Search

See Resources

@RISK Newsletter for February 16, 2012 The Consensus Security Vulnerability Alert

This is a weekly newsletter that provides in-depth analysis of the latest vulnerabilities with straightforward remediation advice. Qualys supplies a large part of the newly-discovered vulnerability content used in this newsletter.


@RISK: The Consensus Security Vulnerability Alert
Vol. 12, Num. 7

Providing a reliable, weekly summary of newly discovered attack vectors, vulnerabilities with active exploits, and explanations of how recent attacks worked.

Archived issues may be found at https://www.qualys.com/research/sans-at-risk/


Summary of Updates and Vulnerabilities in this Consensus

Platform Number of Updates and Vulnerabilities
— | —
Windows 3 (#1)
Other Microsoft Products | 4
Third Party Windows Apps | 2
Linux 1 (#4)
Unix | 1
Cross Platform 8 (#2,#3,#5)
Web Application - Cross Site Scripting 1
Web Application 6


Part I – Critical Vulnerabilities from HP TippingPoint (dvlabs.tippingpoint.com)

Widely Deployed Software
(1) HIGH: Microsoft Patch Tuesday Vulnerabilities
(2) HIGH: Mozilla Firefox Use-After-Free Vulnerability
(3) HIGH: Adobe Shockwave Player Multiple Vulnerabilities
(4) HIGH: Horde Groupware Webmail Edition Unauthenticated PHP Execution
(5) MEDIUM: Google Chrome Multiple Security Vulnerabilities
Part II – Comprehensive List of Newly Discovered Vulnerabilities from Qualys
(www.qualys.com)

Windows

12.7.1 - Microsoft Windows Ancillary Function Driver Multiple Local Privilege Escalation Vulnerabilities
12.7.2 - Microsoft Windows “Msvcrt.dll” Remote Buffer Overflow
12.7.3 - Microsoft Windows Kernel “Win32k.sys” Multiple Remote Code Execution Vulnerabilities

Other Microsoft Products

12.7.4 - Microsoft Visio Viewer Multiple Remote Code Execution Vulnerabilities
12.7.5 - Microsoft Internet Explorer Multiple Vulnerabilities
12.7.6 - Microsoft Silverlight & .NET Framework Multiple Remote Code Execution Vulnerabilities
12.7.7 - Microsoft SharePoint Multiple Cross-Site Scripting Vulnerabilities

Third Party Windows Apps

12.7.8 - Symantec pcAnywhere Client/Server Input Handling Denial of Service
12.7.9 - ALFTP Insecure Executable File Loading Arbitrary Code Execution

Linux

12.7.10 - Horde Groupware Source Packages Backdoor Vulnerability

Unix

12.7.11 - NetSurf “netsurf/Cookies” Local Information Disclosure

Cross Platform

12.7.12 - CVS “proxy_connect()” Heap Buffer Overflow
12.7.13 - ImageMagick Buffer Overflow and Denial of Service Vulnerabilities
12.7.14 - Mozilla Firefox/Thunderbird/SeaMonkey “ReadPrototypeBindings()” Memory Corruption
12.7.15 - Zero Install “Common Name” Field Security Bypass
12.7.16 - PHP “tidy_diagnose()” NULL Pointer Dereference Denial Of Service
12.7.17 - Python SimpleXMLRPCServer Denial Of Service
12.7.18 - Adobe Shockwave Player Multiple Vulnerabilities
12.7.19 - Oracle Java SE Multiple Vulnerabilities

Web Application - Cross Site Scripting

12.7.20 - Adobe RoboHelp Cross-Site Scripting

Web Application

12.7.21 - Mathopd Directory Traversal
12.7.22 - GLPI “sub_type” Parameter Remote File Include
12.7.23 - AjaXplorer “doc_file” Parameter Local File Disclosure
12.7.24 - MyBB Multiple Security Vulnerabilities
12.7.25 - CubeCart Multiple URI Redirection Vulnerabilities
12.7.26 - Zen Cart “path_to_admin/product.php” Cross-Site Request Forgery


PART I Critical Vulnerabilities

Part I for this issue has been compiled by Josh Bronson at TippingPoint,
a division of HP, as a by-product of that company’s continuous effort
to ensure that its intrusion prevention products effectively block
exploits using known vulnerabilities. TippingPoint’s analysis is
complemented by input from a council of security managers from twelve
large organizations who confidentially share with SANS the specific
actions they have taken to protect their systems. A detailed description
of the process may be found at
http://www.sans.org/newsletters/risk/#process


(1) HIGH: Microsoft Patch Tuesday Vulnerabilities

Affected:
Internet Explorer
Visio 2003
Visio 2007
Visio 2010
Windows XP
Windows 2003
Windows Server 2008
Windows Vista
Windows 7
Description: As part of its patch Tuesday program, Microsoft has
released patches for vulnerabilities affecting multiple products.
An access violation vulnerability in Microsoft’s graphics display
interface has been patched. Because the vulnerability is in the Windows
kernel, an attacker could use potentially many vectors in order to
exploit this vulnerability. A successful attack would allow an attacker
to execute arbitrary code with kernel privileges. Internet Explorer has
been patched to address a use-after-free vulnerability related to HTML
layouts and an unspecified vulnerability in VML (Vector Markup
Language). By enticing a target to view a malicious page, an attacker
can exploit these vulnerabilities in order to execute arbitrary code on
the target’s machine. The Msvcrt.dll library has been patched to
address a buffer overflow vulnerability, and five unspecified memory
corruption vulnerabilities in Microsoft Visio have been patched. By
enticing a target to open a malicious file, an attacker could exploit
these vulnerability in order to execute arbitrary code on the target’s
machine.
Status: vendor confirmed, updates available
References:
Vendor Site
http://www.microsoft.com
Microsoft Security Bulletins
http://technet.microsoft.com/en-us/security/bulletin/ms12-008
http://technet.microsoft.com/en-us/security/bulletin/ms12-010
http://technet.microsoft.com/en-us/security/bulletin/ms12-013
http://technet.microsoft.com/en-us/security/bulletin/ms12-015
http://technet.microsoft.com/en-us/security/bulletin/ms12-016
SecurityFocus BugTraq IDs
http://www.securityfocus.com/bid/51122
http://www.securityfocus.com/bid/51903
http://www.securityfocus.com/bid/51904
http://www.securityfocus.com/bid/51906
http://www.securityfocus.com/bid/51907
http://www.securityfocus.com/bid/51908
http://www.securityfocus.com/bid/51913
http://www.securityfocus.com/bid/51933
http://www.securityfocus.com/bid/51935


(2) HIGH: Mozilla Firefox Use-After-Free Vulnerability

Affected:
Firefox 10.0.1
Firefox ESR 10.0.1
Description: Mozilla has patched its Firefox web browser to address a
vulnerability in its handling of XBL, the XML binding language. XBL is
used to specify the look and feel of XUL (XML User Interface Language)
widgets. XBL and XUL are both developed by Mozilla to serve as part of
the development platform for the Mozilla Application Suite. A problem
in the nsXBLDocumentInfo::ReadPrototypeBindings procedure in the
implementation of XBL can lead to memory corruption when the procedure
fails. By enticing a target to view a malicious page, an attacker can
exploit this vulnerability. In the case of a successful exploit, the
attacker could then execute arbitrary code on the target’s machine.
Status: vendor confirmed, updates available
References:
Vendor Site
http://www.mozilla.org
Mozilla Security Advisory
https://www.mozilla.org/security/announce/2012/mfsa2012-10.html
SecurityFocus BugTraq IDs
http://www.securityfocus.com/bid/51975


(3) HIGH: Adobe Shockwave Player Multiple Vulnerabilities

Affected:
Shockwave Player 11.6.3.633 and prior for Windows and Macintosh
Description: Adobe has released patches addressing multiple security
vulnerabilities in its Shockwave media player. The vulnerabilities
include unspecified memory corruption vulnerabilities in Shockwave 3D
Asset and two other unspecified vulnerabilities. The unspecified
vulnerabilities are a buffer overflow and a memory corruption
vulnerability. By enticing a target to view a malicious flash file, an
attacker can exploit this vulnerability in order to execute arbitrary
code on the target’s machine.
Status: vendor confirmed, updates available
References:
Vendor Site
http://www.adobe.com
Adobe Security Bulletin
http://www.adobe.com/support/security/bulletins/apsb12-02.html
SecurityFocus BugTraq IDs
http://www.securityfocus.com/bid/51999
http://www.securityfocus.com/bid/52000
http://www.securityfocus.com/bid/52001
http://www.securityfocus.com/bid/52002
http://www.securityfocus.com/bid/52003
http://www.securityfocus.com/bid/52004
http://www.securityfocus.com/bid/52005
http://www.securityfocus.com/bid/52006
http://www.securityfocus.com/bid/52007


(4) HIGH: Horde Groupware Webmail Edition Unauthenticated PHP Execution

Affected:
Unauthorized Modified Horde 3.3.12 downloaded between 15 Nov and 7 Feb
Unauthorized Modified Horde Groupware 1.2.10 downloaded between 9 Nov and 7 Feb
Unauthorized Modified Horde Groupware Webmail Edition 1.2.10 downloaded between 2 Nov and 7 Feb
Description: Horde Groupware has notified its users that its FTP server
was compromised and its files manipulated. Attackers replaced Horde and
Horde Groupware with malicious software that included a backdoor
allowing unauthenticated PHP execution. The Horde Groupware
collaboration suite is web-based, and an attacker could exploit this
vulnerability by sending a malicious request to a server. A successful
attack would result in arbitrary code execution.
Status: vendor confirmed, updates available
References:
Vendor Site
http://www.horde.org
Horde Mailing List
http://lists.horde.org/archives/announce/2012/000751.html
SecurityFocus BugTraq IDs
http://www.securityfocus.com/bid/51989


(5) MEDIUM: Google Chrome Multiple Security Vulnerabilities

Affected:
Google Chrome prior to 17.0.963.46
Description: Google has released patches addressing multiple security
vulnerabilities in its Chrome web browser. Nine of the vulnerabilities
are rated HIGH or CRITICAL, and they include an unspecified crash; a
use-after-free in garbage collection when handling PDFs; bad casts; a
buffer overflow in locale handling; an unspecified race condition; and
use-after-free vulnerabilities in the handling of stylesheets, CSS, SVG
(scalar vector graphics) and mousemove events. By enticing a target to
view a malicious page, an attacker can exploit these vulnerabilities in
order to execute arbitrary code on the target’s machine.
Status: vendor confirmed, updates available
References:
Vendor Site
http://www.google.com
Google Chrome Stable Channel Updates
http://googlechromereleases.blogspot.com/2012/02/stable-channel-update.html
SecurityFocus BugTraq IDs
http://www.securityfocus.com/bid/51911


Part II – Comprehensive List of Newly Discovered Vulnerabilities from

Qualys (www.qualys.com)
This list is compiled by Qualys (www.qualys.com) as part of that
company’s ongoing effort to ensure its vulnerability management web
service tests for all known vulnerabilities that can be scanned. As of
this week Qualys scans for 13245 unique vulnerabilities. For this
special SANS community listing, Qualys also includes vulnerabilities
that cannot be scanned remotely.


12.7.1 CVE: CVE-2012-0149,CVE-2012-0148

Platform: Windows
Title: Microsoft Windows Ancillary Function Driver Multiple Local
Privilege Escalation Vulnerabilities
Description: Ancillary Function Driver (afd.sys) manages the Winsock
TCP/IP communications protocol. Microsoft Windows is exposed to
multiple local privilege escalation issues that affect the Ancillary
Function Driver component. Specifically, this issue occurs because the
“afd.sys” driver improperly validates the input data received from the
user mode. All supported editions of Windows XP (except x86-based),
Windows Server 2003, Windows Vista (except x86-based), Windows Server
2008 (except x86-based), Windows 7 (except x86-based) and Windows
Server 2008 R2 are vulnerable.
Ref: http://technet.microsoft.com/en-us/security/bulletin/ms12-009


