________________________________
11.42.25 CVE: Not Available
Platform: Hardware
Title: Xerox ColorQube Unspecified Authentication Bypass
Description: Xerox ColorQube is a Web-capable printer and photocopier.
Xerox ColorQube is exposed to an unspecified authentication bypass
issue. Specifically, the issue can be exploited by sending a specially
crafted sequence of commands. Xerox ColorQube 9301, Xerox ColorQube
9302 and Xerox ColorQube 9393 are affected.
Ref:
http://www.xerox.com/download/security/security-bulletin/127873b-15292-4aeb=
8bc95ec00/cert_XRX11-004-v1.02.pdf
______________________________________________________________________
11.42.26 CVE: Not Available
Platform: Hardware
Title: D-Link DIR-685 Encryption Failure Authentication Bypass
Description: D-Link DIR-685 is a wireless router with attached
storage. The device is exposed to an authentication bypass issue that
occurs when the device is configured with WPA/WPA2 and an AES cipher
with a pre-shared key. Specifically, this issue is caused by an
encryption failure that occurs during heavy network load, which keeps
the device in an open unencrypted state until rebooted. D-Link DIR-685
Xtreme N is affected.
Ref:
http://www.kb.cert.org/vuls/id/924307
______________________________________________________________________
(c) 2011.=A0 All rights reserved.=A0 The information contained in this
newsletter, including any external links, is provided "AS IS," with no
express or implied warranty, for informational purposes only.=A0 In some
cases, copyright for material in this newsletter may be held by a
party other than Qualys (as indicated herein) and permission to use
such material must be requested from the copyright owner.
Please feel free to share this with interested parties via email, but
no posting is allowed on web sites. For a free subscription, (and for
free posters) or to update a current subscription, visit
https://www.sans.org/account
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Darwin)
Comment: GPGTools -
http://gpgtools.org
iEYEARECAAYFAk6XPsYACgkQ+LUG5KFpTkaabgCgg3tGfejlqv3VAGse56mgs6Vv
rcsAn3LqECA3IbFsqc7zKCK3CPp7Ox1T
=3DAQ8z
-----END PGP SIGNATURE-----
--633627693-228525171-1318546420=:9625
Content-Type: text/html; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
<html><body><div style=3D"color:#000; background-color:#fff; font-family:bo=
okman old style, new york, times, serif;font-size:10pt"><div><span></span><=
/div><div><br></div><div style=3D"font-size: 10pt; font-family: 'bookman ol=
d style', 'new york', times, serif; "><div style=3D"font-size: 12pt; font-f=
amily: 'times new roman', 'new york', times, serif; "><font size=3D"2" face=
=3D"Arial">----- Forwarded Message -----<br><b><span style=3D"font-weight:b=
old;">From:</span></b> The SANS Institute <ConsensusSecurit..._at_sans.org&=
gt;<br><b><span style=3D"font-weight: bold;">To:</span></b> edit..._at_yahoo.c=
om<br><b><span style=3D"font-weight: bold;">Sent:</span></b> Thursday, Octo=
ber 13, 2011 2:26 PM<br><b><span style=3D"font-weight: bold;">Subject:</spa=
n></b> _at_RISK: The Consensus Security Vulnerability Alert Week 42 2011<br></=
font><br>-----BEGIN PGP SIGNED MESSAGE-----<br>Hash:
SHA1<br><br>______________________________________________________________=
________<br><br> _at_RISK: The Consensus Security =
Vulnerability Alert<br><br> =
Week 42 2011<br><br>_____=
_________________________________________________________________<br><br>Su=
mmary of Updates and Vulnerabilities in this Consensus<br><br>Platform =
; Number of =
Updates and Vulnerabilities<br>- ------------------------ ----=
---------------------------------<br><br>Windows =
&nbs=
p; 3 (#1)<br>Other Microsoft Products &n=
bsp; 5<br>Third Party Windows Apps =
2<br>Aix &nb=
sp; 1<br>Cr=
oss Platform =
4 (#2)<br>Web Application - Cross Site S=
cripting 2<br>Web Application - SQL Injection &nb=
sp; 2<br>Web Application &=
nbsp; 5<br>Hardware =
&nbs=
p; 2<br><br>****************************=
**********************************************<br><br>TRAINING UPDATE<br> -=
-SANS Chicago 2011, Chicago, IL, October 23-28, 2011<br>6 courses. Bo=
nus evening presentations include Computer Forensics in<br>the Virtual Real=
m and Electrical Grid Security<br><a
href=3D"
http://www.sans.org/chicago-2011/" target=3D"_blank">
http://www.sa=
ns.org/chicago-2011/</a><br> --SANS Seattle 2011, Seattle, WA, November 2-7=
, 2011<br>5 courses. Bonus evening presentations include Future Trend=
s in<br>Network Security; and Ninja Developers: Penetration Testing and You=
r SDLC<br><a href=3D"
http://www.sans.org/seattle-2011/" target=3D"_blank">h=
ttp://www.sans.org/seattle-2011/</a><br> --SANS San Francisco 2011, San Fra=
ncisco, CA, November 14-19, 2011<br>6 courses. Bonus evening presenta=
tions include The Worst Mistakes in<br>Cloud Computing Security; Offensive =
Countermeasures; and Watching the<br>Wire at Home<br><a href=3D"
http://www.=
sans.org/san-francisco-2011/" target=3D"_blank">
http://www.sans.org/san-fra=
ncisco-2011/</a><br> --EURO SCADA & Process Control System Security Sum=
mit, Rome, Dec 1-2, 2011<br>Gain the most current information regarding SCA=
DA and Control System<br>threats and learn how to best prepare to defend ag=
ainst
them.<br><a href=3D"
http://www.sans.org/eu-scada-2011/" target=3D"_blank">=
