Weekly Vulnerabilities Reports > January 18 to 24, 2010

Overview

65 new vulnerabilities reported during this period, including 25 critical vulnerabilities and 24 high severity vulnerabilities. This weekly summary report vulnerabilities in 56 products from 39 vendors including Microsoft, Joomla, Adobe, ISC, and Phpmyadmin. Vulnerabilities are notably categorized as "SQL Injection", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Code Injection", "Cross-site Scripting", and "Permissions, Privileges, and Access Controls".

  • 62 reported vulnerabilities are remotely exploitables.
  • 21 reported vulnerabilities have public exploit available.
  • 25 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 64 reported vulnerabilities are exploitable by an anonymous user.
  • Microsoft has the most reported vulnerabilities, with 10 reported vulnerabilities.
  • Microsoft has the most reported critical vulnerabilities, with 9 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

25 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-01-21 CVE-2010-0138 Cisco
Microsoft
Buffer Errors vulnerability in Cisco Ciscoworks Internetwork Performance Monitor 2.4/2.5

Buffer overflow in Cisco CiscoWorks Internetwork Performance Monitor (IPM) 2.6 and earlier on Windows, as distributed in CiscoWorks LAN Management Solution (LMS), allows remote attackers to execute arbitrary code via a malformed getProcessName CORBA General Inter-ORB Protocol (GIOP) request, related to a "third-party component," aka Bug ID CSCsv62350.

10.0
2010-01-20 CVE-2009-4000 HP Path Traversal vulnerability in HP Power Manager

Directory traversal vulnerability in goform/formExportDataLogs in HP Power Manager before 4.2.10 allows remote attackers to overwrite arbitrary files, and execute arbitrary code, via directory traversal sequences in the fileName parameter.

10.0
2010-01-20 CVE-2009-3999 HP Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in HP Power Manager 4.2.5/4.2.6

Stack-based buffer overflow in goform/formExportDataLogs in HP Power Manager before 4.2.10 allows remote attackers to execute arbitrary code via a long fileName parameter.

10.0
2010-01-20 CVE-2010-0361 SUN Buffer Errors vulnerability in SUN Java System web Server 7.0

Stack-based buffer overflow in the WebDAV implementation in webservd in Sun Java System Web Server (aka SJWS) 7.0 Update 7 allows remote attackers to cause a denial of service (daemon crash) and possibly have unspecified other impact via a long URI in an HTTP OPTIONS request.

10.0
2010-01-20 CVE-2010-0360 SUN Improper Input Validation vulnerability in SUN Java System web Server 7.0

Sun Java System Web Server (aka SJWS) 7.0 Update 7 allows remote attackers to overwrite memory locations in the heap, and discover the contents of memory locations, via a malformed HTTP TRACE request that includes a long URI and many empty headers, related to an "overflow." NOTE: this might overlap CVE-2010-0272 and CVE-2010-0273.

10.0
2010-01-20 CVE-2010-0359 Zeus Buffer Errors vulnerability in Zeus web Server 4.3R5

Buffer overflow in the SSLv2 support in Zeus Web Server before 4.3r5 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long string in an invalid Client Hello message.

10.0
2010-01-20 CVE-2010-0358 IBM Buffer Errors vulnerability in IBM Lotus Domino 7.0/8.5.0.1

Heap-based buffer overflow in the server in IBM Lotus Domino 7 and 8.5 FP1 allows remote attackers to cause a denial of service (daemon exit) and possibly have unspecified other impact via a long string in a crafted LDAP message to a TCP port, a different vulnerability than CVE-2009-3087.

10.0
2010-01-19 CVE-2009-4012 Linux Thai Numeric Errors vulnerability in Linux.Thai Libthai

Multiple integer overflows in LibThai before 0.1.13 might allow context-dependent attackers to execute arbitrary code via long strings that trigger heap-based buffer overflows, related to (1) thbrk/thbrk.c and (2) thwbrk/thwbrk.c.

10.0
2010-01-19 CVE-2009-3739 Rockwellautomation Unspecified vulnerability in Rockwellautomation products

Multiple unspecified vulnerabilities on the Rockwell Automation AB Micrologix 1100 and 1400 controllers allow remote attackers to obtain privileged access or cause a denial of service (halt) via unknown vectors.

10.0
2010-01-19 CVE-2008-7252 Phpmyadmin Cryptographic Issues vulnerability in PHPmyadmin

libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 uses predictable filenames for temporary files, which has unknown impact and attack vectors.

10.0
2010-01-19 CVE-2008-7251 Phpmyadmin Permissions, Privileges, and Access Controls vulnerability in PHPmyadmin

libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 creates a temporary directory with 0777 permissions, which has unknown impact and attack vectors.

10.0
2010-01-22 CVE-2010-0248 Microsoft Code Injection vulnerability in Microsoft Internet Explorer

Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Object Memory Corruption Vulnerability."

9.3
2010-01-22 CVE-2010-0247 Microsoft Code Injection vulnerability in Microsoft Internet Explorer

Microsoft Internet Explorer 5.01 SP4, 6, and 6 SP1 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability."

9.3
2010-01-22 CVE-2010-0246 Microsoft Code Injection vulnerability in Microsoft Internet Explorer 8/8.0.6001

Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3671, CVE-2009-3674, and CVE-2010-0245.

9.3
2010-01-22 CVE-2010-0245 Microsoft Code Injection vulnerability in Microsoft Internet Explorer 8/8.0.6001

Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3671, CVE-2009-3674, and CVE-2010-0246.

9.3
2010-01-22 CVE-2010-0244 Microsoft Code Injection vulnerability in Microsoft Internet Explorer

Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-2530 and CVE-2009-2531.

9.3
2010-01-22 CVE-2010-0027 Microsoft Code Injection vulnerability in Microsoft products

The URL validation functionality in Microsoft Internet Explorer 5.01, 6, 6 SP1, 7 and 8, and the ShellExecute API function in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, does not properly process input parameters, which allows remote attackers to execute arbitrary local programs via a crafted URL, aka "URL Validation Vulnerability."

9.3
2010-01-21 CVE-2010-0379 Adobe
Microsoft
Remote Security vulnerability in Windows XP Professional x64 Edition

Multiple unspecified vulnerabilities in the Macromedia Flash ActiveX control in Adobe Flash Player 6, as distributed in Microsoft Windows XP SP2 and SP3, might allow remote attackers to execute arbitrary code via unspecified vectors that are not related to the use-after-free "Movie Unloading Vulnerability" (CVE-2010-0378).

9.3
2010-01-21 CVE-2010-0378 Adobe
Microsoft
Remote Security vulnerability in Windows XP Professional x64 Edition

Use-after-free vulnerability in Adobe Flash Player 6.0.79, as distributed in Microsoft Windows XP SP2 and SP3, allows remote attackers to execute arbitrary code by unloading a Flash object that is currently being accessed by a script, leading to memory corruption, aka a "Movie Unloading Vulnerability." Per: http://cwe.mitre.org/data/definitions/416.html CWE-416 Use-After Free Vulnerability Per: http://www.microsoft.com/technet/security/advisory/979267.mspx " Suggested Actions Perform one or both of the following steps: • Uninstall the Adobe Flash Player version 6. • Install the most current version of Flash Player available from Adobe."

9.3
2010-01-21 CVE-2010-0364 Videolan Buffer Errors vulnerability in Videolan VLC Media Player 0.8.6

Stack-based buffer overflow in VideoLAN VLC Media Player 0.8.6 allows user-assisted remote attackers to execute arbitrary code via an ogg file with a crafted Advanced SubStation Alpha Subtitle (.ass) file, probably involving the Dialogue field.

