Weekly Vulnerabilities Reports > January 26 to February 1, 2004

Overview

6 new vulnerabilities reported during this period, including 0 critical vulnerabilities and 2 high severity vulnerabilities. This weekly summary report vulnerabilities in 7 products from 6 vendors including IBM, Oracle, Crob, Cvsup, and PJ CGI NEO Review. Vulnerabilities are notably categorized as .

  • 3 reported vulnerabilities are remotely exploitables.
  • 6 reported vulnerabilities are exploitable by an anonymous user.
  • IBM has the most reported vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

0 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS

2 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2004-01-29 CVE-2004-2034 Wildtangent Remote Filename Buffer Overflow vulnerability in Wildtangent Webdriver 4.0

Buffer overflow in the (1) WTHoster and (2) WebDriver modules in WildTangent Web Driver 4.0 allows remote attackers to execute arbitrary code via a long filename.

7.5
2004-01-27 CVE-2004-2131 IBM Multiple vulnerability in IBM products

Stack-based buffer overflow in ontape for IBM Informix Dynamic Server (IDS) 9.40.xC3 and earlier allows local users, with DSA privileges, to execute arbitrary code via a long ONCONFIG environment variable.

7.2

4 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2004-02-01 CVE-2003-1207 Crob Denial Of Service vulnerability in Crob FTP Server 3.5.1

Crob FTP Server 3.5.1 allows remote authenticated users to cause a denial of service (crash) via a dir command with a large number of "." characters followed by a "/*" string.

5.0
2004-01-29 CVE-2004-2132 PJ CGI NEO Review Directory Traversal vulnerability in PJ CGI Neo Review

Directory traversal vulnerability in PJreview_Neo.cgi in PJ CGI Neo review allows remote attackers to read arbitrary files via a ..

5.0
2004-01-29 CVE-2004-2133 Cvsup Unspecified vulnerability in Cvsup Cvsup16.1H2.I386.Rpm/Cvsup16.1H36.I586.Rpm/Cvsup16.1H43.I586.Rpm

Certain third-party packages for CVSup 16.1h, such as SuSE Linux, contain untrusted paths in the ELF RPATH fields of certain executables, which could allow local users to execute arbitrary code by causing cvsup to link against malicious libraries that are created in world-writable directories such as /usr/src/packages.

4.6
2004-01-28 CVE-2004-2134 Oracle Unspecified vulnerability in Oracle Application Server

Oracle toplink mapping workBench uses a weak encryption algorithm for passwords, which allows local users to decrypt the passwords.

4.6

0 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS