Weekly Vulnerabilities Reports > February 16 to 22, 2004
Overview
41 new vulnerabilities reported during this period, including 2 critical vulnerabilities and 17 high severity vulnerabilities. This weekly summary report vulnerabilities in 39 products from 31 vendors including Linux, Phpgedview, LBL, Lionmax Software, and Microsoft. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", and "Cross-site Scripting".
- 35 reported vulnerabilities are remotely exploitables.
- 1 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 40 reported vulnerabilities are exploitable by an anonymous user.
- Linux has the most reported vulnerabilities, with 3 reported vulnerabilities.
- Microsoft has the most reported critical vulnerabilities, with 2 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
2 Critical Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2004-02-17 | CVE-2003-0903 | Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Data Access Components Buffer overflow in a component of Microsoft Data Access Components (MDAC) 2.5 through 2.8 allows remote attackers to execute arbitrary code via a malformed UDP response to a broadcast request. | 10.0 |
| 2004-02-17 | CVE-2003-0819 | Microsoft | Buffer Errors vulnerability in Microsoft Proxy Server 2.0 Buffer overflow in the H.323 filter of Microsoft Internet Security and Acceleration Server 2000 allows remote attackers to execute arbitrary code in the Microsoft Firewall Service via certain H.323 traffic, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol. | 10.0 |
17 High Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2004-02-17 | CVE-2004-0073 | Stoitsov | Remote PHP File Include vulnerability in Stoitsov Easydynamicpages 2.0 PHP remote file inclusion vulnerability in (1) config.php and (2) config_page.php for EasyDynamicPages 2.0 allows remote attackers to execute arbitrary PHP code by modifying the edp_relative_path parameter to reference a URL on a remote web server that contains a malicious serverdata.php script. | 7.5 |
| 2004-02-17 | CVE-2004-0070 | Visualshapers | Remote Command Execution vulnerability in VisualShapers EZContents Module.PHP PHP remote file inclusion vulnerability in module.php for ezContents allows remote attackers to execute arbitrary PHP code by modifying the link parameter to reference a URL on a remote web server that contains the code. | 7.5 |
| 2004-02-17 | CVE-2004-0069 | HD Soft | Unspecified vulnerability in HD Soft Windows FTP Server Format string vulnerability in HD Soft Windows FTP Server 1.6 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the username, which is processed by the wscanf function. | 7.5 |
| 2004-02-17 | CVE-2004-0068 | Phpdig NET | Remote Command Execution vulnerability in PHPDig Config.PHP Include PHP remote file inclusion vulnerability in config.php for PhpDig 1.6.5 and earlier allows remote attackers to execute arbitrary PHP code by modifying the $relative_script_path parameter to reference a URL on a remote web server that contains the code. | 7.5 |
| 2004-02-17 | CVE-2004-0065 | Phpgedview | SQL Injection vulnerability in PhpGedView Placelist.PHP Multiple SQL injection vulnerabilities in phpGedView before 2.65 allow remote attackers to execute arbitrary SQL via (1) timeline.php and (2) placelist.php. | 7.5 |
| 2004-02-17 | CVE-2004-0063 | Ncipher | Unspecified vulnerability in Ncipher Payshield SPP Library 1.3.12/1.5.18/1.6.18 The SPP_VerifyPVV function in nCipher payShield SPP library 1.3.12, 1.5.18 and 1.6.18 returns a Status_OK value even if the HSM returns a different status code, which could cause applications to make incorrect security-critical decisions, e.g. | 7.5 |
| 2004-02-17 | CVE-2004-0062 | Fishnet | Remote Security vulnerability in FishCart Integer overflow in the rnd arithmetic rounding function for various versions of FishCart before 3.1 allows remote attackers to "cause negative totals" via an order with a large quantity. | 7.5 |
| 2004-02-17 | CVE-2004-0061 | Lionmax Software | Security Bypass vulnerability in WWW File Share Pro WWW File Share Pro 2.42 and earlier allows remote attackers to bypass directory access restrictions via (1) a URL with a trailing . | 7.5 |
| 2004-02-17 | CVE-2004-0056 | Nortel | Unspecified vulnerability in Nortel products Multiple vulnerabilities in the H.323 protocol implementation for Nortel Networks Business Communications Manager (BCM), Succession 1000 IP Trunk and IP Peer Networking, and 802.11 Wireless IP Gateway allow remote attackers to cause a denial of service and possibly execute arbitrary code, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol. | 7.5 |
| 2004-02-17 | CVE-2004-0054 | Cisco | Unspecified vulnerability in Cisco IOS Multiple vulnerabilities in the H.323 protocol implementation for Cisco IOS 11.3T through 12.2T allow remote attackers to cause a denial of service and possibly execute arbitrary code, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol. | 7.5 |
| 2004-02-17 | CVE-2004-0004 | Openca | Unspecified vulnerability in Openca The libCheckSignature function in crypto-utils.lib for OpenCA 0.9.1.6 and earlier only compares the serial of the signer's certificate and the one in the database, which can cause OpenCA to incorrectly accept a signature if the certificate's chain is trusted by OpenCA's chain directory, allowing remote attackers to spoof requests from other users. | 7.5 |
| 2004-02-17 | CVE-2003-1030 | Dameware Development | Buffer Overflow vulnerability in Dameware Development Mini Remote Control Server 3.70.0.0/3.71.0.0/3.72.0.0 Buffer overflow in DameWare Mini Remote Control before 3.73 allows remote attackers to execute arbitrary code via a long pre-authentication request to TCP port 6129. | 7.5 |
| 2004-02-17 | CVE-2003-0989 | Redhat | Denial Of Service vulnerability in Redhat Linux and Tcpdump tcpdump before 3.8.1 allows remote attackers to cause a denial of service (infinite loop) via certain ISAKMP packets, a different vulnerability than CVE-2004-0057. | 7.5 |
| 2004-02-17 | CVE-2003-0988 | KDE | Remote Buffer Overflow vulnerability in KDE Personal Information Management Suite VCF File Buffer overflow in the VCF file information reader for KDE Personal Information Management (kdepim) suite in KDE 3.1.0 through 3.1.4 allows attackers to execute arbitrary code via a VCF file. | 7.5 |
| 2004-02-17 | CVE-2003-0966 | ELM Development Group | Remote Buffer Overflow vulnerability in ELM frm Command Buffer overflow in the frm command in elm 2.5.6 and earlier, and possibly later versions, allows remote attackers to execute arbitrary code via a long Subject line. | 7.5 |
| 2004-02-17 | CVE-2003-0700 | Redhat | Remote Security vulnerability in Kernel 2.4.208/2.4.21 The C-Media PCI sound driver in Linux before 2.4.22 does not use the get_user function to access userspace in certain conditions, which crosses security boundaries and may facilitate the exploitation of vulnerabilities, a different vulnerability than CVE-2003-0699. | 7.5 |
| 2004-02-17 | CVE-2004-0001 | Linux | Unspecified vulnerability in Linux Kernel 2.6.20.1 Unknown vulnerability in the eflags checking in the 32-bit ptrace emulation for the Linux kernel on AMD64 systems allows local users to gain privileges. | 7.2 |
18 Medium Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2004-02-17 | CVE-2004-0049 | Realnetworks | Unspecified vulnerability in Realnetworks products Helix Universal Server/Proxy 9 and Mobile Server 10 allow remote attackers to cause a denial of service via certain HTTP POST messages to the Administration System port. | 6.8 |
| 2004-02-17 | CVE-2003-0965 | GNU | Cross-Site Scripting vulnerability in GNU Mailman Admin Page Cross-site scripting (XSS) vulnerability in the admin CGI script for Mailman before 2.1.4 allows remote attackers to steal session cookies and conduct unauthorized activities. | 6.8 |
| 2004-02-21 | CVE-2004-0466 | Openconnect | Unspecified vulnerability in Openconnect Webconnect 6.4.4/6.5 WebConnect 6.5, 6.4.4, and possibly earlier versions allows remote attackers to cause a denial of service (hang) via a URL containing an MS-DOS device name such as (1) AUX, (2) CON, (3) PRN, (4) COM1, or (5) LPT1. | 5.0 |
| 2004-02-17 | CVE-2004-0095 | Mcafee | Buffer Mismanagement vulnerability in Mcafee Epolicy Orchestrator 3.6.0 McAfee ePolicy Orchestrator agent allows remote attackers to cause a denial of service (memory consumption and crash) and possibly execute arbitrary code via an HTTP POST request with an invalid Content-Length value, possibly triggering a buffer overflow. | 5.0 |
| 2004-02-17 | CVE-2004-0072 | Accipiter | Remote File Disclosure vulnerability in Accipiter Direct Server 6.0 Directory traversal vulnerability in Accipiter Direct Server 6.0 allows remote attackers to read arbitrary files via encoded \.. | 5.0 |
| 2004-02-17 | CVE-2004-0071 | Information Disclosure vulnerability in Andy's PHP Projects Man Page Lookup Script Directory traversal vulnerability in buildManPage in class.manpagelookup.php for PHP Man Page Lookup 1.2.0 allows remote attackers to read arbitrary files via the command parameter ($cmd variable) to index.php. | 5.0 | |
| 2004-02-17 | CVE-2004-0066 | Phpgedview | Remote Security vulnerability in PhpGedView phpGedView before 2.65 allows remote attackers to obtain the absolute path of the web server via malformed parameters to (1) indilist.php, (2) famlist.php, (3) placelist.php, (4) imageview.php, (5) timeline.php, (6) clippings.php, (7) login.php, and (8) gdbi.php. | 5.0 |
