Weekly Vulnerabilities Reports > January 4 to 10, 2010

Overview

84 new vulnerabilities reported during this period, including 8 critical vulnerabilities and 24 high severity vulnerabilities. This weekly summary report vulnerabilities in 73 products from 60 vendors including Joomla, IBM, Zenphoto, Drupal, and SUN. Vulnerabilities are notably categorized as "Cross-site Scripting", "SQL Injection", "Permissions, Privileges, and Access Controls", "Improper Restriction of Operations within the Bounds of a Memory Buffer", and "Path Traversal".

  • 73 reported vulnerabilities are remotely exploitables.
  • 31 reported vulnerabilities have public exploit available.
  • 45 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 81 reported vulnerabilities are exploitable by an anonymous user.
  • Joomla has the most reported vulnerabilities, with 9 reported vulnerabilities.
  • IBM has the most reported critical vulnerabilities, with 4 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

8 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-01-09 CVE-2010-0276 IBM Security vulnerability in IBM Domino web Access, Lotus Domino and Lotus Inotes

IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.241 for Domino 8.0.2 FP3 does not properly handle navigation of the "Try Lotus iNotes anyway" link from the page that reports use of an unsupported browser, which has unspecified impact and attack vectors, aka SPR LSHR7TBMQU.

10.0
2010-01-09 CVE-2010-0275 IBM Security vulnerability in IBM Lotus Domino Web Access

Ultra-light Mode in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.241 for Domino 8.0.2 FP3 does not properly handle script commands in the status-alerts URL, which has unspecified impact and attack vectors, aka SPR LSHR7TBM58.

10.0
2010-01-09 CVE-2010-0274 IBM Security vulnerability in IBM Lotus Domino Web Access

Unspecified vulnerability in the Edit Contact scene in Ultra-light Mode in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.241 for Domino 8.0.2 FP3 has unknown impact and attack vectors, aka SPR LSHR7TBLY5.

10.0
2010-01-09 CVE-2009-4594 IBM Remote Security vulnerability in Lotus iNotes

Unspecified vulnerability in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.131 for Domino 8.0.x has unknown impact and attack vectors, aka SPR SDOY7RHBNH.

10.0
2010-01-08 CVE-2009-4009 Powerdns Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Powerdns Recursor

Buffer overflow in PowerDNS Recursor before 3.1.7.2 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via crafted packets.

10.0
2010-01-08 CVE-2009-3952 Adobe Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Illustrator

Buffer overflow in Adobe Illustrator CS3 13.0.3 and earlier and Illustrator CS4 14.0.0 allows attackers to execute arbitrary code via unspecified vectors.

10.0
2010-01-07 CVE-2009-4588 Awingsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Awingsoft Awakening Winds3D Player and Awakening Winds3D Viewer

Heap-based buffer overflow in the WindsPlayerIE.View.1 ActiveX control in WindsPly.ocx 3.5.0.0 Beta, 3.0.0.5, and earlier in AwingSoft Awakening Web3D Player and Winds3D Viewer allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a long SceneUrl property value, a different vulnerability than CVE-2009-2386.

9.3
2010-01-04 CVE-2009-4549 Cdmi Buffer Errors vulnerability in Cdmi A2 Media Player PRO 2.51

Stack-based buffer overflow in A2 Media Player Pro 2.51 allows remote attackers to execute arbitrary code via a long string in a (1) .m3u or (2) .m3l playlist file.

9.3

24 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-01-08 CVE-2009-4486 Novell Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Novell Imanager

Stack-based buffer overflow in the eDirectory plugin in Novell iManager before 2.7.3 allows remote attackers to execute arbitrary code via vectors that trigger long arguments to an unspecified sub-application, related to importing and exporting from a schema.

7.5
2010-01-08 CVE-2010-0273 SUN Unspecified vulnerability in SUN Java System web Server 7.0

Unspecified vulnerability in Sun Java System Web Server 7.0 Update 6 on Linux allows remote attackers to execute arbitrary code by sending a process memory address and crafted data to TCP port 80, as demonstrated by the vd_sjws2 module in VulnDisco.

7.5
2010-01-08 CVE-2010-0272 SUN Buffer Errors vulnerability in SUN Java System web Server 7.0

Heap-based buffer overflow in Sun Java System Web Server 7.0 Update 6 on Linux allows remote attackers to discover process memory locations via crafted data to TCP port 80, as demonstrated by the vd_sjws2 module in VulnDisco.

7.5
2010-01-08 CVE-2009-4010 Powerdns Remote Cache Poisoning vulnerability in PowerDNS Recursor

Unspecified vulnerability in PowerDNS Recursor before 3.1.7.2 allows remote attackers to spoof DNS data via crafted zones.

7.5
2010-01-07 CVE-2009-4592 Secureideas Remote Security vulnerability in Base

Unspecified vulnerability in base_local_rules.php in Basic Analysis and Security Engine (BASE) before 1.4.4 allows remote attackers to include arbitrary local files via unknown vectors.

7.5
2010-01-07 CVE-2009-4591 Secureideas SQL Injection vulnerability in Secureideas Base

SQL injection vulnerability in Basic Analysis and Security Engine (BASE) before 1.4.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2010-01-06 CVE-2010-0158 Joomlabamboo
Joomla
SQL Injection vulnerability in Joomlabamboo JB Simpla

** DISPUTED ** SQL injection vulnerability in the JoomlaBamboo (JB) Simpla Admin template for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an article action to the com_content component, reachable through index.php.

7.5
2010-01-06 CVE-2010-0157 Joomla
Joomlabiblestudy
Path Traversal vulnerability in Joomlabiblestudy COM Biblestudy 6.1

Directory traversal vulnerability in the Bible Study (com_biblestudy) component 6.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a ..

7.5
2010-01-06 CVE-2009-4584 Dbmasters Improper Authentication vulnerability in Dbmasters DB Masters Multimedia Links Directory 3.1.3

admin.php in dB Masters Multimedia Links Directory 3.1.3 allows remote attackers to bypass authentication and gain administrative access via a certain value of the admin_log cookie.

7.5
2010-01-06 CVE-2009-4583 Joomla SQL Injection vulnerability in Joomla COM Dhforum

SQL injection vulnerability in the DhForum (com_dhforum) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a grouplist action to index.php.

7.5
2010-01-06 CVE-2009-4582 Xoops SQL Injection vulnerability in Xoops Dictionary 2.0.18

SQL injection vulnerability in detail.php in the Dictionary module for XOOPS 2.0.18 allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2010-01-06 CVE-2009-4577 Maxdev SQL Injection vulnerability in Maxdev Mdforum 2.0.1

SQL injection vulnerability in the MDForum module 2.x through 2.07 for MAXdev MDPro allows remote attackers to execute arbitrary SQL commands via the c parameter to index.php.

7.5
2010-01-06 CVE-2009-4576 Joomla
Cmstactics
SQL Injection vulnerability in Cmstactics COM Beeheard

SQL injection vulnerability in the BeeHeard (com_beeheard) component 1.x for Joomla! allows remote attackers to execute arbitrary SQL commands via the category_id parameter in a suggestions action to index.php.

7.5
2010-01-06 CVE-2009-4574 I Escorts SQL Injection vulnerability in I-Escorts Directory Script

SQL injection vulnerability in country_escorts.php in I-Escorts Directory Script allows remote attackers to execute arbitrary SQL commands via the country_id parameter.

7.5
2010-01-05 CVE-2009-4571 Phpshop SQL Injection vulnerability in PHPshop 0.8.1

Multiple SQL injection vulnerabilities in index.php in PhpShop 0.8.1 allow remote attackers to execute arbitrary SQL commands via the (1) module_id parameter in an admin/function_list action, the (2) vendor_id parameter in a vendor/vendor_form action, the (3) module_id parameter in an admin/module_form action, the (4) user_id parameter in an admin/user_form action, the (5) vendor_category_id parameter in a vendor/vendor_category_form action, the (6) user_id parameter in a store/user_form action, the (7) payment_method_id parameter in a store/payment_method_form action, the (8) tax_rate_id parameter in a tax/tax_form action, or the (9) category parameter in a shop/browse action.

7.5
2010-01-05 CVE-2009-4569 Elkagroup SQL Injection vulnerability in Elkagroup Image Gallery

SQL injection vulnerability in elkagroup Image Gallery allows remote attackers to execute arbitrary SQL commands via the id parameter to the default URI under news/.

