Weekly Vulnerabilities Reports > April 21 to 27, 2003
Overview
17 new vulnerabilities reported during this period, including 4 critical vulnerabilities and 3 high severity vulnerabilities. This weekly summary report vulnerabilities in 13 products from 11 vendors including HP, Cafelog, Phpgb, IBM, and Siemens. Vulnerabilities are notably categorized as and "Server-Side Request Forgery (SSRF)".
- 14 reported vulnerabilities are remotely exploitables.
- 17 reported vulnerabilities are exploitable by an anonymous user.
- HP has the most reported vulnerabilities, with 3 reported vulnerabilities.
- IBM has the most reported critical vulnerabilities, with 1 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
4 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2003-04-22 | CVE-2002-1482 | Phpgb | SQL Injection vulnerability in PHPgb 1.10/1.20/1.30 SQL injection vulnerability in login.php for phpGB 1.20 and earlier, when magic_quotes_gpc is not enabled, allows remote attackers to gain administrative privileges via SQL code in the password entry. | 10.0 |
2003-04-22 | CVE-2002-1468 | IBM | Local Buffer Overflow vulnerability in IBM AIX 4.3.3 Buffer overflow in errpt in AIX 4.3.3 allows local users to execute arbitrary code as root. | 10.0 |
2003-04-22 | CVE-2002-1466 | Cafelog | Remote Security vulnerability in Cafelog B2 2.06Pre4 CafeLog b2 Weblog Tool 2.06pre4, with allow_fopen_url enabled, allows remote attackers to execute arbitrary PHP code via the b2inc variable. | 10.0 |
2003-04-22 | CVE-2002-1484 | Siemens | Server-Side Request Forgery (SSRF) vulnerability in Siemens Db4Web 3.4/3.6 DB4Web server, when configured to use verbose debug messages, allows remote attackers to use DB4Web as a proxy and attempt TCP connections to other systems (port scan) via a request for a URL that specifies the target IP address and port, which produces a connection status in the resulting error message. | 9.8 |
3 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2003-04-22 | CVE-2002-1481 | Phpgb | Unspecified vulnerability in PHPgb 1.10/1.20 savesettings.php in phpGB 1.20 and earlier does not require authentication, which allows remote attackers to cause a denial of service or execute arbitrary PHP code by using savesettings.php to modify config.php. | 7.5 |
2003-04-22 | CVE-2002-1469 | Scponly | Unspecified vulnerability in Scponly 2.3/2.4 scponly does not properly verify the path when finding the (1) scp or (2) sftp-server programs, which could allow remote authenticated users to bypass access controls by uploading malicious programs and modifying the PATH variable in $HOME/.ssh/environment to locate those programs. | 7.5 |
2003-04-22 | CVE-2002-1465 | Cafelog | SQL Injection vulnerability in CafeLog b2 WebLog Tool SQL injection vulnerability in CafeLog b2 Weblog Tool allows remote attackers to execute arbitrary SQL code via the tablehosts variable. | 7.5 |
9 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2003-04-22 | CVE-2002-1480 | Phpgb | HTML Injection vulnerability in PHPgb 1.10 Cross-site scripting (XSS) vulnerability in phpGB before 1.20 allows remote attackers to inject arbitrary HTML or script into guestbook pages, which is executed when the administrator deletes the entry. | 6.8 |
2003-04-22 | CVE-2002-1464 | Cafelog | Cross-Site Scripting vulnerability in Cafelog B2 2.6Pre4 Cross-site scripting (XSS) vulnerability in CafeLog b2 Weblog Tool allows remote attackers to insert arbitrary HTML or script via the GPC variable. | 6.8 |
2003-04-22 | CVE-2002-1483 | Db4Web | Unspecified vulnerability in Db4Web 3.4/3.6 db4web_c and db4web_c.exe programs in DB4Web 3.4 and 3.6 allow remote attackers to read arbitrary files via an HTTP request whose argument is a filename of the form (1) C: (drive letter), (2) //absolute/path (double-slash), or (3) .. | 5.0 |
2003-04-22 | CVE-2002-1475 | HP | Denial-Of-Service vulnerability in HP Tru64 4.0F/4.0G/5.0A Unknown vulnerability in the ARP component for HP Tru64 UNIX 4.0f, 4.0g, and 5.0a allows remote attackers to "take over packets destined for another host" and cause a denial of service. | 5.0 |
2003-04-22 | CVE-2002-1474 | HP | Denial-Of-Service vulnerability in HP Tru64 4.0F/4.0G/5.0A Unknown vulnerability or vulnerabilities in TCP/IP component for HP Tru64 UNIX 4.0f, 4.0g, and 5.0a allows remote attackers to cause a denial of service. | 5.0 |
2003-04-22 | CVE-2002-1471 | Ximian | Unspecified vulnerability in Ximian Evolution The camel component for Ximian Evolution 1.0.x and earlier does not verify certificates when it establishes a new SSL connection after previously verifying a certificate, which could allow remote attackers to monitor or modify sessions via a man-in-the-middle attack. | 5.0 |
2003-04-22 | CVE-2002-1467 | Macromedia | Local File Access vulnerability in Macromedia Flash Player Arbitrary Macromedia Flash Plugin before 6,0,47,0 allows remote attackers to bypass the same-domain restriction and read arbitrary files via (1) an HTTP redirect, (2) a "file://" base in a web document, or (3) a relative URL from a web archive (mht file). | 5.0 |
2003-04-22 | CVE-2002-1476 | Netbsd | Buffer Overflow vulnerability in NetBSD LibC SetLocale Buffer overflow in setlocale in libc on NetBSD 1.4.x through 1.6, and possibly other operating systems, when called with the LC_ALL category, allows local attackers to execute arbitrary code via a user-controlled locale string that has more than 6 elements, which exceeds the boundaries of the new_categories category array, as exploitable through programs such as xterm and zsh. | 4.6 |
2003-04-22 | CVE-2002-1473 | HP | Denial-Of-Service vulnerability in HP-Ux 10.20/11.00/11.11 Multiple buffer overflows in lp subsystem for HP-UX 10.20 through 11.11 (11i) allow local users to cause a denial of service and possibly execute arbitrary code. | 4.6 |
1 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2003-04-22 | CVE-2002-1470 | Nullsoft | Information Disclosure vulnerability in Nullsoft Shoutcast Server 1.8.9 SHOUTcast 1.8.9 and earlier allows local users to obtain the cleartext administrative password via a GET request to port 8001, which causes the password to be logged in the world-readable sc_serv.log file. | 2.1 |