12.7.2 CVE: CVE-2012-0150

Platform: Windows
Title: Microsoft Windows “Msvcrt.dll” Remote Buffer Overflow
Description: Microsoft Windows is exposed to a remote buffer overflow
issue because it fails to properly bounds check user-supplied input.
Specifically, the issue affects the windows library “Msvcrt.dll” when
handling a specially crafted media file. All supported editions of
Windows Vista, Windows Server 2008, Windows 7 and Windows Server 2008
R2 are vulnerable.
Ref: http://technet.microsoft.com/en-us/security/bulletin/ms12-013


12.7.3 CVE: CVE-2012-0154,CVE-2011-5046

Platform: Windows
Title: Microsoft Windows Kernel “Win32k.sys” Multiple Remote Code
Execution Vulnerabilities
Description: The “Win32k.sys” kernel-mode device driver provides
various functions such as the window manager, collection of user
input, screen output and Graphics Device Interface (GDI). It also
serves as a wrapper for DirectX support. Microsoft Windows is exposed
to multiple remote code execution issues. See reference for detailed
information. All supported releases of Microsoft Windows are affected.
Ref: http://technet.microsoft.com/en-us/security/bulletin/ms12-008


12.7.4 CVE: CVE-2012-0019,CVE-2012-0020,CVE-2012-0136,CVE-2012-0137,CVE-2012-0138

Platform: Other Microsoft Products
Title: Microsoft Visio Viewer Multiple Remote Code Execution
Vulnerabilities
Description: Microsoft Visio Viewer is an application that allows
users to view Microsoft Visio files. The application is exposed to a
remote code execution issue. The problem occurs because the
application fails to properly handle memory when parsing specially
crafted Visio files. All supported editions of Microsoft Visio Viewer
2010 are vulnerable.
Ref: http://technet.microsoft.com/en-us/security/bulletin/ms12-015


12.7.5 CVE: CVE-2012-0010,CVE-2012-0011,CVE-2012-0012,CVE-2012-0155

Platform: Other Microsoft Products
Title: Microsoft Internet Explorer Multiple Vulnerabilities
Description: Microsoft Internet Explorer is a web browser available
for Microsoft Windows. The application is exposed to multiple security
issues. See reference for detailed information. Internet Explorer 7,
Internet Explorer 8 and Internet Explorer 9 on Windows clients,
Internet Explorer 7, Internet Explorer 8 and Internet Explorer 9 on
Windows servers, Internet Explorer 6 on all supported editions of
Windows XP are affected.
Ref: http://technet.microsoft.com/en-us/security/bulletin/ms12-010


12.7.6 CVE: CVE-2012-0014,CVE-2012-0015

Platform: Other Microsoft Products
Title: Microsoft Silverlight & .NET Framework Multiple Remote Code
Execution Vulnerabilities
Description: The Microsoft .NET Framework is a software framework for
applications designed to run under Microsoft Windows. Microsoft
Silverlight is a web application framework that provides support for
.NET applications. The applications are exposed to multiple remote code
execution issues. See reference for detailed information.
Microsoft .NET Framework 2.0 Service Pack 2, Microsoft
.NET Framework 3.5.1 and Microsoft .NET Framework 4 on all supported
editions of Microsoft Windows and Microsoft Silverlight 4 are affected.
Ref: http://technet.microsoft.com/en-us/security/bulletin/ms12-016


12.7.7 CVE: CVE-2012-0145,CVE-2012-0144,CVE-2012-0017

Platform: Other Microsoft Products
Title: Microsoft SharePoint Multiple Cross-Site Scripting
Vulnerabilities
Description: Microsoft SharePoint is an integrated server application
providing content management and search capabilities. The application
is exposed to multiple cross-site scripting issues. See reference for
detailed information. Microsoft Office SharePoint Server 2010 and
Microsoft SharePoint Foundation 2010 are vulnerable.
Ref: http://technet.microsoft.com/en-us/security/bulletin/ms12-011


