Weekly Vulnerabilities Reports > June 16 to 22, 2003
Overview
56 new vulnerabilities reported during this period, including 4 critical vulnerabilities and 18 high severity vulnerabilities. This weekly summary report vulnerabilities in 58 products from 47 vendors including Redhat, Snowblind NET, Microsoft, Qualcomm, and Apple. Vulnerabilities are notably categorized as "Numeric Errors", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "SQL Injection", and "Cross-site Scripting".
- 48 reported vulnerabilities are remotely exploitables.
- 2 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 56 reported vulnerabilities are exploitable by an anonymous user.
- Redhat has the most reported vulnerabilities, with 6 reported vulnerabilities.
- Redhat has the most reported critical vulnerabilities, with 1 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
4 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2003-06-16 | CVE-2003-0374 | Nessus | Remote Security vulnerability in Nessus Multiple unknown vulnerabilities in Nessus before 2.0.6, in libnessus and possibly libnasl, a different set of vulnerabilities than those identified by CVE-2003-0372 and CVE-2003-0373, aka "similar issues in other nasl functions as well as in libnessus." | 10.0 |
2003-06-16 | CVE-2003-0288 | Hiroaki Shirouzu | Buffer Overflow vulnerability in Hiroaki Shirouzu IP Messenger 2.00 Buffer overflow in the file & folder transfer mechanism for IP Messenger for Win 2.00 through 2.02 allows remote attackers to execute arbitrary code via file with a long filename, which triggers the overflow when the user saves the file. | 10.0 |
2003-06-16 | CVE-2003-0280 | Youngzsoft | Buffer Overflow vulnerability in Youngzsoft Cmailserver 4.0.2003.23.27 Multiple buffer overflows in the SMTP Service for ESMTP CMailServer 4.0.2003.03.27 allow remote attackers to execute arbitrary code via long (1) MAIL FROM or (2) RCPT TO commands. | 10.0 |
2003-06-16 | CVE-2003-0248 | Redhat | Unspecified vulnerability in Redhat Linux The mxcsr code in Linux kernel 2.4 allows attackers to modify CPU state registers via a malformed address. | 10.0 |
18 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2003-06-16 | CVE-2003-0270 | Apple | Unspecified vulnerability in Apple 802.11N 7.3.1 The administration capability for Apple AirPort 802.11 wireless access point devices uses weak encryption (XOR with a fixed key) for protecting authentication credentials, which could allow remote attackers to obtain administrative access via sniffing when the capability is available via Ethernet or non-WEP connections. | 7.6 |
2003-06-17 | CVE-2003-1086 | Pmachine | Remote Security vulnerability in Pmachine Free and Pmachine PRO PHP remote file inclusion vulnerability in pm/lib.inc.php in pMachine Free and pMachine Pro 2.2 and 2.2.1 allows remote attackers to execute arbitrary PHP code by modifying the pm_path parameter to reference a URL on a remote web server that contains the code. | 7.5 |
2003-06-16 | CVE-2003-0378 | Apple | Unspecified vulnerability in Apple mac OS X The Kerberos login authentication feature in Mac OS X, when used with an LDAPv3 server and LDAP bind authentication, may send cleartext passwords to the LDAP server when the AuthenticationAuthority attribute is not set. | 7.5 |
2003-06-16 | CVE-2003-0371 | Prishtina Soft | Denial-Of-Service vulnerability in Prishtina Soft Prishtina FTP V.1 Buffer overflow in Prishtina FTP client 1.x allows remote FTP servers to cause a denial of service (crash) and possibly execute arbitrary code via a long FTP banner. | 7.5 |
2003-06-16 | CVE-2003-0370 | Apple KDE Redhat Turbolinux | Konqueror Embedded and KDE 2.2.2 and earlier does not validate the Common Name (CN) field for X.509 Certificates, which could allow remote attackers to spoof certificates via a man-in-the-middle attack. | 7.5 |
2003-06-16 | CVE-2003-0354 | Redhat | Unspecified vulnerability in Redhat Linux Unknown vulnerability in GNU Ghostscript before 7.07 allows attackers to execute arbitrary commands, even when -dSAFER is enabled, via a PostScript file that causes the commands to be executed from a malicious print job. | 7.5 |
2003-06-16 | CVE-2003-0344 | Microsoft | Unspecified vulnerability in Microsoft IE and Internet Explorer Buffer overflow in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to execute arbitrary code via / (slash) characters in the Type property of an Object tag in a web page. | 7.5 |
2003-06-16 | CVE-2003-0315 | Snowblind NET | Denial-Of-Service vulnerability in Snowblind.Net Snowblind web Server 1.0 Snowblind Web Server 1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP request, which may trigger a buffer overflow. | 7.5 |
2003-06-16 | CVE-2003-0299 | Mutt Stuart Parmenter | Denial-Of-Service vulnerability in Balsa The IMAP Client, as used in mutt 1.4.1 and Balsa 2.0.10, allows remote malicious IMAP servers to cause a denial of service and possibly execute arbitrary code via certain large mailbox size values that cause either integer signedness errors or integer overflow errors. | 7.5 |
2003-06-16 | CVE-2003-0298 | Mozilla | Denial-Of-Service vulnerability in Browser The IMAP Client for Mozilla 1.3 and 1.4a allows remote malicious IMAP servers to cause a denial of service and possibly execute arbitrary code via certain large (1) literal and possibly (2) mailbox size values that cause either integer signedness errors or integer overflow errors. | 7.5 |
2003-06-16 | CVE-2003-0297 | University OF Washington | Unspecified vulnerability in University of Washington C-Client, Imap-2002B and Pine c-client IMAP Client, as used in imap-2002b and Pine 4.53, allows remote malicious IMAP servers to cause a denial of service (crash) and possibly execute arbitrary code via certain large (1) literal and (2) mailbox size values that cause either integer signedness errors or integer overflow errors. | 7.5 |
2003-06-16 | CVE-2003-0296 | Ximian | Denial-Of-Service vulnerability in Ximian Evolution 1.2.4 The IMAP Client for Evolution 1.2.4 allows remote malicious IMAP servers to cause a denial of service and possibly execute arbitrary code via certain large literal size values that cause either integer signedness errors or integer overflow errors. | 7.5 |
2003-06-16 | CVE-2003-0286 | Snitz Communications | SQL Injection vulnerability in Snitz Communications Snitz Forums 2000 SQL injection vulnerability in register.asp in Snitz Forums 2000 before 3.4.03, and possibly 3.4.07 and earlier, allows remote attackers to execute arbitrary stored procedures via the Email variable. | 7.5 |
2003-06-16 | CVE-2003-0284 | Adobe | Remote Security vulnerability in Adobe Acrobat 5.0 Adobe Acrobat 5 does not properly validate JavaScript in PDF files, which allows remote attackers to write arbitrary files into the Plug-ins folder that spread to other PDF documents, as demonstrated by the W32.Yourde virus. | 7.5 |
2003-06-16 | CVE-2002-1565 | Immunix | Denial-Of-Service vulnerability in Immunix 7 Buffer overflow in url_filename function for wget 1.8.1 allows attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a long URL. | 7.5 |
2003-06-19 | CVE-2003-1067 | SUN | Local Security vulnerability in RETIRED: Oracle Solaris Multiple buffer overflows in the (1) dbm_open function, as used in ndbm and dbm, and the (2) dbminit function in Solaris 2.6 through 9 allow local users to gain root privileges via long arguments to Xsun or other programs that use these functions. | 7.2 |