9.3
2010-01-21 CVE-2009-4003 Adobe Numeric Errors vulnerability in Adobe Shockwave Player

Multiple integer overflows in Adobe Shockwave Player before 11.5.6.606 allow remote attackers to execute arbitrary code via (1) an unspecified block type in a Shockwave file, leading to a heap-based buffer overflow; and might allow remote attackers to execute arbitrary code via (2) an unspecified 3D block in a Shockwave file, leading to memory corruption; or (3) a crafted 3D model in a Shockwave file, leading to heap memory corruption.

9.3
2010-01-21 CVE-2009-4002 Adobe Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Shockwave Player

Heap-based buffer overflow in Adobe Shockwave Player before 11.5.6.606 allows remote attackers to execute arbitrary code via a crafted 3D model in a Shockwave file.

9.3
2010-01-20 CVE-2010-0037 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server

Buffer overflow in Image RAW in Apple Mac OS X 10.5.8 and 10.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted DNG image.

9.3
2010-01-20 CVE-2010-0036 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server

Buffer overflow in CoreAudio in Apple Mac OS X 10.5.8 and 10.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MP4 audio file.

9.3
2010-01-18 CVE-2010-0356 Viscomsoft Buffer Errors vulnerability in Viscomsoft Movie Player PRO SDK Activex 6.8

Stack-based buffer overflow in the MOVIEPLAYER.MoviePlayerCtrl.1 ActiveX control in MoviePlayer.ocx 6.8.0.0 in Viscom Software Movie Player Pro SDK ActiveX 6.8 allows remote attackers to execute arbitrary code via a long strFontName parameter to the DrawText method.

9.3

24 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-01-21 CVE-2010-0137 Cisco Remote Denial of Service vulnerability in Cisco IOS XR SSH Protocol Implementation

Unspecified vulnerability in the sshd_child_handler process in the SSH server in Cisco IOS XR 3.4.1 through 3.7.0 allows remote attackers to cause a denial of service (process crash and memory consumption) via a crafted SSH2 packet, aka Bug ID CSCsu10574.

7.8
2010-01-22 CVE-2010-0382 ISC Unspecified vulnerability in ISC Bind

ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta handles out-of-bailiwick data accompanying a secure response without re-fetching from the original source, which allows remote attackers to have an unspecified impact via a crafted response, aka Bug 20819.

7.6
2010-01-22 CVE-2010-0381 Phpmyspace SQL Injection vulnerability in PHPmyspace 8.0/8.10

SQL injection vulnerability in modules/arcade/index.php in PHP MySpace Gold Edition 8.0 and 8.10 allows remote attackers to execute arbitrary SQL commands via the gid parameter in a show_stats action.

7.5
2010-01-22 CVE-2010-0230 Suse Permissions, Privileges, and Access Controls vulnerability in Suse Opensuse and Suse Linux

SUSE Linux Enterprise 10 SP3 (SLE10-SP3) and openSUSE 11.2 configures postfix to listen on all network interfaces, which might allow remote attackers to bypass intended access restrictions.

7.5
2010-01-21 CVE-2010-0377 Phpmyspace SQL Injection vulnerability in PHPmyspace 8.0/8.10

SQL injection vulnerability in modules/arcade/index.php in PHP MySpace Gold Edition 8.0 and 8.10 allows remote attackers to execute arbitrary SQL commands via the gid parameter in a play_game action.

7.5
2010-01-21 CVE-2010-0375 JCE Tech SQL Injection vulnerability in Jce-Tech PHP Calendars Script

SQL injection vulnerability in product_list.php in JCE-Tech PHP Calendars, downloaded 2010-01-11, allows remote attackers to execute arbitrary SQL commands via the cat parameter.

7.5
2010-01-21 CVE-2010-0373 Joomla SQL Injection vulnerability in Joomla COM Libros

SQL injection vulnerability in the libros (com_libros) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php.

7.5
2010-01-21 CVE-2010-0372 Hong Chuyen
Joomla
SQL Injection vulnerability in Hong Chuyen COM Articlemanager

SQL injection vulnerability in the Articlemanager (com_articlemanager) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the artid parameter in a display action to index.php.

7.5
2010-01-21 CVE-2010-0367 Bitscripts Code Injection vulnerability in Bitscripts Bits Video Script 2.04/2.05

Multiple PHP remote file inclusion vulnerabilities in BitScripts Bits Video Script 2.05 Gold Beta, and possibly 2.04, allow remote attackers to execute arbitrary PHP code via a URL in the rowptem[template] parameter to (1) showcasesearch.php and (2) showcase2search.php.

7.5
2010-01-18 CVE-2009-4628 Templateplaza
Joomla
SQL Injection vulnerability in Templateplaza COM Tpdugg 1.1

SQL injection vulnerability in the TemplatePlaza.com TPDugg (com_tpdugg) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a tags action to index.php.

7.5
2010-01-18 CVE-2009-4626 Phpnagios Path Traversal vulnerability in PHPnagios 1.2.0

Directory traversal vulnerability in menu.php in phpNagios 1.2.0 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the conf[lang] parameter.

7.5
2010-01-18 CVE-2009-4625 Tamlyncreative
Joomla
SQL Injection vulnerability in Tamlyncreative COM Bfsurvey Profree 1.2.4

SQL injection vulnerability in the updateOnePage function in components/com_bfsurvey_pro/controller.php in BF Survey Pro Free (com_bfsurvey_profree) 1.2.4, and other versions before 1.2.6, a component for Joomla!, allows remote attackers to execute arbitrary SQL commands via the table parameter in an updateOnePage action to index.php.

7.5
2010-01-18 CVE-2009-4624 Nicecoder SQL Injection vulnerability in Nicecoder Idesk

SQL injection vulnerability in download.php in Nicecoder iDesk allows remote attackers to execute arbitrary SQL commands via the cat_id parameter, a different vector than CVE-2005-3843.

7.5
2010-01-18 CVE-2009-4623 Plohni Code Injection vulnerability in Plohni Advanced Comment System 1.0

Multiple PHP remote file inclusion vulnerabilities in Advanced Comment System 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the ACS_path parameter to (1) index.php and (2) admin.php in advanced_comment_system/.

7.5
2010-01-18 CVE-2009-4622 Legrinder Code Injection vulnerability in Legrinder Drunken:Golem Gaming Portal 0.5.1

PHP remote file inclusion vulnerability in admin/admin_news_bot.php in Drunken:Golem Gaming Portal 0.5.1 alpha 2 allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter, a different vector than CVE-2007-0572.

7.5
2010-01-18 CVE-2009-4621 Patching
Discuz
SQL Injection vulnerability in Patching Jianghu INN

SQL injection vulnerability in the JiangHu Inn plugin 1.1 and earlier for Discuz! allows remote attackers to execute arbitrary SQL commands via the id parameter in a show action to forummission.php.

7.5
2010-01-18 CVE-2009-4620 Joomloc
Joomla
SQL Injection vulnerability in Joomloc COM Joomloc 1.0

SQL injection vulnerability in the Joomloc (com_joomloc) component 1.0 for Joomla allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit task to index.php.

7.5
2010-01-18 CVE-2009-4619 Lucygames
Joomla
SQL Injection vulnerability in Lucygames COM Lucygames 1.5.4

SQL injection vulnerability in the Lucy Games (com_lucygames) component 1.5.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the gameid parameter in a game action to index.php.

7.5
2010-01-18 CVE-2009-4618 Tourismscripts SQL Injection vulnerability in Tourismscripts BUS Script

Multiple SQL injection vulnerabilities in Tourism Script Bus Script allow remote attackers to execute arbitrary SQL commands via the sitetext_id parameter to (1) aboutus.php and (2) faq.php.

7.5
2010-01-18 CVE-2009-4617 Tourismscripts SQL Injection vulnerability in Tourismscripts Tourism Script Accomodation Hotel Booking Portal Script

Multiple SQL injection vulnerabilities in Tourism Script Accommodation Hotel Booking Portal Script allow remote attackers to execute arbitrary SQL commands via the hotel_id parameter to (1) hotel.php, (2) details.php, (3) roomtypes.php, (4) photos.php, (5) map.php, (6) weather.php, (7) reviews.php, and (8) book.php.