12.7.8 CVE: CVE-2012-0291

Platform: Third Party Windows Apps
Title: Symantec pcAnywhere Client/Server Input Handling Denial of
Service
Description: pcAnywhere is a remote administration application for
Microsoft Windows. The application is exposed to a denial of service
issue. The problem occurs when the client or server handles certain
unexpected input. This can cause the application to become unstable
and crash, effectively denying service. Symantec pcAnywhere versions
12.0.x, 12.1.x, 12.5.x, 12.6.x, 11.x and 10.x are affected.
Ref:
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120124_00
http://www.securityfocus.com/bid/51965/references


12.7.9 CVE: CVE-2012-0315

Platform: Third Party Windows Apps
Title: ALFTP Insecure Executable File Loading Arbitrary Code Execution
Description: ALFTP is a FTP client and server application available
for Microsoft Windows. The application is exposed to an issue that
lets attackers execute arbitrary code. The issue arises because the
the application loads an executable (“readme.exe”) file in an insecure
manner. ALFTP version 5.30.0.1 and prior are vulnerable.
Ref: http://www.securityfocus.com/bid/51984/references
http://jvn.jp/en/jp/JVN85695061/index.html


12.7.10 CVE: CVE-2012-0209

Platform: Linux
Title: Horde Groupware Source Packages Backdoor Vulnerability
Description: Horde Groupware is a web-based collaboration suite
implemented in PHP. The application is exposed to a backdoor issue.
This issue occurs because the Horde Groupware source code repository
was compromised and replaced with source code packages that contain a
backdoor. Horde Groupware versions 1.2.10 between November 2, 2011 and
February 7, 2012 are vulnerable.
Ref: http://www.securityfocus.com/bid/51989/references
http://lists.horde.org/archives/announce/2012/000751.html


12.7.11 CVE: CVE-2012-0844

Platform: Unix
Title: NetSurf “netsurf/Cookies” Local Information Disclosure
Description: NetSurf is a web browser for RISC and UNIX-like operating
systems. The application is exposed to an information disclosure issue
because it provides local users read access to cookies stored in the
“/netsurf/Cookies” file. NetSurf 2.8 is vulnerable and other versions
may also be affected.
Ref: http://www.securityfocus.com/bid/51981/references


12.7.12 CVE: CVE-2012-0804

Platform: Cross Platform
Title: CVS “proxy_connect()” Heap Buffer Overflow
Description: CVS is a version control system designed for software
projects. The application is exposed to a heap-based buffer overflow
issue because it fails to perform adequate boundary checks on
user-supplied input before copying it to an insufficiently sized
buffer. Specifically, this issue occurs due to an error in the
“proxy_connect()” function of the “src/client.c” source file. CVS
versions 1.11.x are vulnerable.
Ref: http://www.securityfocus.com/bid/51943/references
https://bugzilla.redhat.com/show_bug.cgi?id=784141


12.7.13 CVE: CVE-2012-0248,CVE-2012-0247

Platform: Cross Platform
Title: ImageMagick Buffer Overflow and Denial of Service
Vulnerabilities
Description: ImageMagick is an image editing suite that includes a
library and command-line utilities supporting numerous image formats.
The application is exposed to multiple issues. 1) A buffer overflow
issue because it fails to perform adequate checks on user-supplied
input. Specifically, this issue occurs when processing a specially
crafted image with incorrect offset and count in the ResolutionUnit
tag in EXIF IFD0. 2) A denial of service issue that occurs because of
an error when parsing an IFD with IOP tag offsets pointing to the
start of the IFD. Specifically, this issue can be exploited to cause
an infinite loop through a specially crafted image. ImageMagick
versions prior to 6.7.5-1 are vulnerable.
Ref:
http://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=20286
http://www.securityfocus.com/bid/51957/references


12.7.14 CVE: CVE-2012-0452

Platform: Cross Platform
Title: Mozilla Firefox/Thunderbird/SeaMonkey “ReadPrototypeBindings()”
Memory Corruption
Description: Firefox is a browser. SeaMonkey is a suite of
applications that includes a browser and an email client. Thunderbird
is an email client. The applications are exposed to a memory
corruption issue that may allow remote code execution. A
use-after-free condition occurs in the “ReadPrototypeBindings()”
function because it fails to clear XBL binding in a hash table.
Firefox and Firefox ESR versions prior to 10.0.1, Thunderbird and
Thunderbird ESR versions prior to 10.0.1 and SeaMonkey versions prior
to 2.7.1 are affected.
Ref: https://www.mozilla.org/security/announce/2012/mfsa2012-10.html


12.7.15 CVE: Not Available

Platform: Cross Platform
Title: Zero Install “Common Name” Field Security Bypass
Description: Zero Install is a decentralized cross-distribution
software installation system. The application is exposed to a security
issue that may allow attackers to conduct spoofing attacks. This issue
occurs because it fails to properly check the “Common Name” field
provided inside SSL server certificates. Versions prior to Zero
Install 1.6 are vulnerable.
Ref: http://sourceforge.net/mailarchive/message.php?msg_id=28823083
http://www.securityfocus.com/bid/51983/references


12.7.16 CVE: CVE-2012-0781

Platform: Cross Platform
Title: PHP “tidy_diagnose()” NULL Pointer Dereference Denial Of
Service
Description: PHP is an open-source scripting language used for web
development. The application is exposed to multiple denial of service
issues caused by a NULL-pointer dereference error. Specifically, these
issues occur because the application fails to properly check if a
“tidy_diagnose()” function operation returns a NULL value. PHP 5.3.8
is vulnerable and other versions may also be affected.
Ref: http://www.securityfocus.com/bid/51992/references
http://www.php.net/ChangeLog-5.php#5.3.9
https://bugzilla.redhat.com/show_bug.cgi?id=782951


12.7.17 CVE: CVE-2012-0845

Platform: Cross Platform
Title: Python SimpleXMLRPCServer Denial Of Service
Description: Python is a programming language available for multiple
platforms. The application is exposed to a denial of service issue.
This issue occurs in the “SimpleXMLRPCRequestHandler.do_POST()” method
of the SimpleXMLRPCServer module because it fails to properly handle
an EOF when processing POST requests. Python versions 2.7.2 and 3.2.2
are vulnerable and other versions may also be affected.
Ref: http://bugs.python.org/issue14001
http://www.securityfocus.com/bid/51996/references


12.7.18 CVE: CVE-2012-0757,CVE-2012-0758,CVE-2012-0759,CVE-2012-0760,CVE-2012-0761,CVE-2012-0762,CVE-2012-0763,CVE-2012-0764,CVE-2012-0766

Platform: Cross Platform
Title: Adobe Shockwave Player Multiple Vulnerabilities
Description: Adobe Shockwave Player is a multimedia player
application. The application is exposed to a remote memory corruption
issues. See reference for detailed information. Versions prior to
Adobe Shockwave Player 11.6.4.634 are vulnerable.
Ref: http://www.adobe.com/support/security/bulletins/apsb12-02.html


12.7.19 CVE: CVE-2012-0505,CVE-2012-0497,CVE-2012-0498,CVE-2012-0499,CVE-2012-0500,CVE-2012-0508,CVE-2012-0504,CVE-2011-3571,CVE-2012-0503,CVE-2012-0502,CVE-2011-3563,CVE-2011-5035,CVE-

2012-0501,CVE-2012-0506
Platform: Cross Platform
Title: Oracle Java SE Multiple Vulnerabilities
Description: Oracle Java SE is exposed to multiple security issues.
See reference for detailed information. Java SE version 7 Update 2 and
before, 6 Update 30 and before, 5.0 Update 33 and before, 1.4.2_35 and
before, JavaFX 2.0.2 and before, JavaFX 1.3.0 and before, JavaFX 1.2.2
and before are vulnerable.
Ref:
http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html