| 2004-02-17 | CVE-2004-0060 | Lionmax Software | Denial-Of-Service vulnerability in WWW File Share Pro WWW File Share Pro 2.42 and earlier allows remote attackers to cause a denial of service (crash) via a large POST request. | 5.0 |
| 2004-02-17 | CVE-2004-0059 | Lionmax Software | Directory Traversal vulnerability in WWW File Share Pro Directory traversal vulnerability in upload capability of WWW File Share Pro 2.42 and earlier allows remote attackers to overwrite arbitrary files via .. | 5.0 |
| 2004-02-17 | CVE-2004-0057 | LBL | Remote Buffer Overflow vulnerability in TCPDump ISAKMP Decoding Routines The rawprint function in the ISAKMP decoding routines (print-isakmp.c) for tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (segmentation fault) via malformed ISAKMP packets that cause invalid "len" or "loc" values to be used in a loop, a different vulnerability than CVE-2003-0989. | 5.0 |
| 2004-02-17 | CVE-2004-0055 | LBL | Denial Of Service vulnerability in TCPDump Malformed RADIUS Packet The print_attr_string function in print-radius.c for tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (segmentation fault) via a RADIUS attribute with a large length value. | 5.0 |
| 2004-02-17 | CVE-2003-1032 | PI3 | Buffer Overflow vulnerability in PI3 Pi3Web 2.0.2Beta1 Pi3Web web server 2.0.2 Beta 1, when the Directory Index is configured to use the "Name" column and sort using the column title as a hyperlink, allows remote attackers to cause a denial of service (crash) via a malformed URL to the web server, possibly involving a buffer overflow. | 5.0 |
| 2004-02-17 | CVE-2003-1029 | LBL | Unspecified vulnerability in LBL Tcpdump The L2TP protocol parser in tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (infinite loop and memory consumption) via a packet with invalid data to UDP port 1701, which causes l2tp_avp_print to use a bad length value when calling print_octets. | 5.0 |
| 2004-02-16 | CVE-2004-1180 | SUN Debian Mandrakesoft | Unknown vulnerability in the rwho daemon (rwhod) before 0.17, on little endian architectures, allows remote attackers to cause a denial of service (application crash). | 5.0 |
| 2004-02-17 | CVE-2004-0074 | Michael Bischoff | Local Buffer Overrun vulnerability in Michael Bischoff Xsok 1.02 Multiple buffer overflows in xsok 1.02 allows local users to gain privileges via (1) a long LANG environment variable, or (2) a long -xsokdir command line argument, a different vulnerability than CVE-2003-0949. | 4.6 |
| 2004-02-17 | CVE-2004-0067 | Phpgedview | Cross-Site Scripting vulnerability in PHPgedview Multiple cross-site scripting (XSS) vulnerabilities in phpGedView before 2.65 allow remote attackers to inject arbitrary HTML or web script via (1) descendancy.php, (2) index.php, (3) individual.php, (4) login.php, (5) relationship.php, (6) source.php, (7) imageview.php, (8) calendar.php, (9) gedrecord.php, (10) login.php, and (11) gdbi_interface.php. | 4.3 |
| 2004-02-17 | CVE-2003-1031 | Jelsoft | Cross-Site Scripting vulnerability in vBulletin Cross-site scripting (XSS) vulnerability in register.php for vBulletin 3.0 Beta 2 allows remote attackers to inject arbitrary HTML or web script via optional fields such as (1) "Interests-Hobbies", (2) "Biography", or (3) "Occupation." | 4.3 |
| 2004-02-17 | CVE-2003-0992 | GNU | Unspecified vulnerability in GNU Mailman Cross-site scripting (XSS) vulnerability in the create CGI script for Mailman before 2.1.3 allows remote attackers to steal cookies of other users. | 4.3 |
4 Low Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2004-02-17 | CVE-2003-0924 | Netpbm | Unspecified vulnerability in Netpbm netpbm 9.25 and earlier does not properly create temporary files, which allows local users to overwrite arbitrary files. | 3.7 |
| 2004-02-19 | CVE-2004-2136 | Linux | Local Security vulnerability in Linux Kernel 2.6.0 dm-crypt on Linux kernel 2.6.x, when used on certain file systems with a block size 1024 or greater, has certain "IV computation" weaknesses that allow watermarked files to be detected without decryption. | 2.1 |
| 2004-02-17 | CVE-2004-0064 | Suse | Local Insecure File Creation Symlink vulnerability in Suse Linux 9.0 The SuSEconfig.gnome-filesystem script for YaST in SuSE 9.0 allows local users to overwrite arbitrary files via a symlink attack on files within the tmp.SuSEconfig.gnome-filesystem.$RANDOM temporary directory. | 2.1 |
| 2004-02-17 | CVE-2004-0058 | Linux | Local Security vulnerability in AntiVir Antivir / Linux 2.0.9-9, and possibly earlier versions, allows local users to overwrite arbitrary files via a symlink attack on the .pid_antivir_$$ temporary file. | 2.1 |