7.5
2010-01-04 CVE-2009-4566 Zenphoto SQL Injection vulnerability in Zenphoto 1.2.5

SQL injection vulnerability in index.php in Zenphoto 1.2.5 allows remote attackers to execute arbitrary SQL commands via the title parameter in a news action.

7.5
2010-01-04 CVE-2009-4565 Sendmail Cryptographic Issues vulnerability in Sendmail

sendmail before 8.14.4 does not properly handle a '\0' character in a Common Name (CN) field of an X.509 certificate, which (1) allows man-in-the-middle attackers to spoof arbitrary SSL-based SMTP servers via a crafted server certificate issued by a legitimate Certification Authority, and (2) allows remote attackers to bypass intended access restrictions via a crafted client certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.

7.5
2010-01-04 CVE-2009-4560 Worms League SQL Injection vulnerability in Worms-League Webleague 2.2.0

SQL injection vulnerability in profile.php in WebLeague 2.2.0 allows remote attackers to execute arbitrary SQL commands via the name parameter.

7.5
2010-01-04 CVE-2009-4551 Intesync SQL Injection vulnerability in Intesync Miniweb 2.0

SQL injection vulnerability in the Survey Pro module for Miniweb 2.0 allows remote attackers to execute arbitrary SQL commands via the campaign_id parameter in a results action to index.php.

7.5
2010-01-04 CVE-2009-4550 Joomla
Kunena
SQL Injection vulnerability in Kunena Forum 1.5.3/1.5.4

SQL injection vulnerability in the Kunena Forum (com_kunena) component 1.5.3 and 1.5.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the func parameter to index.php.

7.5
2010-01-04 CVE-2009-4546 Logoshows Improper Input Validation vulnerability in Logoshows BBS 2.0

globepersonnel_login.asp in Logoshows BBS 2.0 allows remote attackers to bypass authentication and gain administrative access by setting the (1) pb_username (aka pb%5Fusername) and (2) level cookies.

7.5
2010-01-04 CVE-2009-4541 Isolsoft Code Injection vulnerability in Isolsoft Support Center 2.5

Multiple PHP remote file inclusion vulnerabilities in IsolSoft Support Center 2.5 allow remote attackers to execute arbitrary PHP code via a URL in the lang parameter to (1) newticket.php or (2) rempass.php, or a URL in the lang parameter in an adduser action to (3) index.php.

7.5
2010-01-04 CVE-2009-4556 Quickheal Permissions, Privileges, and Access Controls vulnerability in Quickheal Antivirus Plus 2009 and Total Security 2009

Quick Heal AntiVirus Plus 2009 10.00 SP1 and Quick Heal Total Security 2009 10.00 SP1 use weak permissions (Everyone: Full Control) for the product files, which allows local users to gain privileges by replacing executables with Trojan horse programs, as demonstrated by replacing quhlpsvc.exe.

7.2

47 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-01-08 CVE-2010-0012 Transmissionbt Path Traversal vulnerability in Transmissionbt Transmission

Directory traversal vulnerability in libtransmission/metainfo.c in Transmission 1.22, 1.34, 1.75, and 1.76 allows remote attackers to overwrite arbitrary files via a ..

6.8
2010-01-06 CVE-2009-4581 Roseonlinecms Path Traversal vulnerability in Roseonlinecms

Directory traversal vulnerability in modules/admincp.php in RoseOnlineCMS 3 B1 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the admin parameter.

6.8
2010-01-05 CVE-2009-4572 Phpshop Cross-Site Request Forgery (CSRF) vulnerability in PHPshop 0.8.1

Cross-site request forgery (CSRF) vulnerability in PhpShop 0.8.1 allows remote attackers to hijack the authentication of arbitrary users for requests that invoke the cartAdd function in a shop/cart action to the default URI.

6.8
2010-01-04 CVE-2009-4564 Zenphoto SQL Injection vulnerability in Zenphoto 1.2.5

SQL injection vulnerability in index.php in Zenphoto 1.2.5, when the ZenPage plugin is enabled, allows remote attackers to execute arbitrary SQL commands via the category parameter, related to a URI under news/category/.

