Weekly Vulnerabilities Reports > February 9 to 15, 2004
Overview
9 new vulnerabilities reported during this period, including 0 critical vulnerabilities and 2 high severity vulnerabilities. This weekly summary report vulnerabilities in 7 products from 7 vendors including RED M, Microsoft, GNU, Karjasoft, and Sophos. Vulnerabilities are notably categorized as .
- 8 reported vulnerabilities are remotely exploitables.
- 9 reported vulnerabilities are exploitable by an anonymous user.
- RED M has the most reported vulnerabilities, with 3 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
0 Critical Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|
2 High Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2004-02-11 | CVE-2003-1214 | Visualshapers | Security Bypass vulnerability in ezContents Unknown vulnerability in the server login for VisualShapers ezContents 2.02 and earlier allows remote attackers to bypass access restrictions and gain access to restricted functions. | 7.5 |
| 2004-02-09 | CVE-2004-2079 | RED M | Remote vulnerability in Red-M Red-Alert 2.7.5V3.1Build24 Red-M Red-Alert 2.7.5 with software 3.1 build 24 binds authentication to IP addresses, which allows remote attackers to bypass authentication by connecting from the same IP address as an active authenticated user. | 7.5 |
6 Medium Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2004-02-13 | CVE-2004-2082 | Karjasoft | Denial Of Service vulnerability in Karjasoft Sami FTP Server 1.1.3 The samiftp.dll library in Sami FTP Server 1.1.3 allows remote authenticated users to cause a denial of service (pmsystem.exe crash) via a GET request wit a large number of leading "/" (slash) characters. | 5.0 |
| 2004-02-12 | CVE-2004-2088 | Sophos | Unspecified vulnerability in Sophos Anti-Virus 3.4.6/3.78 Sophos Anti-Virus 3.78 allows remote attackers to bypass virus scanning by using a qmail generated Delivery Status Notification (DSN) where the original email is not included in the bounce message. | 5.0 |
| 2004-02-10 | CVE-2004-2091 | Microsoft | Unspecified vulnerability in Microsoft Baseline Security Analyzer 1.2 Microsoft Baseline Security Analyzer (MBSA) 1.2 does not correctly identify systems that have been patched but remain vulnerable to exploit until the system is rebooted, possibly giving the administrator a false sense of security. | 5.0 |
| 2004-02-09 | CVE-2004-2080 | RED M | Remote vulnerability in Red-M Red-Alert 2.7.5V3.1Build24 Red-M Red-Alert 2.7.5 with software 3.1 build 24 converts multiple spaces in a Service Set Identifier (SSID) to a single space, which prevents Red-Alert from correctly identifying the SSID. | 5.0 |
| 2004-02-09 | CVE-2004-2078 | RED M | Remote vulnerability in Red-M Red-Alert 2.7.5V3.1Build24 Red-M Red-Alert 2.7.5 with software 3.1 build 24 allows remote attackers to cause a denial of service (reboot and loss of logged events) via a long request to TCP port 80, possibly triggering a buffer overflow. | 5.0 |
| 2004-02-09 | CVE-2004-2093 | GNU | Denial-Of-Service vulnerability in rsync Buffer overflow in the open_socket_out function in socket.c for rsync 2.5.7 and earlier allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long RSYNC_PROXY environment variable. | 4.6 |
1 Low Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2004-02-11 | CVE-2004-2083 | Opera | Unspecified vulnerability in Opera Browser Opera Web Browser 7.0 through 7.23 allows remote attackers to trick users into executing a malicious file by embedding a CLSID in the file name, which causes the malicious file to appear as a trusted file type, aka "File Download Extension Spoofing." | 2.6 |