Weekly Vulnerabilities Reports > January 18 to 24, 2010
Overview
55 new vulnerabilities reported during this period, including 18 critical vulnerabilities and 23 high severity vulnerabilities. This weekly summary report vulnerabilities in 47 products from 37 vendors including Joomla, Adobe, Microsoft, Phpmyadmin, and JCE Tech. Vulnerabilities are notably categorized as "SQL Injection", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Cross-site Scripting", "Code Injection", and "Permissions, Privileges, and Access Controls".
- 55 reported vulnerabilities are remotely exploitables.
- 21 reported vulnerabilities have public exploit available.
- 25 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 54 reported vulnerabilities are exploitable by an anonymous user.
- Joomla has the most reported vulnerabilities, with 7 reported vulnerabilities.
- Microsoft has the most reported critical vulnerabilities, with 3 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
18 Critical Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2010-01-21 | CVE-2010-0138 | Cisco Microsoft | Buffer Errors vulnerability in Cisco Ciscoworks Internetwork Performance Monitor 2.4/2.5 Buffer overflow in Cisco CiscoWorks Internetwork Performance Monitor (IPM) 2.6 and earlier on Windows, as distributed in CiscoWorks LAN Management Solution (LMS), allows remote attackers to execute arbitrary code via a malformed getProcessName CORBA General Inter-ORB Protocol (GIOP) request, related to a "third-party component," aka Bug ID CSCsv62350. | 10.0 |
| 2010-01-20 | CVE-2009-4000 | HP | Path Traversal vulnerability in HP Power Manager Directory traversal vulnerability in goform/formExportDataLogs in HP Power Manager before 4.2.10 allows remote attackers to overwrite arbitrary files, and execute arbitrary code, via directory traversal sequences in the fileName parameter. | 10.0 |
| 2010-01-20 | CVE-2009-3999 | HP | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in HP Power Manager 4.2.5/4.2.6 Stack-based buffer overflow in goform/formExportDataLogs in HP Power Manager before 4.2.10 allows remote attackers to execute arbitrary code via a long fileName parameter. | 10.0 |
| 2010-01-20 | CVE-2010-0361 | SUN | Buffer Errors vulnerability in SUN Java System web Server 7.0 Stack-based buffer overflow in the WebDAV implementation in webservd in Sun Java System Web Server (aka SJWS) 7.0 Update 7 allows remote attackers to cause a denial of service (daemon crash) and possibly have unspecified other impact via a long URI in an HTTP OPTIONS request. | 10.0 |
| 2010-01-20 | CVE-2010-0360 | SUN | Improper Input Validation vulnerability in SUN Java System web Server 7.0 Sun Java System Web Server (aka SJWS) 7.0 Update 7 allows remote attackers to overwrite memory locations in the heap, and discover the contents of memory locations, via a malformed HTTP TRACE request that includes a long URI and many empty headers, related to an "overflow." NOTE: this might overlap CVE-2010-0272 and CVE-2010-0273. | 10.0 |
| 2010-01-20 | CVE-2010-0359 | Zeus | Buffer Errors vulnerability in Zeus web Server 4.3R5 Buffer overflow in the SSLv2 support in Zeus Web Server before 4.3r5 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long string in an invalid Client Hello message. | 10.0 |
| 2010-01-20 | CVE-2010-0358 | IBM | Buffer Errors vulnerability in IBM Lotus Domino 7.0/8.5.0.1 Heap-based buffer overflow in the server in IBM Lotus Domino 7 and 8.5 FP1 allows remote attackers to cause a denial of service (daemon exit) and possibly have unspecified other impact via a long string in a crafted LDAP message to a TCP port, a different vulnerability than CVE-2009-3087. | 10.0 |
| 2010-01-19 | CVE-2009-4012 | Linux Thai | Numeric Errors vulnerability in Linux.Thai Libthai Multiple integer overflows in LibThai before 0.1.13 might allow context-dependent attackers to execute arbitrary code via long strings that trigger heap-based buffer overflows, related to (1) thbrk/thbrk.c and (2) thwbrk/thwbrk.c. | 10.0 |