http://www.sans.org/eu-scada-2011/</a><br> --SANS San Antonio 2011, San Ant=
onio, TX, November 28-December 5, 2011<br>7 courses. Bonus evening pr=
esentations include Effective Methods for<br>Implementing the 20 Critical S=
ecurity Controls; and Assessing<br>Deception: Are They Lying to You?<br><a =
href=3D"
http://www.sans.org/san-antonio-2011/" target=3D"_blank">
http://www=
.sans.org/san-antonio-2011/</a><br> --SANS London 2011, London, UK, Decembe=
r 3-12, 2011<br>16 courses. Bonus evening presentations include IPv6 =
Challenges for<br>Intrusion Detection and Understanding How Attackers Bypas=
s Network and<br>Content Restrictions.<br><a href=3D"
http://www.sans.org/lo=
ndon-2011/" target=3D"_blank">
http://www.sans.org/london-2011/</a><br> --SA=
NS CDI 2011, Washington, DC, December 9-16, 2011<br>27 courses. Bonus=
evening presentations include Emerging Trends in<br>Data Law and
Investigations, and Critical Infrastructure Control<br>Systems Cybersecuri=
ty.<br><a href=3D"
http://www.sans.org/cyber-defense-initiative-2011/" targe=
t=3D"_blank">
http://www.sans.org/cyber-defense-initiative-2011/</a><br> --S=
ANS Security East 2012, New Orleans, LA January 17-26, 2012<br>11 courses.&=
nbsp; Bonus evening presentations include Advanced VoIP Pen<br>Testing: Cur=
rent Threats and Methods; and Helping Small Businesses<br>with Security.<br=
><a href=3D"http://www.sans.org/security-east-2012/" target=3D"_blank">http=
://www.sans.org/security-east-2012/</a><br> --Looking for training in your =
own community?<br>http:sans.org/community/ Save on On-Demand training (30 f=
ull<br>courses) - See samples at<br><a href=3D"
http://www.sans.org/ondemand=
/discounts.php#current" target=3D"_blank">
http://www.sans.org/ondemand/disc=
ounts.php#current</a><br>Plus Seoul, Sydney, Tokyo, and Rome all in the nex=
t 90 days.<br>For a list of all upcoming events, on-line and live:
www.sans.org<br><br>******************************************************=
********************<br><br>Part I -- Critical Vulnerabilities from Tipping=
Point (www.tippingpoint.com)<br>Widely Deployed Software<br>(1) HIGH: Micro=
soft Products Multiple Security Vulnerabilities<br>(2) HIGH: Apple iTunes M=
ultiple Security Vulnerabilities<br><br>Part II -- Comprehensive List of Ne=
wly Discovered Vulnerabilities from Qualys<br>(www.qualys.com)<br><br> -- W=
indows<br>11.42.1 - Microsoft Active Accessibility Remote Code Execut=
ion<br>11.42.2 - Microsoft Windows Kernel Mode Drivers Remote Code Ex=
ecution<br>11.42.3 - Microsoft Ancillary Function Driver Elevation of=
Privileges<br> -- Other Microsoft Products<br>11.42.4 - Microsoft .N=
ET Framework and Silverlight Remote Code Execution<br>11.42.5 - Micro=
soft Host Integration Server Remote Denial of Service<br>11.42.6 - Mi=
crosoft Forefront Unified Access Gateway Multiple Remote
Issues<br>11.42.7 - Microsoft Windows Media Center Remote Code Execu=
tion<br>11.42.8 - Microsoft Internet Explorer Cumulative Security Upd=
ate<br> -- Third Party Windows Apps<br>11.42.9 - IBM Rational AppScan=
Remote Command Execution Vulnerabilities<br>11.42.10 - Autonomy KeyView Fi=
lter "jtdsr.dll" Multiple Buffer Overflow Vulnerabilities<br> -- Aix<br>11.=
42.11 - IBM AIX Fibre Channel Driver QLogic Local Denial of Service<br> -- =
Cross Platform<br>11.42.12 - Apache HTTP Server "mod_proxy" Reverse Proxy I=
nformation Disclosure<br>11.42.13 - Real Networks RealPlayer Cross-Zone Scr=
ipting<br>11.42.14 - VLC Media Player "httpd_ClientRecv()" Heap-Based Buffe=
r Overflow<br>11.42.15 - Apple iTunes Multiple Vulnerabilities<br> -- Web A=
pplication - Cross Site Scripting<br>11.42.16 - JAKCMS "userpost" Parameter=
Cross-Site Scripting<br>11.42.17 - SilverStripe Multiple Cross-Site Script=
ing<br> -- Web Application - SQL Injection<br>11.42.18 - vtiger CRM
"onlyforuser" Parameter SQL Injection<br>11.42.19 - NexusPHP "thanks.php" =
SQL Injection<br> -- Web Application<br>11.42.20 - XOOPS HTML Injection and=
Cross-Site Scripting Vulnerabilities<br>11.42.21 - Movable Type A-Form Plu=
gins Cross-Site Scripting and Unspecified Security Vulnerabilities<br>11.42=
.22 - Jaws Multiple Remote File Include Vulnerabilities<br>11.42.23 - KaiBB=
SQL Injection and Cross-Site Scripting Vulnerabilities<br>11.42.24 - ZOHO =
ManageEngine ADSelfService Plus Authentication Bypass<br> -- Hardware<br>11=
.42.25 - Xerox ColorQube Unspecified Authentication Bypass<br>11.42.26 - D-=
Link DIR-685 Encryption Failure Authentication Bypass<br>__________________=
____________________________________________________<br><br>PART I Critical=
Vulnerabilities<br>Part I for this issue has been compiled by Josh Bronson=
at TippingPoint,<br>a division of HP, as a by-product of that company's co=
ntinuous effort<br>to ensure that its intrusion prevention products
effectively block<br>exploits using known vulnerabilities. TippingPoint's =
analysis is<br>complemented by input from a council of security managers fr=
om twelve<br>large organizations who confidentially share with SANS the spe=
cific<br>actions they have taken to protect their systems. A detailed descr=
iption<br>of the process may be found at<br><a href=3D"
http://www.sans.org/=
newsletters/risk/#process" target=3D"_blank">
http://www.sans.org/newsletter=
s/risk/#process</a><br><br>************************************************=