2003-06-16 | CVE-2003-0289 | Cdrtools | Unspecified vulnerability in Cdrtools Cdrecord 1.11/2.0 Format string vulnerability in scsiopen.c of the cdrecord program in cdrtools 2.0 allows local users to gain privileges via format string specifiers in the dev parameter. | 7.2 |
2003-06-16 | CVE-2002-1155 | Redhat | Unspecified vulnerability in Redhat Linux Buffer overflow in KON kon2 0.3.9b and earlier allows local users to execute arbitrary code via a long -Coding command line argument. | 7.2 |
31 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2003-06-16 | CVE-2003-0310 | EZ | Cross-Site Scripting vulnerability in EZ Publish 2.2 Cross-site scripting (XSS) vulnerability in articleview.php for eZ publish 2.2 allows remote attackers to insert arbitrary web script. | 6.8 |
2003-06-16 | CVE-2003-0295 | Jelsoft | Cross-Site Scripting vulnerability in Jelsoft Vbulletin 3.0.0Beta2 Cross-site scripting (XSS) vulnerability in private.php for vBulletin 3.0.0 Beta 2 allows remote attackers to inject arbitrary web script and HTML via the "Preview Message" capability. | 6.8 |
2003-06-16 | CVE-2003-0292 | Inktomi | Cross-Site Scripting vulnerability in Inktomi Traffic-Server 5.5.1 Cross-site scripting (XSS) vulnerability in Inktomi Traffic-Server 5.5.1 allows remote attackers to insert arbitrary web script or HTML into an error page that appears to come from the domain that the client is visiting, aka "Man-in-the-Middle" XSS. | 6.8 |
2003-06-16 | CVE-2003-0287 | SIX Apart | Unspecified vulnerability in SIX Apart Movable Type 2.63 Cross-site scripting (XSS) vulnerability in Movable Type before 2.6, and possibly other versions including 2.63, allows remote attackers to insert arbitrary web script or HTML via the Name textbox, possibly when the "Allow HTML in comments?" option is enabled. | 6.8 |
2003-06-16 | CVE-2003-0283 | Phorum | HTML Injection Variant vulnerability in Phorum Message Form Field Cross-site scripting (XSS) vulnerability in Phorum before 3.4.3 allows remote attackers to inject arbitrary web script and HTML tags via a message with a "<<" before a tag name in the (1) subject, (2) author's name, or (3) author's e-mail. | 6.8 |
2003-06-16 | CVE-2003-0278 | Happycgi COM | Cross-Site Scripting vulnerability in Happymall E-Commerce Software Normal_HTML.CGI Cross-site scripting (XSS) vulnerability in normal_html.cgi in Happycgi.com Happymall 4.3 and 4.4 allows remote attackers to insert arbitrary web script via the file parameter. | 6.8 |
2003-06-16 | CVE-2003-0217 | Neoteris | Unspecified vulnerability in Neoteris Instant Virtual Extranet 3.01 Cross-site scripting (XSS) vulnerability in Neoteris Instant Virtual Extranet (IVE) 3.01 and earlier allows remote attackers to insert arbitrary web script and bypass authentication via a certain CGI script. | 6.8 |
2003-06-16 | CVE-2003-0314 | Snowblind NET | Denial-Of-Service vulnerability in Snowblind.Net Snowblind web Server 1.0 Snowblind Web Server 1.0 allows remote attackers to cause a denial of service (crash) via a URL that ends in a "</" sequence. | 6.4 |
2003-06-16 | CVE-2003-0313 | Snowblind NET | Directory Traversal vulnerability in Snowblind.Net Snowblind web Server 1.0 Directory traversal vulnerability in Snowblind Web Server 1.0 allows remote attackers to list arbitrary directory contents via a ... | 6.4 |
2003-06-16 | CVE-2003-0312 | Snowblind NET | Directory Traversal vulnerability in Snowblind.Net Snowblind web Server 1.0 Directory traversal vulnerability in Snowblind Web Server 1.0 allows remote attackers to read arbitrary files via a .. | 6.4 |
2003-06-16 | CVE-2003-0275 | Yabb | Remote Security vulnerability in Yabb 1.5.2 SSI.php in YaBB SE 1.5.2 allows remote attackers to execute arbitrary PHP code by modifying the sourcedir parameter to reference a URL on a remote web server that contains the code. | 5.1 |
2003-06-16 | CVE-2003-0376 | Qualcomm | Denial-Of-Service vulnerability in Qualcomm Eudora 5.2.1 Buffer overflow in Eudora 5.2.1 allows remote attackers to cause a denial of service (crash and failed restart) and possibly execute arbitrary code via an Attachment Converted argument with a large number of . | 5.0 |
2003-06-16 | CVE-2003-0364 | Redhat | Unspecified vulnerability in Redhat Linux The TCP/IP fragment reassembly handling in the Linux kernel 2.4 allows remote attackers to cause a denial of service (CPU consumption) via certain packets that cause a large number of hash table collisions. | 5.0 |
2003-06-16 | CVE-2003-0316 | Fourelle Venturi Wireless | Remote Security vulnerability in Venturi Client Venturi Client before 2.2, as used in certain Fourelle and Venturi Wireless products, can be used as an open proxy for various protocols, including an open relay for SMTP, which allows it to be abused by spammers. | 5.0 |
2003-06-16 | CVE-2003-0302 | Qualcomm | Denial-Of-Service vulnerability in Qualcomm Eudora 5.2.1 The IMAP Client for Eudora 5.2.1 allows remote malicious IMAP servers to cause a denial of service and possibly execute arbitrary code via certain large literal size values that cause either integer signedness errors or integer overflow errors. | 5.0 |
2003-06-16 | CVE-2003-0301 | Microsoft | Denial-Of-Service vulnerability in Microsoft Outlook Express 6.00.2800.1106 The IMAP Client for Outlook Express 6.00.2800.1106 allows remote malicious IMAP servers to cause a denial of service (crash) via certain large literal size values that cause either integer signedness errors or integer overflow errors. | 5.0 |
2003-06-16 | CVE-2003-0300 | Microsoft Mozilla Mutt Qualcomm Stuart Parmenter Sylpheed University OF Washington Ximian | Denial-Of-Service vulnerability in Pine The IMAP Client for Sylpheed 0.8.11 allows remote malicious IMAP servers to cause a denial of service (crash) via certain large literal size values that cause either integer signedness errors or integer overflow errors. | 5.0 |
2003-06-16 | CVE-2003-0294 | PHP Proxima | Remote Security vulnerability in PHP-Proxima 6.0 autohtml.php in php-proxima 6.0 and earlier allows remote attackers to read arbitrary files via the name parameter in a modload operation. | 5.0 |
2003-06-16 | CVE-2003-0293 | Palm | Denial-Of-Service vulnerability in Palmos PalmOS allows remote attackers to cause a denial of service (CPU consumption) via a flood of ICMP echo request (ping) packets. | 5.0 |
2003-06-16 | CVE-2003-0291 | 3Com | Information Disclosure vulnerability in 3Com 3Cp4144 1.1.7 3com OfficeConnect Remote 812 ADSL Router 1.1.7 does not properly clear memory from DHCP responses, which allows remote attackers to identify the contents of previous HTTP requests by sniffing DHCP packets. | 5.0 |
2003-06-16 | CVE-2003-0290 | Etype | Denial Of Service vulnerability in Etype Eserv 2.9X Memory leak in eServ 2.9x allows remote attackers to cause a denial of service (memory exhaustion) via a large number of connections, whose memory is not freed when the connection is terminated. | 5.0 |
2003-06-16 | CVE-2003-0285 | IBM | Unspecified vulnerability in IBM AIX IBM AIX 5.2 and earlier distributes Sendmail with a configuration file (sendmail.cf) with the (1) promiscuous_relay, (2) accept_unresolvable_domains, and (3) accept_unqualified_senders features enabled, which allows Sendmail to be used as an open mail relay for sending spam e-mail. | 5.0 |