| 2010-01-19 | CVE-2009-3739 | Rockwellautomation | Unspecified vulnerability in Rockwellautomation products Multiple unspecified vulnerabilities on the Rockwell Automation AB Micrologix 1100 and 1400 controllers allow remote attackers to obtain privileged access or cause a denial of service (halt) via unknown vectors. | 10.0 |
| 2010-01-19 | CVE-2008-7252 | Phpmyadmin | Cryptographic Issues vulnerability in PHPmyadmin libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 uses predictable filenames for temporary files, which has unknown impact and attack vectors. | 10.0 |
| 2010-01-19 | CVE-2008-7251 | Phpmyadmin | Permissions, Privileges, and Access Controls vulnerability in PHPmyadmin libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 creates a temporary directory with 0777 permissions, which has unknown impact and attack vectors. | 10.0 |
| 2010-01-22 | CVE-2010-0247 | Microsoft | Code Injection vulnerability in Microsoft Internet Explorer Microsoft Internet Explorer 5.01 SP4, 6, and 6 SP1 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability." | 9.3 |
| 2010-01-21 | CVE-2010-0379 | Adobe Microsoft | Remote Security vulnerability in Windows XP Professional x64 Edition Multiple unspecified vulnerabilities in the Macromedia Flash ActiveX control in Adobe Flash Player 6, as distributed in Microsoft Windows XP SP2 and SP3, might allow remote attackers to execute arbitrary code via unspecified vectors that are not related to the use-after-free "Movie Unloading Vulnerability" (CVE-2010-0378). | 9.3 |
| 2010-01-21 | CVE-2010-0364 | Videolan | Buffer Errors vulnerability in Videolan VLC Media Player 0.8.6 Stack-based buffer overflow in VideoLAN VLC Media Player 0.8.6 allows user-assisted remote attackers to execute arbitrary code via an ogg file with a crafted Advanced SubStation Alpha Subtitle (.ass) file, probably involving the Dialogue field. | 9.3 |
| 2010-01-21 | CVE-2009-4003 | Adobe | Numeric Errors vulnerability in Adobe Shockwave Player Multiple integer overflows in Adobe Shockwave Player before 11.5.6.606 allow remote attackers to execute arbitrary code via (1) an unspecified block type in a Shockwave file, leading to a heap-based buffer overflow; and might allow remote attackers to execute arbitrary code via (2) an unspecified 3D block in a Shockwave file, leading to memory corruption; or (3) a crafted 3D model in a Shockwave file, leading to heap memory corruption. | 9.3 |
| 2010-01-21 | CVE-2009-4002 | Adobe | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Shockwave Player Heap-based buffer overflow in Adobe Shockwave Player before 11.5.6.606 allows remote attackers to execute arbitrary code via a crafted 3D model in a Shockwave file. | 9.3 |
| 2010-01-20 | CVE-2010-0037 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server Buffer overflow in Image RAW in Apple Mac OS X 10.5.8 and 10.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted DNG image. | 9.3 |
| 2010-01-20 | CVE-2010-0036 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server Buffer overflow in CoreAudio in Apple Mac OS X 10.5.8 and 10.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MP4 audio file. | 9.3 |
23 High Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2010-01-21 | CVE-2010-0378 | Adobe | Use After Free vulnerability in Adobe Flash Player 6.0.79 Use-after-free vulnerability in Adobe Flash Player 6.0.79, as distributed in Microsoft Windows XP SP2 and SP3, allows remote attackers to execute arbitrary code by unloading a Flash object that is currently being accessed by a script, leading to memory corruption, aka a "Movie Unloading Vulnerability." | 8.8 |
| 2010-01-21 | CVE-2010-0137 | Cisco | Remote Denial of Service vulnerability in Cisco IOS XR SSH Protocol Implementation Unspecified vulnerability in the sshd_child_handler process in the SSH server in Cisco IOS XR 3.4.1 through 3.7.0 allows remote attackers to cause a denial of service (process crash and memory consumption) via a crafted SSH2 packet, aka Bug ID CSCsu10574. | 7.8 |