*************<br><br>(1) HIGH: Microsoft Products Multiple Security Vulnera=
bilities<br>Affected:<br>Microsoft Forefront Unified Access Gateway 2010<br=
>Microsoft Internet Explorer 7,8, and 9<br>Microsoft .NET Framework 1.0, 1.=
1, 2.0, 4<br>Microsoft Silverlight 4<br> &nbs=
p; <br>Description: As part of its Microsoft Tuesday program,=
Microsoft has<br>released patches for multiple products. The
vulnerabilities include a<br>signed Java applet in Microsoft Forefront Uni=
fied Access Gateway that<br>can be used by attackers for code execution, se=
veral memory safety<br>vulnerabilities in Internet Explorer, and an input v=
alidation<br>vulnerability in Silverlight and the .NET Framework. By entici=
ng a<br>target to view a malicious site, an attacker can exploit these<br>v=
ulnerabilities in order to execute arbitrary code on the target's<br>machin=
e.<br><br>Status: vendor confirmed, updates available<br><br>References:<br=
>Vendor Site<br><a href=3D"http://www.microsoft.com" target=3D"_blank">http=
://www.microsoft.com</a><br>Microsoft Security Bulletins<br><a href=3D"http=
://technet.microsoft.com/en-us/security/bulletin/ms11-078" target=3D"_blank=
">
http://technet.microsoft.com/en-us/security/bulletin/ms11-078</a><br><a h=
ref=3D"
http://technet.microsoft.com/en-us/security/bulletin/ms11-079"
target=3D"_blank">
http://technet.microsoft.com/en-us/security/bulletin/ms1=
1-079</a><br><a href=3D"
http://technet.microsoft.com/en-us/security/bulleti=
n/ms11-081" target=3D"_blank">
http://technet.microsoft.com/en-us/security/b=
ulletin/ms11-081</a> <br>SecurityFocus BugTraq IDs<br><a =
href=3D"
http://www.securityfocus.com/bid/49947" target=3D"_blank">
http://ww=
w.securityfocus.com/bid/49947</a><br><a href=3D"
http://www.securityfocus.co=
m/bid/49960" target=3D"_blank">
http://www.securityfocus.com/bid/49960</a><b=
r><a href=3D"
http://www.securityfocus.com/bid/49961" target=3D"_blank">http=
://www.securityfocus.com/bid/49961</a><br><a href=3D"
http://www.securityfoc=
us.com/bid/49962" target=3D"_blank">
http://www.securityfocus.com/bid/49962<=
/a><br><a href=3D"
http://www.securityfocus.com/bid/49963" target=3D"_blank"=
>http://www.securityfocus.com/bid/49963</a><br><a href=3D"http://www.securi=
tyfocus.com/bid/49964" target=3D"_blank">
http://www.securityfocus.com/bid/4=
9964</a><br><a
href=3D"
http://www.securityfocus.com/bid/49965" target=3D"_blank">
http://w=
ww.securityfocus.com/bid/49965</a><br><a href=3D"
http://www.securityfocus.c=
om/bid/49983" target=3D"_blank">
http://www.securityfocus.com/bid/49983</a><=
br><a href=3D"
http://www.securityfocus.com/bid/49999" target=3D"_blank">htt=
p://www.securityfocus.com/bid/49999</a><br><br>****************************=
*********************************<br><br>(2) HIGH: Apple iTunes Multiple Se=
curity Vulnerabilities<br>Affected:<br>Apple iTunes 10.5<br> &nb=
sp; <br>Description: Apple has released pa=
tches for multiple security<br>vulnerabilities affecting its iTunes media p=
layer. The vulnerabilities<br>include buffer overflows in code responsible =
for handling audio, images,<br>and movies; and a man-in-the-middle-attack a=
nd memory corruption issues<br>in WebKit, Apple's browser engine. These vul=
nerabilities, although<br>unspecified, can likely be leveraged by an attack=
er to
execute arbitrary<br>code on a target's machine. In all cases, it appears =
that an attacker<br>would have to entice a target to view a malicious site =
or open a<br>malicious file.<br><br>Status: vendor confirmed, updates avail=
able<br><br>References:<br>Vendor Site<br><a href=3D"
http://www.apple.com" =
target=3D"_blank">
http://www.apple.com</a><br>Apple Security Update<br><a h=
ref=3D"
http://support.apple.com/kb/HT4981" target=3D"_blank">
http://support=
.apple.com/kb/HT4981</a><br>SecurityFocus BugTraq IDs<br><a href=3D"
http://=
www.securityfocus.com/bid/43228" target=3D"_blank">
http://www.securityfocus=
.com/bid/43228</a><br><a href=3D"
http://www.securityfocus.com/bid/46262" ta=
rget=3D"_blank">
http://www.securityfocus.com/bid/46262</a><br><a href=3D"ht=
tp://www.securityfocus.com/bid/46614" target=3D"_blank">
http://www.security=
focus.com/bid/46614</a><br><a href=3D"
http://www.securityfocus.com/bid/4670=
3" target=3D"_blank">
http://www.securityfocus.com/bid/46703</a><br><a
href=3D"
http://www.securityfocus.com/bid/46785" target=3D"_blank">
http://w=
ww.securityfocus.com/bid/46785</a><br><a href=3D"
http://www.securityfocus.c=
om/bid/47029" target=3D"_blank">
http://www.securityfocus.com/bid/47029</a><=
br><a href=3D"
http://www.securityfocus.com/bid/47604" target=3D"_blank">htt=
p://www.securityfocus.com/bid/47604</a><br><a href=3D"
http://www.securityfo=
cus.com/bid/48416" target=3D"_blank">
http://www.securityfocus.com/bid/48416=
</a><br><a href=3D"
http://www.securityfocus.com/bid/48437" target=3D"_blank=
">
http://www.securityfocus.com/bid/48437</a><br><a href=3D"
http://www.secur=
ityfocus.com/bid/48479" target=3D"_blank">
http://www.securityfocus.com/bid/=
48479</a><br><a href=3D"
http://www.securityfocus.com/bid/48820" target=3D"_=
blank">
http://www.securityfocus.com/bid/48820</a><br><a href=3D"
http://www.=
securityfocus.com/bid/48823" target=3D"_blank">
http://www.securityfocus.com=
/bid/48823</a><br><a href=3D"
http://www.securityfocus.com/bid/48825"
target=3D"_blank">