2003-06-16 | CVE-2003-0277 | Happycgi | Unspecified vulnerability in Happycgi Happymall 4.3/4.4 Directory traversal vulnerability in normal_html.cgi in Happycgi.com Happymall 4.3 and 4.4 allows remote attackers to read arbitrary files via .. | 5.0 |
2003-06-16 | CVE-2003-0276 | PI3 | Denial Of Service vulnerability in PI3 Pi3Web 2.0.1 Buffer overflow in Pi3Web 2.0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a GET request with a large number of / characters. | 5.0 |
2003-06-16 | CVE-2003-0247 | Redhat | Unspecified vulnerability in Redhat Linux Unknown vulnerability in the TTY layer of the Linux kernel 2.4 allows attackers to cause a denial of service ("kernel oops"). | 5.0 |
2003-06-16 | CVE-2003-0195 | Slackware | Denial Of Service vulnerability in Slackware Linux 8.1/9.0 CUPS before 1.1.19 allows remote attackers to cause a denial of service via a partial printing request to the IPP port (631), which does not time out. | 5.0 |
2003-06-16 | CVE-2003-0372 | Nessus | Numeric Errors vulnerability in Nessus Signed integer vulnerability in libnasl in Nessus before 2.0.6 allows local users with plugin upload privileges to cause a denial of service (core dump) and possibly execute arbitrary code by causing a negative argument to be provided to the insstr function as used in a NASL script. | 4.6 |
2003-06-16 | CVE-2003-0365 | ICQ INC | Local Security vulnerability in ICQ INC Icqlite 2003A ICQLite 2003a creates the ICQ Lite directory with an ACE for "Full Control" privileges for Interactive Users, which allows local users to gain privileges as other users by replacing the executables with malicious programs. | 4.6 |
2003-06-16 | CVE-2003-0281 | Firebirdsql | Buffer Overflow vulnerability in Firebirdsql Firebird 1.0.2 Buffer overflow in Firebird 1.0.2 and other versions before 1.5, and possibly other products that use the InterBase codebase, allows local users to execute arbitrary code via a long INTERBASE environment variable when calling (1) gds_inet_server, (2) gds_lock_mgr, or (3) gds_drop. | 4.6 |
2003-06-16 | CVE-2003-0373 | Nessus | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Nessus Multiple buffer overflows in libnasl in Nessus before 2.0.6 allow local users with plugin upload privileges to cause a denial of service (core dump) and possibly execute arbitrary code via (1) a long proto argument to the scanner_add_port function, (2) a long user argument to the ftp_log_in function, (3) a long pass argument to the ftp_log_in function. | 4.4 |
2003-06-16 | CVE-2003-0375 | XMB Forum | Unspecified vulnerability in XMB Forum XMB 1.11/1.6/1.8 Cross-site scripting (XSS) vulnerability in member.php of XMBforum XMB 1.8.x (aka Partagium) allows remote attackers to insert arbitrary HTML and web script via the "member" parameter. | 4.3 |
3 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2003-06-16 | CVE-2003-0246 | Linux | Unspecified vulnerability in Linux Kernel The ioperm system call in Linux kernel 2.4.20 and earlier does not properly restrict privileges, which allows local users to gain read or write access to certain I/O ports. | 3.6 |
2003-06-16 | CVE-2003-0282 | Info ZIP SCO | Directory traversal vulnerability in UnZip 5.50 allows attackers to overwrite arbitrary files via invalid characters between two . | 2.6 |
2003-06-16 | CVE-2003-0279 | Francisco Burzi | Remote SQL Injection vulnerability in PHPNuke Web_Links Module Multiple SQL injection vulnerabilities in the Web_Links module for PHP-Nuke 5.x through 6.5 allows remote attackers to steal sensitive information via numeric fields, as demonstrated using (1) the viewlink function and cid parameter, or (2) index.php. | 2.6 |