| 2010-01-22 | CVE-2010-0382 | ISC | Unspecified vulnerability in ISC Bind ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta handles out-of-bailiwick data accompanying a secure response without re-fetching from the original source, which allows remote attackers to have an unspecified impact via a crafted response, aka Bug 20819. | 7.6 |
| 2010-01-22 | CVE-2010-0381 | Phpmyspace | SQL Injection vulnerability in PHPmyspace 8.0/8.10 SQL injection vulnerability in modules/arcade/index.php in PHP MySpace Gold Edition 8.0 and 8.10 allows remote attackers to execute arbitrary SQL commands via the gid parameter in a show_stats action. | 7.5 |
| 2010-01-22 | CVE-2010-0230 | Suse | Permissions, Privileges, and Access Controls vulnerability in Suse Opensuse and Suse Linux SUSE Linux Enterprise 10 SP3 (SLE10-SP3) and openSUSE 11.2 configures postfix to listen on all network interfaces, which might allow remote attackers to bypass intended access restrictions. | 7.5 |
| 2010-01-21 | CVE-2010-0377 | Phpmyspace | SQL Injection vulnerability in PHPmyspace 8.0/8.10 SQL injection vulnerability in modules/arcade/index.php in PHP MySpace Gold Edition 8.0 and 8.10 allows remote attackers to execute arbitrary SQL commands via the gid parameter in a play_game action. | 7.5 |
| 2010-01-21 | CVE-2010-0375 | JCE Tech | SQL Injection vulnerability in Jce-Tech PHP Calendars Script SQL injection vulnerability in product_list.php in JCE-Tech PHP Calendars, downloaded 2010-01-11, allows remote attackers to execute arbitrary SQL commands via the cat parameter. | 7.5 |
| 2010-01-21 | CVE-2010-0373 | Joomla | SQL Injection vulnerability in Joomla COM Libros SQL injection vulnerability in the libros (com_libros) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php. | 7.5 |
| 2010-01-21 | CVE-2010-0372 | Hong Chuyen Joomla | SQL Injection vulnerability in Hong Chuyen COM Articlemanager SQL injection vulnerability in the Articlemanager (com_articlemanager) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the artid parameter in a display action to index.php. | 7.5 |
| 2010-01-21 | CVE-2010-0367 | Bitscripts | Code Injection vulnerability in Bitscripts Bits Video Script 2.04/2.05 Multiple PHP remote file inclusion vulnerabilities in BitScripts Bits Video Script 2.05 Gold Beta, and possibly 2.04, allow remote attackers to execute arbitrary PHP code via a URL in the rowptem[template] parameter to (1) showcasesearch.php and (2) showcase2search.php. | 7.5 |
| 2010-01-18 | CVE-2009-4628 | Templateplaza Joomla | SQL Injection vulnerability in Templateplaza COM Tpdugg 1.1 SQL injection vulnerability in the TemplatePlaza.com TPDugg (com_tpdugg) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a tags action to index.php. | 7.5 |
| 2010-01-18 | CVE-2009-4626 | Phpnagios | Path Traversal vulnerability in PHPnagios 1.2.0 Directory traversal vulnerability in menu.php in phpNagios 1.2.0 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the conf[lang] parameter. | 7.5 |
| 2010-01-18 | CVE-2009-4625 | Tamlyncreative Joomla | SQL Injection vulnerability in Tamlyncreative COM Bfsurvey Profree 1.2.4 SQL injection vulnerability in the updateOnePage function in components/com_bfsurvey_pro/controller.php in BF Survey Pro Free (com_bfsurvey_profree) 1.2.4, and other versions before 1.2.6, a component for Joomla!, allows remote attackers to execute arbitrary SQL commands via the table parameter in an updateOnePage action to index.php. | 7.5 |
| 2010-01-18 | CVE-2009-4624 | Nicecoder | SQL Injection vulnerability in Nicecoder Idesk SQL injection vulnerability in download.php in Nicecoder iDesk allows remote attackers to execute arbitrary SQL commands via the cat_id parameter, a different vector than CVE-2005-3843. | 7.5 |
| 2010-01-18 | CVE-2009-4623 | Plohni | Code Injection vulnerability in Plohni Advanced Comment System 1.0 Multiple PHP remote file inclusion vulnerabilities in Advanced Comment System 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the ACS_path parameter to (1) index.php and (2) admin.php in advanced_comment_system/. | 7.5 |
| 2010-01-18 | CVE-2009-4622 | Legrinder | Code Injection vulnerability in Legrinder Drunken:Golem Gaming Portal 0.5.1 PHP remote file inclusion vulnerability in admin/admin_news_bot.php in Drunken:Golem Gaming Portal 0.5.1 alpha 2 allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter, a different vector than CVE-2007-0572. | 7.5 |
| 2010-01-18 | CVE-2009-4621 | Patching Discuz | SQL Injection vulnerability in Patching Jianghu INN SQL injection vulnerability in the JiangHu Inn plugin 1.1 and earlier for Discuz! allows remote attackers to execute arbitrary SQL commands via the id parameter in a show action to forummission.php. | 7.5 |
| 2010-01-18 | CVE-2009-4620 | Joomloc Joomla | SQL Injection vulnerability in Joomloc COM Joomloc 1.0 SQL injection vulnerability in the Joomloc (com_joomloc) component 1.0 for Joomla allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit task to index.php. | 7.5 |
| 2010-01-18 | CVE-2009-4619 | Lucygames Joomla | SQL Injection vulnerability in Lucygames COM Lucygames 1.5.4 SQL injection vulnerability in the Lucy Games (com_lucygames) component 1.5.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the gameid parameter in a game action to index.php. | 7.5 |
| 2010-01-18 | CVE-2009-4618 | Tourismscripts | SQL Injection vulnerability in Tourismscripts BUS Script Multiple SQL injection vulnerabilities in Tourism Script Bus Script allow remote attackers to execute arbitrary SQL commands via the sitetext_id parameter to (1) aboutus.php and (2) faq.php. | 7.5 |
| 2010-01-18 | CVE-2009-4617 | Tourismscripts | SQL Injection vulnerability in Tourismscripts Tourism Script Accomodation Hotel Booking Portal Script Multiple SQL injection vulnerabilities in Tourism Script Accommodation Hotel Booking Portal Script allow remote attackers to execute arbitrary SQL commands via the hotel_id parameter to (1) hotel.php, (2) details.php, (3) roomtypes.php, (4) photos.php, (5) map.php, (6) weather.php, (7) reviews.php, and (8) book.php. | 7.5 |
| 2010-01-18 | CVE-2009-4615 | Myrephp | SQL Injection vulnerability in Myrephp Myre Holiday Rental Manager SQL injection vulnerability in review.php in MYRE Holiday Rental Manager allows remote attackers to execute arbitrary SQL commands via the link_id parameter in a show_review action. | 7.5 |
| 2010-01-18 | CVE-2009-4614 | DAN Brown | Code Injection vulnerability in DAN Brown MOA Gallery Multiple PHP remote file inclusion vulnerabilities in Moa Gallery 1.2.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the MOA_PATH parameter to (1) _error_funcs.php, (2) _integrity_funcs.php, (3) _template_component_admin.php, (4) _template_component_gallery.php, (5) _template_parser.php, (6) mod_gallery_funcs.php, (7) mod_image_funcs.php, (8) mod_tag_funcs.php, (9) mod_tag_view.php, (10) mod_upgrade_funcs.php, (11) mod_user_funcs.php, (12) page_admin.php, (13) page_gallery_add.php, (14) page_gallery_view.php, (15) page_image_add.php, (16) page_image_view_full.php, (17) page_login.php, and (18) page_sitemap.php in sources/. | 7.5 |
12 Medium Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2010-01-21 | CVE-2010-0366 | Bitscripts | Improper Input Validation vulnerability in Bitscripts Bits Video Script 2.04/2.05 Multiple unrestricted file upload vulnerabilities in (1) register.php and (2) addvideo.php in BitScripts Bits Video Script 2.04 and 2.05 Gold Beta allow remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory. | 6.8 |
| 2010-01-22 | CVE-2010-0380 | JCE Tech | Permissions, Privileges, and Access Controls vulnerability in Jce-Tech PHP Calendars Script install.php in JCE-Tech PHP Calendars, downloaded 20100121, allows remote attackers to bypass intended access restrictions and modify application settings via a direct request. | 5.0 |
