Weekly Vulnerabilities Reports > July 29 to August 4, 2002

Overview

4 new vulnerabilities reported during this period, including 0 critical vulnerabilities and 2 high severity vulnerabilities. This weekly summary report vulnerabilities in 4 products from 4 vendors including IBM, HP, Ncipher, and Frederic Tyndiuk. Vulnerabilities are notably categorized as .

  • 3 reported vulnerabilities are remotely exploitables.
  • 4 reported vulnerabilities are exploitable by an anonymous user.
  • IBM has the most reported vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

0 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS

2 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2002-07-31 CVE-2002-1449 Frederic Tyndiuk Unspecified vulnerability in Frederic Tyndiuk Eupload 1.0

eUpload 1.0 stores the password.txt password file in plaintext under the web document root, which allows remote attackers to overwrite arbitrary files by reading password.txt.

7.5
2002-08-01 CVE-2002-1616 HP Local Privilege Escalation vulnerability in Tru64 CHSH

Multiple buffer overflows in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allow local users to gain root privileges via (1) su, (2) chsh, (3) passwd, (4) chfn, (5) dxchpwd, and (6) libc.

7.2

2 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2002-08-01 CVE-2002-1446 Ncipher Unspecified vulnerability in Ncipher Pkcs 11 Library 1.2.0

The error checking routine used for the C_Verify call on a symmetric verification key in the nCipher PKCS#11 library 1.2.0 and later returns the CKR_OK status even when it detects an invalid signature, which could allow remote attackers to modify or forge messages.

5.0
2002-07-31 CVE-2002-1450 IBM Denial-Of-Service vulnerability in IBM Universe

IBM UniVerse with UV/ODBC allows attackers to cause a denial of service (client crash or server CPU consumption) via a query with an invalid link between tables, possibly via a buffer overflow.

5.0

0 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS