Weekly Vulnerabilities Reports > January 26 to February 1, 2004
6 new vulnerabilities reported during this period, including 0 critical vulnerabilities and 2 high severity vulnerabilities. This weekly summary report vulnerabilities in 7 products from 6 vendors including IBM, Oracle, Crob, Cvsup, and PJ CGI NEO Review. Vulnerabilities are notably categorized as .
- 3 reported vulnerabilities are remotely exploitables.
- 6 reported vulnerabilities are exploitable by an anonymous user.
- IBM has the most reported vulnerabilities, with 1 reported vulnerabilities.
The following table list reported vulnerabilities for the period covered by this report:
0 Critical Vulnerabilities
2 High Vulnerabilities
|2004-01-29||CVE-2004-2034||Wildtangent|| Remote Filename Buffer Overflow vulnerability in Wildtangent Webdriver 4.0 |
Buffer overflow in the (1) WTHoster and (2) WebDriver modules in WildTangent Web Driver 4.0 allows remote attackers to execute arbitrary code via a long filename.
|2004-01-27||CVE-2004-2131||IBM|| Multiple vulnerability in IBM products |
Stack-based buffer overflow in ontape for IBM Informix Dynamic Server (IDS) 9.40.xC3 and earlier allows local users, with DSA privileges, to execute arbitrary code via a long ONCONFIG environment variable.
4 Medium Vulnerabilities
|2004-02-01||CVE-2003-1207||Crob|| Denial Of Service vulnerability in Crob FTP Server 3.5.1 |
Crob FTP Server 3.5.1 allows remote authenticated users to cause a denial of service (crash) via a dir command with a large number of "." characters followed by a "/*" string.
|2004-01-29||CVE-2004-2132||PJ CGI NEO Review|| Directory Traversal vulnerability in PJ CGI Neo Review |
Directory traversal vulnerability in PJreview_Neo.cgi in PJ CGI Neo review allows remote attackers to read arbitrary files via a ..
|2004-01-29||CVE-2004-2133||Cvsup|| Unspecified vulnerability in Cvsup Cvsup16.1H2.I386.Rpm/Cvsup16.1H36.I586.Rpm/Cvsup16.1H43.I586.Rpm |
Certain third-party packages for CVSup 16.1h, such as SuSE Linux, contain untrusted paths in the ELF RPATH fields of certain executables, which could allow local users to execute arbitrary code by causing cvsup to link against malicious libraries that are created in world-writable directories such as /usr/src/packages.
|2004-01-28||CVE-2004-2134||Oracle|| Unspecified vulnerability in Oracle Application Server |
Oracle toplink mapping workBench uses a weak encryption algorithm for passwords, which allows local users to decrypt the passwords.
0 Low Vulnerabilities