Weekly Vulnerabilities Reports > July 30 to August 5, 2001
Overview
2 new vulnerabilities reported during this period, including 1 critical vulnerabilities and 1 high severity vulnerabilities. This weekly summary report vulnerabilities in 2 products from 2 vendors including Phpbb, and Infodrom. Vulnerabilities are notably categorized as "Off-by-one Error", and "Improper Initialization".
- 2 reported vulnerabilities are remotely exploitables.
- 1 reported vulnerabilities are exploitable by an anonymous user.
- Phpbb has the most reported vulnerabilities, with 1 reported vulnerabilities.
- Infodrom has the most reported critical vulnerabilities, with 1 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
1 Critical Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2001-08-02 | CVE-2001-0609 | Infodrom | Off-by-one Error vulnerability in Infodrom Cfingerd Format string vulnerability in Infodrom cfingerd 1.4.3 and earlier allows a remote attacker to gain additional privileges via a malformed ident reply that is passed to the syslog function. | 9.8 |
1 High Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2001-07-31 | CVE-2001-1471 | Phpbb | Improper Initialization vulnerability in PHPbb 1.4.0 prefs.php in phpBB 1.4.0 and earlier allows remote authenticated users to execute arbitrary PHP code via an invalid language value, which prevents the variables (1) $l_statsblock in prefs.php or (2) $l_privnotify in auth.php from being properly initialized, which can be modified by the user and later used in an eval statement. | 8.8 |
0 Medium Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|
0 Low Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|