Weekly Vulnerabilities Reports > February 2 to 8, 2004
Overview
33 new vulnerabilities reported during this period, including 0 critical vulnerabilities and 20 high severity vulnerabilities. This weekly summary report vulnerabilities in 47 products from 32 vendors including Microsoft, IBM, Phpgroupware, Apple, and Apache. Vulnerabilities are notably categorized as "Permissions, Privileges, and Access Controls", and "Improper Input Validation".
- 27 reported vulnerabilities are remotely exploitables.
- 33 reported vulnerabilities are exploitable by an anonymous user.
- Microsoft has the most reported vulnerabilities, with 7 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
0 Critical Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|
20 High Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2004-02-08 | CVE-2004-2087 | Sandsurfer | User Authentication vulnerability in Sandsurfer 1.6.5 Unknown vulnerability in SandSurfer before 1.7.0 allows remote attackers to gain access as a logged-in user. | 7.5 |
| 2004-02-08 | CVE-2004-1244 | Microsoft | Unspecified vulnerability in Microsoft Windows Media Player 9 Windows Media Player 9 allows remote attackers to execute arbitrary code via a PNG file containing large (1) width or (2) height values, aka the "PNG Processing Vulnerability." | 7.5 |
| 2004-02-03 | CVE-2004-1082 | Apache Apple Avaya HP IBM Openbsd SCO SUN | mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials. | 7.5 |
| 2004-02-03 | CVE-2004-0045 | ISC | Buffer Overrun vulnerability in ISC INN 2.4.0 Buffer overflow in the ARTpost function in art.c in the control message handling code for INN 2.4.0 may allow remote attackers to execute arbitrary code. | 7.5 |
| 2004-02-03 | CVE-2004-0044 | Cisco | Unspecified vulnerability in Cisco Personal Assistant 1.4(1)/1.4(2) Cisco Personal Assistant 1.4(1) and 1.4(2) disables password authentication when "Allow Only Cisco CallManager Users" is enabled and the Corporate Directory settings refer to the directory service being used by Cisco CallManager, which allows remote attackers to gain access with a valid username. | 7.5 |
| 2004-02-03 | CVE-2004-0043 | Yahoo | Buffer Overrun Variant vulnerability in Yahoo! Messenger File Transfer Buffer overflow in Yahoo Instant Messenger 5.6.0.1351 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long filename in the download feature. | 7.5 |
| 2004-02-03 | CVE-2004-0041 | MOD Auth Shadow | Permissions, Privileges, and Access Controls vulnerability in MOD Auth Shadow MOD Auth Shadow The mod_auth_shadow module 1.4 and earlier does not properly enforce the expiration of a user account and password, which could allow remote authenticated users to bypass intended access restrictions. | 7.5 |
| 2004-02-03 | CVE-2004-0028 | Samba | Remote Arbitrary Command Execution vulnerability in Samba Jitterbug 1.6.2 jitterbug 1.6.2 does not properly sanitize inputs, which allows remote authenticated users to execute arbitrary commands. | 7.5 |
| 2004-02-03 | CVE-2004-0017 | Phpgroupware | Module SQL Injection vulnerability in PHPgroupware 0.9.14 Multiple SQL injection vulnerabilities in the (1) calendar and (2) infolog modules for phpgroupware 0.9.14 allow remote attackers to perform unauthorized database operations. | 7.5 |
| 2004-02-03 | CVE-2004-0016 | Phpgroupware | Unspecified vulnerability in PHPgroupware 0.9.14 The calendar module for phpgroupware 0.9.14 does not enforce the "save extension" feature for holiday files, which allows remote attackers to create and execute PHP files. | 7.5 |
| 2004-02-03 | CVE-2003-0902 | Minimalist | Unspecified vulnerability in Minimalist 2.2/2.4 Unknown vulnerability in minimalist mailing list manager 2.4, 2.2, and possibly other versions, allows remote attackers to execute arbitrary commands. | 7.5 |
| 2004-02-03 | CVE-2003-0823 | Microsoft | Unspecified vulnerability in Microsoft IE and Internet Explorer Internet Explorer 6 SP1 and earlier allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by calling the window.moveBy method, aka HijackClick, a different vulnerability than CVE-2003-1027. | 7.5 |
| 2004-02-03 | CVE-2003-0817 | Microsoft | Unspecified vulnerability in Microsoft IE and Internet Explorer Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions and read arbitrary files via an XML object. | 7.5 |
| 2004-02-03 | CVE-2003-0816 | Microsoft | Unspecified vulnerability in Microsoft IE and Internet Explorer Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions by (1) using the NavigateAndFind method to load a file: URL containing Javascript, as demonstrated by NAFfileJPU, (2) using the window.open method to load a file: URL containing Javascript, as demonstrated using WsOpenFileJPU, (3) setting the href property in the base tag for the _search window, as demonstrated using WsBASEjpu, (4) loading the search window into an Iframe, as demonstrated using WsFakeSrc, (5) caching a javascript: URL in the browser history, then accessing that URL in the same frame as the target domain, as demonstrated using WsOpenJpuInHistory, NAFjpuInHistory, BackMyParent, BackMyParent2, and RefBack, aka the "Script URLs Cross Domain" vulnerability. | 7.5 |
| 2004-02-03 | CVE-2003-0815 | Microsoft | Unspecified vulnerability in Microsoft IE and Internet Explorer Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and read arbitrary files by (1) modifying the createTextRange method and using CreateLink, as demonstrated using LinkillerSaveRef, LinkillerJPU, and Linkiller, or (2) modifying the createRange method and using the FIND dialog to select text, as demonstrated using Findeath, aka the "Function Pointer Override Cross Domain" vulnerability. | 7.5 |
| 2004-02-03 | CVE-2003-0814 | Microsoft | Unspecified vulnerability in Microsoft IE and Internet Explorer Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and execute Javascript by setting the window's "href" to the malicious Javascript, then calling execCommand("Refresh") to refresh the page, aka BodyRefreshLoadsJPU or the "ExecCommand Cross Domain" vulnerability. | 7.5 |
| 2004-02-03 | CVE-2003-0119 | IBM | Unspecified vulnerability in IBM AIX 4.3.3/5.1/5.2 The secldapclntd daemon in AIX 4.3, 5.1 and 5.2 uses an Internet socket when communicating with the loadmodule, which allows remote attackers to directly connect to the daemon and conduct unauthorized activities. | 7.5 |
| 2004-02-06 | CVE-2004-2073 | Vserver | Linux-VServer 1.24 allows local users with root privileges on a virtual server to gain access to the filesystem outside the virtual server via a modified chroot-again exploit using the chmod command. | 7.2 |
| 2004-02-03 | CVE-2004-0015 | Vbox3 | Local Privilege Escalation vulnerability in VBox3 For ISDN4Linux vbox3 0.1.8 and earlier does not properly drop privileges before executing a user-provided TCL script, which allows local users to gain privileges. | 7.2 |
| 2004-02-03 | CVE-2003-0994 | Symantec | Unspecified vulnerability in Symantec products The GUI functionality for an interactive session in Symantec LiveUpdate 1.70.x through 1.90.x, as used in Norton Internet Security 2001 through 2004, SystemWorks 2001 through 2004, and AntiVirus and Norton AntiVirus Pro 2001 through 2004, AntiVirus for Handhelds v3.0, allows local users to gain SYSTEM privileges. | 7.2 |
11 Medium Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2004-02-08 | CVE-2004-2077 | Nadeo | Remote Denial of Service vulnerability in Nadeo Game Engine, Trackmania and Virtual Skipper Nadeo Game Engine for Nadeo TrackMania and Nadeo Virtual Skipper 3 allows remote attackers to cause a denial of service (server crash) via malformed data to TCP port 2350, possibly due to long values or incorrect size fields. | 5.0 |