| 2010-01-20 | CVE-2010-0362 | Zeus | Cryptographic Issues vulnerability in Zeus web Server Zeus Web Server before 4.3r5 does not use random transaction IDs for DNS requests, which makes it easier for remote attackers to spoof DNS responses. | 5.0 |
| 2010-01-19 | CVE-2009-4605 | Phpmyadmin | Unspecified vulnerability in PHPmyadmin scripts/setup.php (aka the setup script) in phpMyAdmin 2.11.x before 2.11.10 calls the unserialize function on the values of the (1) configuration and (2) v[0] parameters, which might allow remote attackers to conduct cross-site request forgery (CSRF) attacks via unspecified vectors. | 5.0 |
| 2010-01-18 | CVE-2009-4627 | DAN Brown | Path Traversal vulnerability in DAN Brown MOA Gallery 1.2.0 Directory traversal vulnerability in sources/_template_parser.php in Moa Gallery 1.2.0 and earlier allows remote attackers to read arbitrary files via a .. | 5.0 |
| 2010-01-22 | CVE-2010-0097 | ISC | Improper Input Validation vulnerability in ISC Bind ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta does not properly validate DNSSEC (1) NSEC and (2) NSEC3 records, which allows remote attackers to add the Authenticated Data (AD) flag to a forged NXDOMAIN response for an existing domain. | 4.3 |
| 2010-01-21 | CVE-2010-0376 | JCE Tech | Cross-Site Scripting vulnerability in Jce-Tech PHP Calendars Script Cross-site scripting (XSS) vulnerability in product_list.php in JCE-Tech PHP Calendars, downloaded 2010-01-11, allows remote attackers to inject arbitrary web script or HTML via the cat parameter. | 4.3 |
| 2010-01-21 | CVE-2010-0374 | Codingfish Joomla | Cross-Site Scripting vulnerability in Codingfish COM Marketplace 1.2 Cross-site scripting (XSS) vulnerability in the Marketplace (com_marketplace) component 1.2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the catid parameter in a show_category action to index.php. | 4.3 |
| 2010-01-21 | CVE-2010-0371 | Hitmaaan | Cross-Site Scripting vulnerability in Hitmaaan Gallery 1.3 Multiple cross-site scripting (XSS) vulnerabilities in index.php in Hitmaaan Gallery 1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) gall and (2) levela parameters. | 4.3 |
| 2010-01-21 | CVE-2010-0365 | Bitscripts | Cross-Site Scripting vulnerability in Bitscripts Bits Video Script 2.04/2.05 Cross-site scripting (XSS) vulnerability in search.php in BitScripts Bits Video Script 2.04 and 2.05 Gold Beta allows remote attackers to inject arbitrary web script or HTML via the order parameter. | 4.3 |
| 2010-01-20 | CVE-2010-0357 | IBM | Cross-Site Scripting vulnerability in IBM Lotus web Content Management Cross-site scripting (XSS) vulnerability in the Login page in IBM Lotus Web Content Management (WCM) 6.0.1.4, 6.0.1.5, and 6.0.1.6 before iFix 32; and 6.1.0.1 and 6.1.0.2 before iFix 24; for WebSphere Portal allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. | 4.3 |
| 2010-01-18 | CVE-2009-4616 | Myrephp | Cross-Site Scripting vulnerability in Myrephp Myre Holiday Rental Manager Cross-site scripting (XSS) vulnerability in search.php in MYRE Holiday Rental Manager allows remote attackers to inject arbitrary web script or HTML via the cat_id1 parameter. | 4.3 |
2 Low Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2010-01-21 | CVE-2010-0370 | Roger Lopez Thomas Turnbull Drupal | Cross-Site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in the Node Blocks module 5.x-1.1 and earlier, and 6.x-1.3 and earlier, a module for Drupal, allows remote authenticated users, with permissions to create or edit content and administer blocks, to inject arbitrary web script or HTML via the edit-title parameter (aka block title). | 3.5 |
| 2010-01-20 | CVE-2010-0363 | Zeus | Cross-Site Scripting vulnerability in Zeus web Server Cross-site scripting (XSS) vulnerability in Zeus Web Server before 4.3r5, when SSL is enabled for the admin server, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2002-1785. | 2.6 |