6.8
2010-01-04 CVE-2009-4561 Worms League SQL Injection vulnerability in Worms-League Webleague 2.2.0

Multiple SQL injection vulnerabilities in Admin/index.php in WebLeague 2.2.0, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.

6.8
2010-01-04 CVE-2009-4555 K Factor Cross-Site Request Forgery (CSRF) vulnerability in K-Factor Agoracart 5.2.005/5.2.006

Multiple cross-site request forgery (CSRF) vulnerabilities in AgoraCart 5.2.005 and 5.2.006 and AgoraCart GOLD 5.5.005 allow remote attackers to hijack the authentication of administrators for requests that (1) modify a .htaccess file via an unspecified request to protected/manager.cgi or (2) change the password of an administrative account.

6.8
2010-01-04 CVE-2009-4543 Cromosoft Code Injection vulnerability in Cromosoft Facil Helpdesk 2.3

PHP remote file inclusion vulnerability in index.php in Cromosoft Technologies Facil Helpdesk 2.3 Lite allows remote attackers to execute arbitrary PHP code via a URL in the lng parameter.

6.8
2010-01-04 CVE-2009-4540 Bpowerhouse SQL Injection vulnerability in Bpowerhouse Mini CMS 1.0.1

SQL injection vulnerability in page.php in Mini CMS 1.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.

6.8
2010-01-09 CVE-2010-0277 Adium
Pidgin
Resource Management Errors vulnerability in multiple products

slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.6.6, including 2.6.4, and Adium 1.3.8 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a malformed MSNSLP INVITE request in an SLP message, a different issue than CVE-2010-0013.

5.0
2010-01-09 CVE-2010-0013 Adium
Pidgin
Path Traversal vulnerability in multiple products

Directory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers to read arbitrary files via a ..

5.0
2010-01-07 CVE-2010-0220 Mozilla Resource Management Errors vulnerability in Mozilla Firefox

The nsObserverList::FillObserverArray function in xpcom/ds/nsObserverList.cpp in Mozilla Firefox before 3.5.7 allows remote attackers to cause a denial of service (application crash) via a crafted web site that triggers memory consumption and an accompanying Low Memory alert dialog, and also triggers attempted removal of an observer from an empty observers array.

5.0
2010-01-07 CVE-2009-4593 Jesse Smith Remote Denial of Service vulnerability in Bftpd

The bftpdutmp_log function in bftpdutmp.c in Bftpd before 2.4 does not place a '\0' character at the end of the string value of the ut.bu_host structure member, which might allow remote attackers to cause a denial of service (daemon crash) via unspecified vectors.

5.0
2010-01-07 CVE-2009-4587 Cherokee Denial-Of-Service vulnerability in Cherokee 0.5.4

Cherokee Web Server 0.5.4 allows remote attackers to cause a denial of service (daemon crash) via an MS-DOS reserved word in a URI, as demonstrated by the AUX reserved word.

5.0
2010-01-06 CVE-2009-4585 Aspindir Permissions, Privileges, and Access Controls vulnerability in Aspindir Uranyumsoft Listing Service

UranyumSoft Listing Service stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for database/db.mdb.

5.0
2010-01-05 CVE-2009-3734 S2Sys Unspecified vulnerability in S2Sys Linear Emerge Access Control System 2.5

Unspecified vulnerability in the management console in the S2 Security Linear eMerge Access Control System 2.5.x allows remote attackers to cause a denial of service (configuration reset) via a request to a crafted URI.

5.0
2010-01-04 CVE-2009-4558 Unleashedmind
Drupal
Permissions, Privileges, and Access Controls vulnerability in Unleashedmind IMG Assist

The Image Assist module 5.x-1.x before 5.x-1.8, 5.x-2.x before 2.0-alpha4, 6.x-1.x before 6.x-1.1, 6.x-2.x before 2.0-alpha4, and 6.x-3.x-dev before 2009-07-15, a module for Drupal, does not properly enforce privilege requirements for unspecified pages, which allows remote attackers to read the (1) title or (2) body of an arbitrary node via unknown vectors.

5.0
2010-01-04 CVE-2009-4553 Rjvmedia Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Rjvmedia Irehearse

Stack-based buffer overflow in iRehearse allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long string in a .m3u playlist file.