| 2004-02-07 | CVE-2004-2090 | Microsoft | Unspecified vulnerability in Microsoft IE and Internet Explorer Microsoft Internet Explorer 5.0.1 through 6.0 allows remote attackers to determine the existence of arbitrary files via the VBScript LoadPicture method, which returns an error code if the file does not exist. | 5.0 |
| 2004-02-06 | CVE-2004-2089 | Matrix | Matrix FTP Server allows remote attackers to cause a denial of service (crash) by logging in using four spaces as the username and password and then issuing a LIST command. | 5.0 |
| 2004-02-06 | CVE-2004-2086 | Sambar | Buffer Overflow vulnerability in Sambar Server 6.0 Stack-based buffer overflow in results.stm for Sambar Server before the 6.0 production release allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP POST request with a long query parameter. | 5.0 |
| 2004-02-03 | CVE-2004-0042 | Beasts | Remote Security vulnerability in Beasts Vsftpd 1.1.3 vsftpd 1.1.3 generates different error messages depending on whether or not a valid username exists, which allows remote attackers to identify valid usernames. | 5.0 |
| 2004-02-03 | CVE-2004-0013 | Jabber Software Foundation | Denial of Service vulnerability in Jabber Server SSL Handling jabber 1.4.2, 1.4.2a, and possibly earlier versions, does not properly handle SSL connections, which allows remote attackers to cause a denial of service (crash). | 5.0 |
| 2004-02-03 | CVE-2003-0368 | Nokia | Improper Input Validation vulnerability in Nokia Ggsn Release1 Nokia Gateway GPRS support node (GGSN) allows remote attackers to cause a denial of service (kernel panic) via a malformed IP packet with a 0xFF TCP option. | 5.0 |
| 2004-02-03 | CVE-2003-0949 | Michael Bischoff | Local Command Execution vulnerability in Michael Bischoff Xsok 1.02 xsok 1.02 does not properly drop privileges before finding and executing the "gunzip" program, which allows local users to execute arbitrary commands. | 4.6 |
| 2004-02-07 | CVE-2004-2084 | Jshop E Commerce | Cross-Site Scripting vulnerability in JShop E-Commerce Suite xSearch Cross-site scripting (XSS) vulnerability in search.php in JShop E-Commerce Server allows remote attackers to inject arbitrary web script or HTML via the xSearch parameter. | 4.3 |
| 2004-02-04 | CVE-2004-2085 | Brad Fears | HTML Injection vulnerability in Brad Fears PHPCodeCabinet comments.php Multiple cross-site scripting (XSS) vulnerabilities in Brad Fears phpCodeCabinet 0.4 and earlier allow remote attackers to inject arbitrary web script or HTML via multiple parameters, including (1) the sid parameter to comments.php, (2) the cid, cf, or rfd parameters to category.php, or the cid parameter to (3) input.php, (4) browse.php, (5) themes/facade/header.php, or (6) themes/phpcc/header.php. | 4.3 |
| 2004-02-03 | CVE-2004-0046 | Snapstream | Cross-Site Scripting vulnerability in SnapStream PVS Lite Cross-site scripting (XSS) vulnerability in SnapStream PVS LITE allows remote attackers to inject arbitrary web script or HTML via a GET request containing a terminating '"' (double quote) character. | 4.3 |
2 Low Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2004-02-03 | CVE-2003-0175 | SGI | Local Denial Of Service vulnerability in SGI IRIX PIOCSWATCH SGI IRIX before 6.5.21 allows local users to cause a denial of service (kernel panic) via a certain call to the PIOCSWATCH ioctl. | 2.1 |
| 2004-02-03 | CVE-2002-0712 | Entrust | Authorization Circumvention vulnerability in Entrust Authority Security Manager 5.0/6.0 Entrust Authority Security Manager (EASM) 6.0 does not properly require multiple master users to change the password of a master user, which could allow a master user to perform operations that require multiple authorizations. | 2.1 |