7.5
2010-01-18 CVE-2009-4615 Myrephp SQL Injection vulnerability in Myrephp Myre Holiday Rental Manager

SQL injection vulnerability in review.php in MYRE Holiday Rental Manager allows remote attackers to execute arbitrary SQL commands via the link_id parameter in a show_review action.

7.5
2010-01-18 CVE-2009-4614 DAN Brown Code Injection vulnerability in DAN Brown MOA Gallery

Multiple PHP remote file inclusion vulnerabilities in Moa Gallery 1.2.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the MOA_PATH parameter to (1) _error_funcs.php, (2) _integrity_funcs.php, (3) _template_component_admin.php, (4) _template_component_gallery.php, (5) _template_parser.php, (6) mod_gallery_funcs.php, (7) mod_image_funcs.php, (8) mod_tag_funcs.php, (9) mod_tag_view.php, (10) mod_upgrade_funcs.php, (11) mod_user_funcs.php, (12) page_admin.php, (13) page_gallery_add.php, (14) page_gallery_view.php, (15) page_image_add.php, (16) page_image_view_full.php, (17) page_login.php, and (18) page_sitemap.php in sources/.

7.5
2010-01-21 CVE-2010-0232 Microsoft Permissions, Privileges, and Access Controls vulnerability in Microsoft products

The kernel in Microsoft Windows NT 3.1 through Windows 7, including Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2, when access to 16-bit applications is enabled on a 32-bit x86 platform, does not properly validate certain BIOS calls, which allows local users to gain privileges by crafting a VDM_TIB data structure in the Thread Environment Block (TEB), and then calling the NtVdmControl function to start the Windows Virtual DOS Machine (aka NTVDM) subsystem, leading to improperly handled exceptions involving the #GP trap handler (nt!KiTrap0D), aka "Windows Kernel Exception Handler Vulnerability."

7.2
2010-01-19 CVE-2009-4141 Linux Resource Management Errors vulnerability in Linux Kernel

Use-after-free vulnerability in the fasync_helper function in fs/fcntl.c in the Linux kernel before 2.6.33-rc4-git1 allows local users to gain privileges via vectors that include enabling O_ASYNC (aka FASYNC or FIOASYNC) on a locked file, and then closing this file.

7.2

13 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-01-21 CVE-2010-0366 Bitscripts Improper Input Validation vulnerability in Bitscripts Bits Video Script 2.04/2.05

Multiple unrestricted file upload vulnerabilities in (1) register.php and (2) addvideo.php in BitScripts Bits Video Script 2.04 and 2.05 Gold Beta allow remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory.

6.8
2010-01-22 CVE-2010-0380 JCE Tech Permissions, Privileges, and Access Controls vulnerability in Jce-Tech PHP Calendars Script

install.php in JCE-Tech PHP Calendars, downloaded 20100121, allows remote attackers to bypass intended access restrictions and modify application settings via a direct request.

5.0
2010-01-20 CVE-2010-0362 Zeus Cryptographic Issues vulnerability in Zeus web Server

Zeus Web Server before 4.3r5 does not use random transaction IDs for DNS requests, which makes it easier for remote attackers to spoof DNS responses.

5.0
2010-01-19 CVE-2009-4605 Phpmyadmin Unspecified vulnerability in PHPmyadmin

scripts/setup.php (aka the setup script) in phpMyAdmin 2.11.x before 2.11.10 calls the unserialize function on the values of the (1) configuration and (2) v[0] parameters, which might allow remote attackers to conduct cross-site request forgery (CSRF) attacks via unspecified vectors.