12.7.20 CVE: CVE-2012-0765

Platform: Web Application - Cross Site Scripting
Title: Adobe RoboHelp Cross-Site Scripting
Description: Adobe RoboHelp is a tool for creating application help
files in a number of formats. The application is exposed to a
cross-site scripting issue because the application fails to properly
sanitize user-supplied input. Adobe RoboHelp 8 and 9 are vulnerable.
Ref: http://www.adobe.com/support/security/bulletins/apsb12-04.html


12.7.21 CVE: Not Available

Platform: Web Application
Title: Mathopd Directory Traversal
Description: Mathopd is a web-based application. The application is
exposed to a directory traversal issue because it fails to
sufficiently sanitize user-supplied input to the “/var/www/“
directory. Versions prior to Mathopd 1.5p7 are vulnerable.
Ref: http://www.securityfocus.com/bid/51872/references
http://www.mathopd.org/security.html


12.7.22 CVE: CVE-2012-1037

Platform: Web Application
Title: GLPI “sub_type” Parameter Remote File Include
Description: GLPI is an information management application. The
application is exposed to a remote file include issue because it fails
to sufficiently sanitize user-supplied input submitted to the
“sub_type” parameter of the “front/popup.php” script. GLPI versions
between 0.78 and 0.80.61 are vulnerable.
Ref: http://www.securityfocus.com/bid/51958/references
http://seclists.org/fulldisclosure/2012/Feb/157


12.7.23 CVE: Not Available

Platform: Web Application
Title: AjaXplorer “doc_file” Parameter Local File Disclosure
Description: AjaXplorer is a remote file management application. The
application is exposed to a local file disclosure issue because it
fails to adequately validate user-supplied input to the “doc_file”
parameter of “index.php” script when “get_action” parameter is set to
“display_doc”. AjaXplorer 4.0.1 is vulnerable and other versions are
also affected.
Ref: http://www.securityfocus.com/bid/51960/references
http://ajaxplorer.info/ajaxplorer-4-0-2/


12.7.24 CVE: Not Available

Platform: Web Application
Title: MyBB Multiple Security Vulnerabilities
Description: MyBB (MyBulletinBoard) is a forum application implemented
in PHP. The application is exposed to multiple security issues,
including: 1) Multiple cross-site request forgery issues because the
application fails to properly validate HTTP requests, and 2) Multiple
cross-site scripting issues because the application fails to properly
sanitize user-supplied input. Versions prior to MyBB 1.6.6 are
vulnerable.
Ref: http://blog.mybb.com/2012/02/10/mybb-1-6-6-security-release/
http://www.securityfocus.com/bid/51962/references


12.7.25 CVE: Not Available

Platform: Web Application
Title: CubeCart Multiple URI Redirection Vulnerabilities
Description: CubeCart is a web-based e-commerce application. The
application is exposed to multiple URI redirection issues because the
application fails to properly sanitize user-supplied input submitted to
the “goto” and “r” parameters of the “switch.php” and “login.php”
scripts. CubeCart 3.0.20 is vulnerable and other versions may also be
affected.
Ref: http://www.securityfocus.com/bid/51966/references
http://www.securityfocus.com/archive/1/521587


12.7.26 CVE: CVE-2011-4403

Platform: Web Application
Title: Zen Cart “path_to_admin/product.php” Cross-Site Request Forgery
Description: Zen Cart is a web-based shopping cart. The application is
exposed to a cross-site request forgery issue. This issue occurs because
the application allows attackers to perform certain actions without
validating the request. Specifically, the issue affects the
“path_to_admin/product.php” script. Attackers may exploit this issue to
delete and disable products. Zen Cart 1.3.9h is vulnerable and other
versions may be affected.
Ref: http://www.securityfocus.com/bid/51968/references
http://seclists.org/fulldisclosure/2012/Feb/171


Email or call us at +1 800 745 4355 or try our Global Contacts
Subscription Packages
Qualys Solutions
Qualys Community
Company
Free Trial & Tools
Popular Topics