5.0
2010-01-04 CVE-2009-4545 Logoshows Permissions, Privileges, and Access Controls vulnerability in Logoshows BBS 2.0

Logoshows BBS 2.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for database/globepersonnel.mdb.

5.0
2010-01-08 CVE-2010-0271 SUN Permissions, Privileges, and Access Controls vulnerability in SUN Opensolaris

hald in Sun OpenSolaris snv_51 through snv_130 does not have the proc_audit privilege during unspecified attempts to write to the auditing log, which makes it easier for physically proximate attackers to avoid detection of changes to the set of connected hardware devices supporting the Hardware Abstraction Layer (HAL) specification.

4.6
2010-01-07 CVE-2010-0229 Verbatim Credentials Management vulnerability in Verbatim Corporate Secure

Verbatim Corporate Secure and Corporate Secure FIPS Edition USB flash drives do not prevent password replay attacks, which allows physically proximate attackers to access the cleartext drive contents by providing a key that was captured in a USB data stream at an earlier time.

4.6
2010-01-07 CVE-2010-0228 Verbatim Cryptographic Issues vulnerability in Verbatim Corporate Secure

Verbatim Corporate Secure and Corporate Secure FIPS Edition USB flash drives use a fixed 256-bit key for obtaining access to the cleartext drive contents, which makes it easier for physically proximate attackers to read or modify data by determining and providing this key.

4.6
2010-01-07 CVE-2010-0227 Verbatim Credentials Management vulnerability in Verbatim Corporate Secure

Verbatim Corporate Secure and Corporate Secure FIPS Edition USB flash drives validate passwords with a program running on the host computer rather than the device hardware, which allows physically proximate attackers to access the cleartext drive contents via a modified program.

4.6
2010-01-07 CVE-2010-0226 Sandisk Credentials Management vulnerability in Sandisk Cruzer Enterprise USB

SanDisk Cruzer Enterprise USB flash drives do not prevent password replay attacks, which allows physically proximate attackers to access the cleartext drive contents by providing a key that was captured in a USB data stream at an earlier time.

4.6
2010-01-07 CVE-2010-0225 Scandisk Cryptographic Issues vulnerability in Scandisk Cruzer Enterprise USB

SanDisk Cruzer Enterprise USB flash drives use a fixed 256-bit key for obtaining access to the cleartext drive contents, which makes it easier for physically proximate attackers to read or modify data by determining and providing this key.

4.6
2010-01-07 CVE-2010-0224 Sandisk Credentials Management vulnerability in Sandisk Cruzer Enterprise USB

SanDisk Cruzer Enterprise USB flash drives validate passwords with a program running on the host computer rather than the device hardware, which allows physically proximate attackers to access the cleartext drive contents via a modified program.

4.6
2010-01-07 CVE-2010-0222 Kingston Cryptographic Issues vulnerability in Kingston products

Kingston DataTraveler BlackBox (DTBB), DataTraveler Secure Privacy Edition (DTSP), and DataTraveler Elite Privacy Edition (DTEP) USB flash drives use a fixed 256-bit key for obtaining access to the cleartext drive contents, which makes it easier for physically proximate attackers to read or modify data by determining and providing this key.

4.6
2010-01-07 CVE-2009-3742 Liferay Cross-Site Scripting vulnerability in Liferay Portal

Cross-site scripting (XSS) vulnerability in Liferay Portal before 5.3.0 allows remote attackers to inject arbitrary web script or HTML via the p_p_id parameter.

4.3
2010-01-07 CVE-2009-4497 Malcom BOX Cross-Site Scripting vulnerability in Malcom BOX LXR Cross Referencer 0.9.5/0.9.6

Cross-site scripting (XSS) vulnerability in LXR Cross Referencer 0.9.5 and 0.9.6 allows remote attackers to inject arbitrary web script or HTML via the i parameter to the ident program.

4.3
2010-01-07 CVE-2009-4590 Secureideas Cross-Site Scripting vulnerability in Secureideas Base

Cross-site scripting (XSS) vulnerability in base_local_rules.php in Basic Analysis and Security Engine (BASE) before 1.4.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2010-01-07 CVE-2009-4589 Mediawiki Cross-Site Scripting vulnerability in Mediawiki Mediawik and Mediawiki

Cross-site scripting (XSS) vulnerability in the Special:Block implementation in the getContribsLink function in SpecialBlockip.php in MediaWiki 1.14.0 and 1.15.0 allows remote attackers to inject arbitrary web script or HTML via the ip parameter.

4.3
2010-01-07 CVE-2009-4586 Wowd Cross-Site Scripting vulnerability in Wowd 1.2

Multiple cross-site scripting (XSS) vulnerabilities in index.html in Wowd client before 1.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) sortby, (2) tags, or (3) ctx parameter in a search action.

4.3
2010-01-06 CVE-2009-4580 Hastablog Cross-Site Scripting vulnerability in Hastablog Hasta Blog 2.3

Multiple cross-site scripting (XSS) vulnerabilities in Hasta Blog 2.3 allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) yorumyaz.php and (2) blog.php.

4.3
2010-01-06 CVE-2009-4579 Joomla
Mambo Foundation
Cross-Site Scripting vulnerability in Joomla COM Artistavenue

Cross-site scripting (XSS) vulnerability in the Artist avenue (com_artistavenue) component for Joomla! and Mambo allows remote attackers to inject arbitrary web script or HTML via the Itemid parameter to index.php.

4.3
2010-01-06 CVE-2009-4578 Joomla
Mambo Foundation
Facileforms
Cross-Site Scripting vulnerability in Facileforms

Cross-site scripting (XSS) vulnerability in the Facileforms (com_facileforms) component for Joomla! and Mambo allows remote attackers to inject arbitrary web script or HTML via the Itemid parameter to index.php.

4.3
2010-01-06 CVE-2009-4575 Joomla
Qproje
Cross-Site Scripting vulnerability in Qproje COM Qpersonel 1.2

Cross-site scripting (XSS) vulnerability in the Q-Personel (com_qpersonel) component 1.0.2 RC2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the personel_sira parameter in a sirala action to index.php.

4.3
2010-01-06 CVE-2009-4573 Joomlabear
Joomla
Cross-Site Scripting vulnerability in Joomlabear MOD Joomulus 2.0

Multiple cross-site scripting (XSS) vulnerabilities in the Joomulus (mod_joomulus) module 2.0 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the tagcloud parameter in a tags action to (1) tagcloud_ell.swf, (2) tagcloud_eng.swf, (3) tagcloud_por.swf, (4) tagcloud_rus.swf, and possibly (5) tagcloud_jpn.swf.

4.3
2010-01-05 CVE-2009-4570 Phpshop Cross-Site Scripting vulnerability in PHPshop 0.8.1

Cross-site scripting (XSS) vulnerability in PhpShop 0.8.1 allows remote attackers to inject arbitrary web script or HTML via the order_id parameter in an order/order_print action to the default URI.

4.3
2010-01-05 CVE-2009-4568 Webmin Cross-Site Scripting vulnerability in Webmin Usermin and Webmin

Cross-site scripting (XSS) vulnerability in Webmin before 1.500 and Usermin before 1.430 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2010-01-04 CVE-2009-4563 Zenphoto Cross-Site Scripting vulnerability in Zenphoto 1.2.5

Cross-site request forgery (CSRF) vulnerability in zp-core/admin-options.php in Zenphoto 1.2.5 allows remote attackers to hijack the authentication of administrators for requests that change the administrative password via the 0-adminpass and 0-adminpass_2 parameters in a saveoptions action.

4.3
2010-01-04 CVE-2009-4562 Zenphoto Cross-Site Scripting vulnerability in Zenphoto 1.2.5

Cross-site scripting (XSS) vulnerability in zp-core/admin.php in Zenphoto 1.2.5 allows remote attackers to inject arbitrary web script or HTML via the from parameter.

4.3
2010-01-04 CVE-2009-4554 Snitz Communications Cross-Site Scripting vulnerability in Snitz Communications Snitz Forums 2000 3.4.07

Multiple cross-site scripting (XSS) vulnerabilities in Snitz Forums 2000 3.4.07 allow remote attackers to inject arbitrary web script or HTML via (1) the url parameter to pop_send_to_friend.asp, related to a crafted onload attribute of an IMG element; or (2) an onload attribute in a sound tag.

4.3
2010-01-04 CVE-2009-4552 Intesync Cross-Site Scripting vulnerability in Intesync Miniweb 2.0

Cross-site scripting (XSS) vulnerability in the Survey Pro module for Miniweb 2.0 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php.

4.3
2010-01-04 CVE-2009-4548 Viart Cross-Site Scripting vulnerability in Viart Helpdesk 3.3.2/3.4.7

Multiple cross-site scripting (XSS) vulnerabilities in ViArt Helpdesk 3.x allow remote attackers to inject arbitrary web script or HTML via the category_id parameter to (1) products.php, (2) article.php, (3) product_details.php, or (4) reviews.php; the (5) forum_id parameter to forum.php; or the (6) search_category_id parameter to products_search.php.

4.3
2010-01-04 CVE-2009-4547 Viart Cross-Site Scripting vulnerability in Viart CMS 3.3.2

Multiple cross-site scripting (XSS) vulnerabilities in ViArt CMS 3.x allow remote attackers to inject arbitrary web script or HTML via the (1) category_id parameter to forums.php, or the forum_id parameter to (2) forum.php or (3) forum_topic_new.php.

4.3
2010-01-04 CVE-2009-4544 Cromosoft Cross-Site Scripting vulnerability in Cromosoft Facil Helpdesk 2.3

Cross-site scripting (XSS) vulnerability in kbase/kbase.php in Cromosoft Technologies Facil Helpdesk 2.3 Lite allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.

4.3
2010-01-04 CVE-2009-4542 Isolsoft Cross-Site Scripting vulnerability in Isolsoft Support Center 2.5

Cross-site scripting (XSS) vulnerability in newticket.php in IsolSoft Support Center 2.5 allows remote attackers to inject arbitrary web script or HTML via the lang parameter.

4.3
2010-01-04 CVE-2009-4539 Sqlitemanager Cross-Site Scripting vulnerability in Sqlitemanager 1.2.0

Cross-site scripting (XSS) vulnerability in main.php in SQLiteManager 1.2.0 allows remote attackers to inject arbitrary web script or HTML via the redirect parameter.

4.3

5 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-01-05 CVE-2009-4567 Viscacha Cross-Site Scripting vulnerability in Viscacha 0.8

Multiple cross-site scripting (XSS) vulnerabilities in editprofile.php in Viscacha 0.8 Gold allow remote authenticated users to inject arbitrary web script or HTML via the (1) skype, (2) yahoo, (3) aol, (4) msn, or (5) jabber parameter in a profile2 action.

3.5
2010-01-04 CVE-2009-4559 Nanwich
Drupal
Cross-Site Scripting vulnerability in Nanwich Submitted BY

Cross-site scripting (XSS) vulnerability in the Submitted By module 6.x before 6.x-1.3 for Drupal allows remote authenticated users, with "administer content types" privileges, to inject arbitrary web script or HTML via an input string for "submitted by" text.

3.5
2010-01-07 CVE-2010-0223 Kingston Permissions, Privileges, and Access Controls vulnerability in Kingston products

Kingston DataTraveler BlackBox (DTBB), DataTraveler Secure Privacy Edition (DTSP), and DataTraveler Elite Privacy Edition (DTEP) USB flash drives do not prevent password replay attacks, which allows physically proximate attackers to access the cleartext drive contents by providing a key that was captured in a USB data stream at an earlier time.

2.1
2010-01-07 CVE-2010-0221 Kingston Permissions, Privileges, and Access Controls vulnerability in Kingston products

Kingston DataTraveler BlackBox (DTBB), DataTraveler Secure Privacy Edition (DTSP), and DataTraveler Elite Privacy Edition (DTEP) USB flash drives validate passwords with a program running on the host computer rather than the device hardware, which allows physically proximate attackers to access the cleartext drive contents via a modified program.

2.1
2010-01-04 CVE-2009-4557 Unleashedmind
Drupal
Cross-Site Scripting vulnerability in Unleashedmind IMG Assist

Cross-site scripting (XSS) vulnerability in the Image Assist module 5.x-1.x before 5.x-1.8, 5.x-2.x before 2.0-alpha4, 6.x-1.x before 6.x-1.1, 6.x-2.x before 2.0-alpha4, and 6.x-3.x-dev before 2009-07-15, a module for Drupal, allows remote authenticated users, with image-node creation privileges, to inject arbitrary web script or HTML via a node title.

2.1