5.0
2010-01-18 CVE-2009-4627 DAN Brown Path Traversal vulnerability in DAN Brown MOA Gallery 1.2.0

Directory traversal vulnerability in sources/_template_parser.php in Moa Gallery 1.2.0 and earlier allows remote attackers to read arbitrary files via a ..

5.0
2010-01-22 CVE-2010-0097 ISC Improper Input Validation vulnerability in ISC Bind

ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta does not properly validate DNSSEC (1) NSEC and (2) NSEC3 records, which allows remote attackers to add the Authenticated Data (AD) flag to a forged NXDOMAIN response for an existing domain.

4.3
2010-01-21 CVE-2010-0376 JCE Tech Cross-Site Scripting vulnerability in Jce-Tech PHP Calendars Script

Cross-site scripting (XSS) vulnerability in product_list.php in JCE-Tech PHP Calendars, downloaded 2010-01-11, allows remote attackers to inject arbitrary web script or HTML via the cat parameter.

4.3
2010-01-21 CVE-2010-0374 Codingfish
Joomla
Cross-Site Scripting vulnerability in Codingfish COM Marketplace 1.2

Cross-site scripting (XSS) vulnerability in the Marketplace (com_marketplace) component 1.2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the catid parameter in a show_category action to index.php.

4.3
2010-01-21 CVE-2010-0371 Hitmaaan Cross-Site Scripting vulnerability in Hitmaaan Gallery 1.3

Multiple cross-site scripting (XSS) vulnerabilities in index.php in Hitmaaan Gallery 1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) gall and (2) levela parameters.

4.3
2010-01-21 CVE-2010-0365 Bitscripts Cross-Site Scripting vulnerability in Bitscripts Bits Video Script 2.04/2.05

Cross-site scripting (XSS) vulnerability in search.php in BitScripts Bits Video Script 2.04 and 2.05 Gold Beta allows remote attackers to inject arbitrary web script or HTML via the order parameter.

4.3
2010-01-20 CVE-2010-0357 IBM Cross-Site Scripting vulnerability in IBM Lotus web Content Management

Cross-site scripting (XSS) vulnerability in the Login page in IBM Lotus Web Content Management (WCM) 6.0.1.4, 6.0.1.5, and 6.0.1.6 before iFix 32; and 6.1.0.1 and 6.1.0.2 before iFix 24; for WebSphere Portal allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.

4.3
2010-01-18 CVE-2009-4616 Myrephp Cross-Site Scripting vulnerability in Myrephp Myre Holiday Rental Manager

Cross-site scripting (XSS) vulnerability in search.php in MYRE Holiday Rental Manager allows remote attackers to inject arbitrary web script or HTML via the cat_id1 parameter.

4.3
2010-01-22 CVE-2010-0290 ISC Unspecified vulnerability in ISC Bind

Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains (1) CNAME or (2) DNAME records, which do not have the intended validation before caching, aka Bug 20737.

4.0

3 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-01-21 CVE-2010-0370 Roger Lopez
Thomas Turnbull
Drupal
Cross-Site Scripting vulnerability in multiple products

Cross-site scripting (XSS) vulnerability in the Node Blocks module 5.x-1.1 and earlier, and 6.x-1.3 and earlier, a module for Drupal, allows remote authenticated users, with permissions to create or edit content and administer blocks, to inject arbitrary web script or HTML via the edit-title parameter (aka block title).

3.5
2010-01-20 CVE-2010-0363 Zeus Cross-Site Scripting vulnerability in Zeus web Server

Cross-site scripting (XSS) vulnerability in Zeus Web Server before 4.3r5, when SSL is enabled for the admin server, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2002-1785.

2.6
2010-01-19 CVE-2010-0007 Linux Permissions, Privileges, and Access Controls vulnerability in Linux Kernel

net/bridge/netfilter/ebtables.c in the ebtables module in the netfilter framework in the Linux kernel before 2.6.33-rc4 does not require the CAP_NET_ADMIN capability for setting or modifying rules, which allows local users to bypass intended access restrictions and configure arbitrary network-traffic filtering via a modified ebtables application.

2.1