http://www.securityfocus.com/bid/48825</a><br><a href=3D=
"
http://www.securityfocus.com/bid/48827" target=3D"_blank">
http://www.secur=
ityfocus.com/bid/48827</a><br><a href=3D"
http://www.securityfocus.com/bid/4=
8840" target=3D"_blank">
http://www.securityfocus.com/bid/48840</a><br><a hr=
ef=3D"
http://www.securityfocus.com/bid/48842" target=3D"_blank">
http://www.=
securityfocus.com/bid/48842</a><br><a href=3D"
http://www.securityfocus.com/=
bid/48843" target=3D"_blank">
http://www.securityfocus.com/bid/48843</a><br>=
<a href=3D"
http://www.securityfocus.com/bid/48844" target=3D"_blank">http:/=
/www.securityfocus.com/bid/48844</a><br><a href=3D"
http://www.securityfocus=
.com/bid/48845" target=3D"_blank">
http://www.securityfocus.com/bid/48845</a=
><br><a href=3D"http://www.securityfocus.com/bid/48846" target=3D"_blank">h=
ttp://www.securityfocus.com/bid/48846</a><br><a href=3D"
http://www.security=
focus.com/bid/48847" target=3D"_blank">
http://www.securityfocus.com/bid/488=
47</a><br><a
href=3D"
http://www.securityfocus.com/bid/48848" target=3D"_blank">
http://w=
ww.securityfocus.com/bid/48848</a><br><a href=3D"
http://www.securityfocus.c=
om/bid/48849" target=3D"_blank">
http://www.securityfocus.com/bid/48849</a><=
br><a href=3D"
http://www.securityfocus.com/bid/48850" target=3D"_blank">htt=
p://www.securityfocus.com/bid/48850</a><br><a href=3D"
http://www.securityfo=
cus.com/bid/48851" target=3D"_blank">
http://www.securityfocus.com/bid/48851=
</a><br><a href=3D"
http://www.securityfocus.com/bid/48852" target=3D"_blank=
">
http://www.securityfocus.com/bid/48852</a><br><a href=3D"
http://www.secur=
ityfocus.com/bid/48853" target=3D"_blank">
http://www.securityfocus.com/bid/=
48853</a><br><a href=3D"
http://www.securityfocus.com/bid/48854" target=3D"_=
blank">
http://www.securityfocus.com/bid/48854</a><br><a href=3D"
http://www.=
securityfocus.com/bid/48855" target=3D"_blank">
http://www.securityfocus.com=
/bid/48855</a><br><a href=3D"
http://www.securityfocus.com/bid/48856"
target=3D"_blank">
http://www.securityfocus.com/bid/48856</a><br><a href=3D=
"
http://www.securityfocus.com/bid/48857" target=3D"_blank">
http://www.secur=
ityfocus.com/bid/48857</a><br><a href=3D"
http://www.securityfocus.com/bid/4=
8858" target=3D"_blank">
http://www.securityfocus.com/bid/48858</a><br><a hr=
ef=3D"
http://www.securityfocus.com/bid/48960" target=3D"_blank">
http://www.=
securityfocus.com/bid/48960</a><br><a href=3D"
http://www.securityfocus.com/=
bid/49279" target=3D"_blank">
http://www.securityfocus.com/bid/49279</a><br>=
<a href=3D"
http://www.securityfocus.com/bid/49658" target=3D"_blank">http:/=
/www.securityfocus.com/bid/49658</a><br><a href=3D"
http://www.securityfocus=
.com/bid/49850" target=3D"_blank">
http://www.securityfocus.com/bid/49850</a=
><br><a href=3D"http://www.securityfocus.com/bid/50065" target=3D"_blank">h=
ttp://www.securityfocus.com/bid/50065</a><br><a href=3D"
http://www.security=
focus.com/bid/50066" target=3D"_blank">
http://www.securityfocus.com/bid/500=
66</a><br><a
href=3D"
http://www.securityfocus.com/bid/50067" target=3D"_blank">
http://w=
ww.securityfocus.com/bid/50067</a><br><a href=3D"
http://www.securityfocus.c=
om/bid/50068" target=3D"_blank">
http://www.securityfocus.com/bid/50068</a><=
br><br>*************************************************************<br><br=
>Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qua=
lys<br>(www.qualys.com)<br><br>This list is compiled by Qualys ( www.qualys=
.com ) as part of that<br>company's ongoing effort to ensure its vulnerabil=
ity management web<br>service tests for all known vulnerabilities that can =
be scanned. As of<br>this week Qualys scans for 12405 unique vulnerabilitie=
s. For this<br>special SANS community listing, Qualys also includes vulnera=
bilities<br>that cannot be scanned remotely.<br>___________________________=
___________________________________________<br><br>11.42.1 CVE: CVE-2011-12=
47<br>Platform: Windows<br>Title: Microsoft Active Accessibility Remote Cod=
e
Execution<br>Description: The Microsoft Active Accessibility component is =
a<br>Component Object Model based technology that improves the way<br>acces=
sibility aids work with applications running on Microsoft<br>Windows. The A=
ctive Accessibility component is exposed to an arbitrary<br>code execution =
issue. The issue arises because the application<br>searches for a Dynamic L=
ink Library file in the current working<br>directory. All supported release=
s of Microsoft Windows are affected.<br>Ref: <a href=3D"
http://technet.micr=
osoft.com/en-us/security/bulletin/ms11-075" target=3D"_blank">
http://techne=
t.microsoft.com/en-us/security/bulletin/ms11-075</a><br>___________________=
___________________________________________________<br><br>11.42.2 CVE: CVE=
-2011-1985,CVE-2011-1985,CVE-2011-2002,CVE-2011-2003<br>Platform: Windows<b=
r>Title: Microsoft Windows Kernel Mode Drivers Remote Code Execution<br>Des=
cription: The "Win32k.sys" kernel mode device driver provides<br>various
functions such as the window manager, collection of user<br>input, screen =
output and Graphics Device Interface. It also<br>serves as a wrapper for Di=
rectX support. The driver is exposed to<br>multiple issues. See reference f=
or further details. All supported<br>releases of Microsoft Windows are affe=
