Weekly Vulnerabilities Reports > September 10 to 16, 2001
Overview
29 new vulnerabilities reported during this period, including 1 critical vulnerabilities and 17 high severity vulnerabilities. This weekly summary report vulnerabilities in 23 products from 20 vendors including Mozilla, Khamil Landross AND Zack Jones, Microsoft, Broadcom, and CA. Vulnerabilities are notably categorized as .
- 20 reported vulnerabilities are remotely exploitables.
- 29 reported vulnerabilities are exploitable by an anonymous user.
- Mozilla has the most reported vulnerabilities, with 7 reported vulnerabilities.
- Broadcom has the most reported critical vulnerabilities, with 1 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
1 Critical Vulnerabilities
17 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2001-09-15 | CVE-2001-1014 | Michael Boehme | Remote Arbitrary Command Execution vulnerability in Michael Boehme Webdiscount E Shop Online Shop System 1.0 eshop.pl in WebDiscount(e)shop allows remote attackers to execute arbitrary commands via shell metacharacters in the seite parameter. | 7.5 |
2001-09-12 | CVE-2001-1112 | Khamil Landross AND Zack Jones | Buffer Overflow Code Execution and Denial of Service vulnerability in Khamil Landross and Zack Jones Eftp 2.0.7.337 Buffer overflow in EFTP 2.0.7.337 allows remote attackers to execute arbitrary code by uploading a .lnk file containing a large number of characters. | 7.5 |
2001-09-12 | CVE-2001-1105 | Dell Cisco | RSA BSAFE SSL-J 3.0, 3.0.1 and 3.1, as used in Cisco iCND 2.0, caches session IDs from failed login attempts, which could allow remote attackers to bypass SSL client authentication and gain access to sensitive data by logging in after an initial failure. | 7.5 |
2001-09-12 | CVE-2001-0999 | Microsoft | Unspecified vulnerability in Microsoft Outlook Express 6.0 Outlook Express 6.00 allows remote attackers to execute arbitrary script by embedding SCRIPT tags in a message whose MIME content type is text/plain, contrary to the expected behavior that text/plain messages will not run script. | 7.5 |
2001-09-12 | CVE-2001-0958 | Trend Micro | Buffer Overflow vulnerability in Trend Micro InterScan eManager Buffer overflows in eManager plugin for Trend Micro InterScan VirusWall for NT 3.51 and 3.51J allow remote attackers to execute arbitrary code via long arguments to the CGI programs (1) register.dll, (2) ContentFilter.dll, (3) SFNofitication.dll, (4) register.dll, (5) TOP10.dll, (6) SpamExcp.dll, and (7) spamrule.dll. | 7.5 |
2001-09-11 | CVE-2001-1446 | Apple | Unspecified vulnerability in Apple mac OS X Find-By-Content in Mac OS X 10.0 through 10.0.4 creates world-readable index files named .FBCIndex in every directory, which allows remote attackers to learn the contents of files in web accessible directories. | 7.5 |
2001-09-11 | CVE-2001-0997 | Textor Webmasters LTD | Remote Security vulnerability in Textor Webmasters Ltd. Listrec.Pl 1.0 Textor Webmasters Ltd listrec.pl CGI program allows remote attackers to execute arbitrary commands via shell metacharacters in the TEMPLATE parameter. | 7.5 |
2001-09-10 | CVE-2001-1407 | Mozilla | Unspecified vulnerability in Mozilla Bugzilla Bugzilla before 2.14 allows Bugzilla users to bypass group security checks by marking a bug as the duplicate of a restricted bug, which adds the user to the CC list of the restricted bug and allows the user to view the bug. | 7.5 |
2001-09-10 | CVE-2001-1404 | Mozilla | Remote Security vulnerability in Bugzilla Bugzilla before 2.14 stores user passwords in plaintext and sends password requests in an email message, which could allow attackers to gain privileges. | 7.5 |
2001-09-10 | CVE-2001-1403 | Mozilla | Remote Security vulnerability in Bugzilla Bugzilla before 2.14 includes the username and password in URLs, which could allow attackers to gain privileges by reading the information from the web server logs, or by "shoulder-surfing" and observing the web browser's location bar. | 7.5 |
2001-09-10 | CVE-2001-1402 | Mozilla | Cross-Site Scripting vulnerability in Bugzilla Bugzilla before 2.14 does not properly escape untrusted parameters, which could allow remote attackers to conduct unauthorized activities via cross-site scripting (CSS) and possibly SQL injection attacks on (1) the product or output form variables for reports.cgi, (2) the voteon, bug_id, and user variables for showvotes.cgi, (3) an invalid email address in createaccount.cgi, (4) an invalid ID in showdependencytree.cgi, (5) invalid usernames and other fields in process_bug.cgi, and (6) error messages in buglist.cgi. | 7.5 |
2001-09-10 | CVE-2001-1401 | Mozilla | Remote Security vulnerability in Bugzilla Bugzilla before 2.14 does not properly restrict access to confidential bugs, which could allow Bugzilla users to bypass viewing permissions via modified bug id parameters in (1) process_bug.cgi, (2) show_activity.cgi, (3) showvotes.cgi, (4) showdependencytree.cgi, (5) showdependencygraph.cgi, (6) showattachment.cgi, or (7) describecomponents.cgi. | 7.5 |
2001-09-10 | CVE-2001-1369 | Leon J Breedt | Remote SQL Query Manipulation vulnerability in Leon J Breedt Pam-Pgsql 0.5.1/0.5.2 Leon J Breedt pam-pgsql before 0.5.2 allows remote attackers to execute arbitrary SQL code and bypass authentication or modify user account records by injecting SQL statements into user or password fields. | 7.5 |
2001-09-10 | CVE-2001-1090 | Alessandro Gardich | Remote SQL Query Manipulation vulnerability in Alessandro Gardich NSS Postgresql 0.6.1 nss_postgresql 0.6.1 and before allows a remote attacker to execute arbitrary SQL queries by inserting SQL code into an HTTP request. | 7.5 |
2001-09-10 | CVE-2001-1089 | Alessandro Gardich Joerg Wendland | Remote SQL Query Manipulation vulnerability in Joerg Wendland LibNSS-PgSQL libnss-pgsql in nss-pgsql 0.9.0 and earlier allows remote attackers to execute arbitrary SQL queries by inserting SQL code into an HTTP request. | 7.5 |
2001-09-11 | CVE-2001-0956 | Speechio | Unspecified vulnerability in Speechio Speechd speechd 0.54 and earlier, with the Festival or rsynth speech synthesis package, allows attackers to execute arbitrary commands via shell metacharacters. | 7.2 |
2001-09-10 | CVE-2001-1093 | Compaq | Buffer Overflow vulnerability in Digital Unix MSGCHK Buffer overflow in msgchk in Digital UNIX 4.0G and earlier allows local users to execute arbitrary code via a long command line argument. | 7.2 |
7 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2001-09-15 | CVE-2001-0959 | Broadcom CA | Computer Associates ARCserve for NT 6.61 SP2a and ARCserve 2000 7.0 creates a hidden share named ARCSERVE$, which allows remote attackers to obtain sensitive information and overwrite critical files. | 6.4 |
2001-09-14 | CVE-2001-0986 | Microsoft | File Information and Path Disclosure vulnerability in Microsoft Index Server 2.0 SQLQHit.asp sample file in Microsoft Index Server 2.0 allows remote attackers to obtain sensitive information such as the physical path, file attributes, or portions of source code by directly calling sqlqhit.asp with a CiScope parameter set to (1) webinfo, (2) extended_fileinfo, (3) extended_webinfo, or (4) fileinfo. | 5.0 |
2001-09-12 | CVE-2001-1110 | Khamil Landross AND Zack Jones | Remote Security vulnerability in Khamil Landross and Zack Jones Eftp 2.0.7.337 EFTP 2.0.7.337 allows remote attackers to obtain NETBIOS credentials by requesting information on a file that is in a network share, which causes the server to send the credentials to the host that owns the share, and allows the attacker to sniff the connection. | 5.0 |
2001-09-12 | CVE-2001-1013 | Redhat | Remote Username Enumeration vulnerability in Redhat Linux 7.0 Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no public_html directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server. | 5.0 |
2001-09-13 | CVE-2001-0984 | Counterpane | Buffer Recovery vulnerability in Counterpane Password Safe 1.7.1 Password Safe 1.7(1) leaves cleartext passwords in memory when a user copies the password to the clipboard and minimizes Password Safe with the "Clear the password when minimized" and "Lock password database on minimize and prompt on restore" options enabled, which could allow an attacker with access to the memory (e.g. | 4.6 |
2001-09-12 | CVE-2001-1111 | Khamil Landross AND Zack Jones | Unspecified vulnerability in Khamil Landross and Zack Jones Eftp 2.0.7.337 EFTP 2.0.7.337 stores user passwords in plaintext in the eftp2users.dat file. | 4.6 |
2001-09-11 | CVE-2001-1094 | Crosstec Corporation | Authentication vulnerability in Crosstec Corporation Netop School 1.5 NetOp School 1.5 allows local users to bypass access restrictions on the administration version by logging into the student version, closing the student version, then starting the administration version. | 4.6 |
4 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2001-09-13 | CVE-2001-1136 | HP | Denial of Service vulnerability in HP Hp-Ux 11.04 The libsecurity library in HP-UX 11.04 (VVOS) allows attackers to cause a denial of service. | 2.1 |
2001-09-10 | CVE-2001-1406 | Mozilla | Local Security vulnerability in Bugzilla process_bug.cgi in Bugzilla before 2.14 does not set the "groupset" bit when a bug is moved between product groups, which will cause the bug to have the old group's restrictions, which might not be as stringent. | 2.1 |
2001-09-10 | CVE-2001-1405 | Mozilla | Denial-Of-Service vulnerability in Bugzilla Bugzilla before 2.14 does not restrict access to sanitycheck.cgi, which allows local users to cause a denial of service (CPU consumption) via a flood of requests to sanitycheck.cgi. | 2.1 |
2001-09-10 | CVE-2001-1092 | Compaq | Symbolic Link vulnerability in Digital Unix MSGCHK MH_PROFILE msgchk in Digital UNIX 4.0G and earlier allows a local user to read the first line of arbitrary files via a symlink attack on the .mh_profile file. | 2.1 |