cted.<br>Ref: <a href=3D"
http://technet.microsoft.com/en-us/security/bullet=
in/ms11-077" target=3D"_blank">
http://technet.microsoft.com/en-us/security/=
bulletin/ms11-077</a><br>__________________________________________________=
____________________<br><br>11.42.3 CVE: CVE-2011-2005<br>Platform: Windows=
<br>Title: Microsoft Ancillary Function Driver Elevation of Privileges<br>D=
escription: Microsoft Windows is exposed to a local privilege<br>escalation=
issue. This issue affects the ancillary function driver<br>("AFD.sys"). Th=
is issue occurs because the AFD driver fails to<br>properly validate data p=
assed from user mode to kernel mode. All<br>supported editions of
Windows XP and Windows Server 2003 are affected.<br>Ref: <a href=3D"http:/=
/technet.microsoft.com/en-us/security/bulletin/ms11-080" target=3D"_blank">=
http://technet.microsoft.com/en-us/security/bulletin/ms11-080</a><br>______=
________________________________________________________________<br><br>11.=
42.4 CVE: CVE-2011-1253<br>Platform: Other Microsoft Products<br>Title: Mic=
rosoft .NET Framework and Silverlight Remote Code Execution<br>Description:=
The Microsoft .NET Framework is a software framework for<br>applications d=
esigned to run under Microsoft Windows. Microsoft<br>Silverlight is a web a=
pplication framework that provides support for<br>.NET applications. Micros=
oft Silverlight and Microsoft .NET Framework<br>are exposed to a remote cod=
e execution issue due to the way in which<br>they restrict inheritance with=
in classes. Microsoft .NET Framework 1.0<br>Service Pack 3, Microsoft .NET =
Framework 1.1 Service Pack 1, Microsoft<br>.NET Framework 2.0 Service
Pack 2, Microsoft .NET Framework 3.5.1,<br>Microsoft .NET Framework 4 and =
Microsoft Silverlight 4 are affected.<br>Ref: <a href=3D"
http://technet.mic=
rosoft.com/en-us/security/bulletin/ms11-078" target=3D"_blank">
http://techn=
et.microsoft.com/en-us/security/bulletin/ms11-078</a><br>__________________=
____________________________________________________<br><br>11.42.5 CVE: CV=
E-2011-2008,CVE-2011-2007<br>Platform: Other Microsoft Products<br>Title: M=
icrosoft Host Integration Server Remote Denial of Service<br>Description: M=
icrosoft Host Integration Server facilitates integration<br>between Microso=
ft and IBM technologies. Microsoft Host Integration<br>Server is exposed to=
a denial of service issue caused by<br>improper input validation when Host=
Integration Server processes<br>specially crafted network traffic. All sup=
ported editions of Microsoft<br>Host Integration Server 2004, Microsoft Hos=
t Integration Server 2006,<br>Microsoft Host Integration Server 2009 and
Microsoft Host Integration<br>Server 2010 are affected.<br>Ref: <a href=3D=
"
http://technet.microsoft.com/en-us/security/bulletin/ms11-082" target=3D"_=
blank">
http://technet.microsoft.com/en-us/security/bulletin/ms11-082</a><br=
>______________________________________________________________________<br>=
<br>11.42.6 CVE:<br>CVE-2011-1895,CVE-2011-1896,CVE-2011-1897,CVE-2011-1969=
,CVE-2011-2012<br>Platform: Other Microsoft Products<br>Title: Microsoft Fo=
refront Unified Access Gateway Multiple Remote<br>Issues<br>Description: Mi=
crosoft Forefront Unified Access Gateway provides<br>remote access to enter=
prise resources. Microsoft Forefront Unified<br>Access Gateway is exposed t=
o multiple remote issues. See reference for<br>further details. All support=
ed versions of Microsoft Forefront Unified<br>Access Gateway 2010 are affec=
ted.<br>Ref: <a href=3D"
http://technet.microsoft.com/en-us/security/bulleti=
n/ms11-079"
target=3D"_blank">
http://technet.microsoft.com/en-us/security/bulletin/ms1=
1-079</a><br>______________________________________________________________=
________<br><br>11.42.7 CVE: CVE-2011-2009<br>Platform: Other Microsoft Pro=
ducts<br>Title: Microsoft Windows Media Center Remote Code Execution<br>Des=
cription: Media Center is an audio/visual application for Microsoft<br>Wind=
ows. Media Center is exposed to an arbitrary code execution issue.<br>The i=
ssue arises because the application searches for a Dynamic Link<br>Library =
file in the current working directory. All supported editions<br>of Windows=
Vista, Windows 7 and Windows Media Center TV Pack<br>for Windows Vista are=
affected.<br>Ref: <a href=3D"
http://technet.microsoft.com/en-us/security/b=
ulletin/ms11-076" target=3D"_blank">
http://technet.microsoft.com/en-us/secu=
rity/bulletin/ms11-076</a><br>_____________________________________________=
_________________________<br><br>11.42.8
CVE:<br>CVE-2011-1993,CVE-2011-1995,CVE-2011-1996,CVE-2011-1997,CVE-2011-1=
998<br>CVE-2011-1999,CVE-2011-2000,CVE-2011-2001<br>Platform: Other Microso=
ft Products<br>Title: Microsoft Internet Explorer Cumulative Security Updat=
e<br>Description: Microsoft Internet Explorer is a web browser available<br=
>for Microsoft Windows platforms. Microsoft Internet Explorer is<br>exposed=
to multiple remote issues. See reference for further details.<br>Internet =
Explorer 6, 7, 8 and 9 are affected.<br>Ref: <a href=3D"
http://technet.micr=
osoft.com/en-us/security/bulletin/ms11-081" target=3D"_blank">
http://techne=
t.microsoft.com/en-us/security/bulletin/ms11-081</a><br>___________________=
___________________________________________________<br><br>11.42.9 CVE: CVE=
-2011-1366,CVE-2011-1367<br>Platform: Third Party Windows Apps<br>Title: IB=
M Rational AppScan Remote Command Execution Vulnerabilities<br>Description:=
IBM Rational AppScan is a web-based tool for scanning and<br>reporting
vulnerabilities. The application is exposed to multiple<br>remote command =
execution issues that occurs when handling specially<br>crafted "ZIP" files=
and "scan" files. Versions 5.2 through 8.0.1 of<br>IBM Rational AppScan En=
terprise and IBM Rational AppScan Reporting<br>Console running on Microsoft=
Windows are affected.<br>Ref: <a href=3D"
https://www-304.ibm.com/support/d=
ocview.wss?uid=3Dswg21515110" target=3D"_blank">
https://www-304.ibm.com/sup=
port/docview.wss?uid=3Dswg21515110</a><br>_________________________________=
_____________________________________<br><br>11.42.10 CVE: CVE-2011-0339,CV=
E-2011-0338,CVE-2011-0337<br>Platform: Third Party Windows Apps<br>Title: A=
utonomy KeyView Filter "jtdsr.dll" Multiple Buffer Overflow<br>Vulnerabilit=
ies<br>Description: Autonomy KeyView Filter is a component used in multiple=
<br>applications. It allows the filtering, viewing and exporting of<br>docu=
ments to Web-ready HTML or valid XML. Autonomy KeyView Filter is<br>exposed
to multiple buffer overflow issues because it fails to<br>properly bounds =
check user-supplied data. Autonomy KeyView Filter 10.3<br>is vulnerable and=
other versions may also be affected.<br>Ref: <a href=3D"
http://www.securit=
yfocus.com/bid/50006/references" target=3D"_blank">
http://www.securityfocus=
.com/bid/50006/references</a><br>__________________________________________=
____________________________<br><br>11.42.11 CVE: CVE-2011-3982<br>Platform=
: Aix<br>Title: IBM AIX Fibre Channel Driver QLogic Local Denial of Service=
<br>Description: IBM AIX is exposed to a local denial of service issue.<br>=
This issue occurs because the Fiber Channel driver for the QLogic<br>adapte=
rs fail to properly handle DMA resource limitation. IBM AIX<br>version 6.1 =
and 7.1 are affected.<br>Ref: <a href=3D"
http://www.securityfocus.com/bid/5=
0000/references"
target=3D"_blank">
http://www.securityfocus.com/bid/50000/references</a><br=
>______________________________________________________________________<br>=
<br>11.42.12 CVE: CVE-2011-3368<br>Platform: Cross Platform<br>Title: Apach=
e HTTP Server "mod_proxy" Reverse Proxy Information<br>Disclosure<br>Descri=
ption: Apache HTTP Server is an HTTP web server application. Apache<br>HTTP=
Server is exposed to an information disclosure issue that exists<br>in the=
"mod_proxy" component. Specifically, when using the<br>"RewriteRule" or "P=
rxyPassMatch" directives to configure a reverse<br>proxy using a pattern ma=
tch, it may be possible to disclose the<br>internal servers. Apache HTTP Se=
rver 1.3.x through 1.3.42, 2.0.x<br>through 2.0.64 and 2.2.x through 2.2.21=
are affected.<br>Ref: <a href=3D"
http://www.apache.org/dist/httpd/patches/=
apply_to_2.2.21/" target=3D"_blank">
http://www.apache.org/dist/httpd/patche=
s/apply_to_2.2.21/</a><br><a
href=3D"
http://www.securityfocus.com/bid/49957/references" target=3D"_blan=
k">
http://www.securityfocus.com/bid/49957/references</a><br>_______________=
_______________________________________________________<br><br>11.42.13 CVE=
: CVE-2011-1221<br>Platform: Cross Platform<br>Title: Real Networks RealPla=
yer Cross-Zone Scripting<br>Description: Real Networks RealPlayer is a medi=
a player available for<br>multiple platforms. The application is exposed to=
a cross-zone<br>scripting issue because the RealPlayer ActiveX control all=
ows users to<br>run local HTML files with scripting enabled without providi=
ng any<br>warning. RealPlayer 11.0 to 11.1, SP 1.0 to 1.1.5 and Enterprise =
2.0<br>to 2.1.5 are affected.<br>Ref: <a href=3D"
http://www.securityfocus.c=
om/bid/49996/references" target=3D"_blank">
http://www.securityfocus.com/bid=
/49996/references</a><br>__________________________________________________=
____________________<br><br>11.42.14 CVE: Not Available<br>Platform: Cross
Platform<br>Title: VLC Media Player "httpd_ClientRecv()" Heap-Based Buffer=
<br>Overflow<br>Description: VLC is a cross-platform media player. The appl=
ication is<br>exposed to a heap-based memory corruption issue because it fa=
ils to<br>properly bounds check user-supplied data before copying it into a=
n<br>insufficiently sized buffer. Specifically, this issue occurs due to a<=
br>NULL pointer dereference error in the "httpd_ClientRecv()" function of<b=
r>the "src/network/httpd.c" source file. The issue affects the "HTTP"<br>an=
d "RTSP" server components. VLC Media Player 1.1.11 and prior<br>versions a=
re affected.<br>Ref: <a href=3D"
http://www.videolan.org/security/sa1107.htm=
l" target=3D"_blank">
http://www.videolan.org/security/sa1107.html</a><br>__=
____________________________________________________________________<br><br=
>11.42.15
CVE:<br>CVE-2011-0259,CVE-2011-0200,CVE-2011-3252,CVE-2011-3219,CVE-2011-0=
204,CVE-2011-0215,CVE-2010-1823,CVE-2011-0164,CVE-2011-0218,<br>CVE-2011-02=
21,CVE-2011-0222,CVE-2011-0223,CVE-2011-0225,CVE-2011-0232,CVE-2011-0233,CV=
E-2011-0234,CVE-2011-0235,CVE-2011-0237,<br>CVE-2011-0238,CVE-2011-0240,CVE=
-2011-0253,CVE-2011-0254,CVE-2011-0255,CVE-2011-0981,CVE-2011-0983,CVE-2011=
-1109,CVE-2011-1114,<br>CVE-2011-1115,CVE-2011-1117,CVE-2011-1121,CVE-2011-=
1188,CVE-2011-1203,CVE-2011-1204,CVE-2011-1288,CVE-2011-1293,CVE-2011-1296,=
<br>CVE-2011-1440,CVE-2011-1449,CVE-2011-1451,CVE-2011-1453,CVE-2011-1457,C=
VE-2011-1462,CVE-2011-1797,CVE-2011-2338,CVE-2011-2339,<br>CVE-2011-2341,CV=
E-2011-2351,CVE-2011-2352,CVE-2011-2354,CVE-2011-2356,CVE-2011-2359,CVE-201=
1-2788,CVE-2011-2790,CVE-2011-2792,<br>CVE-2011-2797,CVE-2011-2799,CVE-2011=
-2809,CVE-2011-2811,CVE-2011-2813,CVE-2011-2814,CVE-2011-2815,CVE-2011-2816=
,CVE-2011-2817,<br>CVE-2011-2818,CVE-2011-2820,CVE-2011-2823,CVE-20
11-2827,CVE-2011-2831,CVE-2011-3232,CVE-2011-3233,CVE-2011-3234,CVE-2011-32=
35<br>Platform: Cross Platform<br>Title: Apple iTunes Multiple Vulnerabilit=
ies<br>Description: Apple iTunes is a media player for Microsoft Windows an=
d<br>Apple Mac OS X. iTunes components CoreFoundation, ColorSync,<br>CoreAu=
dio, CoreMedia, ImageIO and WebKit are exposed to multiple<br>issues rangin=
g from buffer overflow to memory corruption. Apple iTunes<br>versions prior=
to 10.5 are affected.<br>Ref: <a href=3D"
http://lists.apple.com/archives/s=
ecurity-announce/2011//Oct/msg00000.html" target=3D"_blank">
http://lists.ap=
ple.com/archives/security-announce/2011//Oct/msg00000.html</a><br>_________=
_____________________________________________________________<br><br>11.42.=
16 CVE: Not Available<br>Platform: Web Application - Cross Site Scripting<b=
r>Title: JAKCMS "userpost" Parameter Cross-Site Scripting<br>Description: J=
AKCMS is a content manager implemented in PHP. The<br>application is
exposed to a cross-site scripting issue because it<br>fails to properly sa=
nitize user-supplied input submitted to the<br>"userpost" parameter of the =
"index.php" script. JAKCMS 2.0.4.1 is<br>vulnerable and other versions may =
also be affected.<br>Ref: <a href=3D"
http://www.securityfocus.com/bid/50034=
/discuss" target=3D"_blank">
http://www.securityfocus.com/bid/50034/discuss<=
/a><br>____________________________________________________________________=
__<br><br>11.42.17 CVE: Not Available<br>Platform: Web Application - Cross =
Site Scripting<br>Title: SilverStripe Multiple Cross-Site Scripting<br>Desc=
ription: SilverStripe is an open source content management system.<br>The a=
pplication is exposed to multiple cross-site scripting issues<br>because it=
fails to sanitize user supplied input. SilverStripe 2.4.5<br>is vulnerable=
and other versions may also be affected.<br>Ref: <a href=3D"
http://www.sec=
urityfocus.com/archive/1/520050"
target=3D"_blank">
http://www.securityfocus.com/archive/1/520050</a><br>___=
___________________________________________________________________<br><br>=
11.42.18 CVE: Not Available<br>Platform: Web Application - SQL Injection<br=
>Title: vtiger CRM "onlyforuser" Parameter SQL Injection<br>Description: vt=
iger CRM is a PHP-based customer relationship<br>management application. Th=
e application is exposed to an SQL injection<br>issue because it fails to s=
ufficiently sanitize user-supplied data<br>submitted to the "onlyforuser" p=
arameter of the "index.php" script.<br>vtiger CRM 5.2.1 is vulnerable and p=
rior versions may also be<br>affected.<br>Ref: <a href=3D"
http://yehg.net/l=
ab/pr0js/advisories/%5BvTiger_5.2.1%5D_blind_sqlin" target=3D"_blank">http:=
//yehg.net/lab/pr0js/advisories/%5BvTiger_5.2.1%5D_blind_sqlin</a><br>_____=
_________________________________________________________________<br><br>11=
.42.19 CVE: CVE-2011-4026<br>Platform: Web Application - SQL
Injection<br>Title: NexusPHP "thanks.php" SQL Injection<br>Description: Ne=
xusPHP is a PHP-based Web application. The application<br>is exposed to an =
SQL injection issue because it fails to adequately<br>sanitize user-supplie=
d input submitted to the "id" parameter of the<br>"thanks.php" script. Nexu=
sPHP 1.5 is affected and other versions may<br>also be vulnerable.<br>Ref: =
<a href=3D"
http://www.securityfocus.com/bid/50025/discuss" target=3D"_blank=
">
http://www.securityfocus.com/bid/50025/discuss</a><br>___________________=
___________________________________________________<br><br>11.42.20 CVE: No=
t Available<br>Platform: Web Application<br>Title: XOOPS HTML Injection and=
Cross-Site Scripting Vulnerabilities<br>Description: XOOPS is a PHP-based =
content management system. The<br>application is exposed to multiple issues=
. A cross-site<br>scripting issue affects the "img" BBCode tag in the "mess=
age"<br>parameter of the "pmlite.php" script. An HTML injection
issue<br>affects the "text" parameter of the<br>"include/formdhtmltextarea=
_preview.php" script. XOOPS 2.5.1a is<br>vulnerable; other versions may als=
o be affected.<br>Ref: <a href=3D"
http://www.securityfocus.com/bid/49995/re=
ferences" target=3D"_blank">
http://www.securityfocus.com/bid/49995/referenc=
es</a><br>_________________________________________________________________=
_____<br><br>11.42.21 CVE: CVE-2011-2676<br>Platform: Web Application<br>Ti=
tle: Movable Type A-Form Plugins Cross-Site Scripting and<br>Unspecified Se=
curity Vulnerabilities<br>Description: Movable Type is a weblog publishing =
system. Movable Type<br>A-Form plugins are exposed to multiple issues. An u=
nspecified<br>cross-site scripting issue occurs because they fail to suffic=
iently sanitize<br>user-supplied data. A security bypass issue occurs due t=
o tampering of an<br>admin HTTP parameter. Versions prior to Movable Type 4=
.36 and 5.05 are<br>affected.<br>Ref: <a
href=3D"
http://www.securityfocus.com/bid/50017/references" target=3D"_blan=
k">
http://www.securityfocus.com/bid/50017/references</a><br>_______________=
_______________________________________________________<br><br>11.42.22 CVE=
: Not Available<br>Platform: Web Application<br>Title: Jaws Multiple Remote=
File Include Vulnerabilities<br>Description: Jaws is a Web-based applicati=
on framework and content<br>management system written in PHP. The applicati=
on is exposed to multiple<br>remote file include issues because it fails to=
sufficiently sanitize<br>user-supplied input. Jaws 0.8.14 is vulnerable an=
d other versions may<br>also be affected.<br>Ref: <a href=3D"
http://www.sec=
urityfocus.com/bid/50022/discuss" target=3D"_blank">
http://www.securityfocu=
s.com/bid/50022/discuss</a><br>____________________________________________=
__________________________<br><br>11.42.23 CVE: Not Available<br>Platform: =
Web Application<br>Title: KaiBB SQL Injection and Cross-Site Scripting
Vulnerabilities<br>Description: KaiBB is a PHP-based online community appl=
ication. The<br>application is exposed to the multiple issues because it fa=
ils to<br>sufficiently sanitize user-supplied input KaiBB 2.0.1 is vulnerab=
le;<br>other versions may also be affected.<br>Ref: <a href=3D"
http://www.s=
ecurityfocus.com/bid/50029/references" target=3D"_blank">
http://www.securit=
yfocus.com/bid/50029/references</a><br>____________________________________=
__________________________________<br><br>11.42.24 CVE: CVE-2011-3485<br>Pl=
atform: Web Application<br>Title: ZOHO ManageEngine ADSelfService Plus Auth=
entication Bypass<br>Description: ManageEngine ADSelfService Plus is a web-=
based end user<br>password reset management program. The application is exp=
osed to an<br>authentication bypass issue. Specifically, the authentication=
process<br>allows an attacker to bypass it and gain administrative access =
by<br>setting "resetUnLock" value to "true" through POST
request.<br>ManageEngine ADSelfService Plus 4.5 Build 4521 is vulnerable a=
nd other<br>versions may also be affected.<br>Ref: <a href=3D"
http://www.se=
curityfocus.com/bid/50071/references" target=3D"_blank">
http://www.security=
focus.com/bid/50071/references</a><br>_____________________________________=
_________________________________<br><br>11.42.25 CVE: Not Available<br>Pla=
tform: Hardware<br>Title: Xerox ColorQube Unspecified Authentication Bypass=
<br>Description: Xerox ColorQube is a Web-capable printer and photocopier.<=
br>Xerox ColorQube is exposed to an unspecified authentication bypass<br>is=
sue. Specifically, the issue can be exploited by sending a specially<br>cra=
fted sequence of commands. Xerox ColorQube 9301, Xerox ColorQube<br>9302 an=
d Xerox ColorQube 9393 are affected.<br>Ref:<br><a href=3D"
http://www.xerox=
.com/download/security/security-bulletin/127873b-15292-4aeb8bc95ec00/cert_X=
RX11-004-v1.02.pdf"
target=3D"_blank">
http://www.xerox.com/download/security/security-bulletin=
/127873b-15292-4aeb8bc95ec00/cert_XRX11-004-v1.02.pdf</a><br>______________=
________________________________________________________<br><br>11.42.26 CV=
E: Not Available<br>Platform: Hardware<br>Title: D-Link DIR-685 Encryption =
Failure Authentication Bypass<br>Description: D-Link DIR-685 is a wireless =
router with attached<br>storage. The device is exposed to an authentication=
bypass issue that<br>occurs when the device is configured with WPA/WPA2 an=
d an AES cipher<br>with a pre-shared key. Specifically, this issue is cause=
d by an<br>encryption failure that occurs during heavy network load, which =
keeps<br>the device in an open unencrypted state until rebooted. D-Link DIR=
-685<br>Xtreme N is affected.<br>Ref: <a href=3D"
http://www.kb.cert.org/vul=
s/id/924307"
target=3D"_blank">
http://www.kb.cert.org/vuls/id/924307</a><br>___________=
___________________________________________________________<br><br>(c) 2011=
. All rights reserved. The information contained in this<br>new=
sletter, including any external links, is provided "AS IS," with no<br>expr=
ess or implied warranty, for informational purposes only. In some<br>=
cases, copyright for material in this newsletter may be held by a<br>party =
other than Qualys (as indicated herein) and permission to use<br>such mater=
ial must be requested from the copyright owner.<br><br>Please feel free to =
share this with interested parties via email, but<br>no posting is allowed =
on web sites. For a free subscription, (and for<br>free posters) or to upda=
te a current subscription, visit<br><a href=3D"
https://www.sans.org/account=
" target=3D"_blank">
https://www.sans.org/account</a><br><br><br>-----BEGIN =
PGP SIGNATURE-----<br>Version: GnuPG v1.4.9 (Darwin)<br>Comment: GPGTools
- <a href=3D"
http://gpgtools.org" target=3D"_blank">
http://gpgtools.org</a=
><br><br>iEYEARECAAYFAk6XPsYACgkQ+LUG5KFpTkaabgCgg3tGfejlqv3VAGse56mgs6Vv<b=
r>rcsAn3LqECA3IbFsqc7zKCK3CPp7Ox1T<br>=3DAQ8z<br>-----END PGP SIGNATURE----=
-<br><br><br></div></div></div></body></html>
--633627693-228525171-1318546420=:9625--
Received on Sat Mar 02 2024 - 00:57:28 CST