Weekly Vulnerabilities Reports > March 8 to 14, 2004
Overview
4 new vulnerabilities reported during this period, including 2 critical vulnerabilities and 0 high severity vulnerabilities. This weekly summary report vulnerabilities in 3 products from 3 vendors including Cpanel, SUN, and Myproxy. Vulnerabilities are notably categorized as .
- 4 reported vulnerabilities are remotely exploitables.
- 4 reported vulnerabilities are exploitable by an anonymous user.
- Cpanel has the most reported vulnerabilities, with 2 reported vulnerabilities.
- Cpanel has the most reported critical vulnerabilities, with 2 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
2 Critical Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2004-03-11 | CVE-2004-1770 | Cpanel | Remote Command Execution vulnerability in cPanel Login Script The login page for cPanel 9.1.0, and possibly other versions, allows remote attackers to execute arbitrary code via shell metacharacters in the user parameter. | 10.0 |
| 2004-03-11 | CVE-2004-1769 | Cpanel | Remote Command Execution vulnerability in cPanel Resetpass The "Allow cPanel users to reset their password via email" feature in cPanel 9.1.0 build 34 and earlier, including 8.x, allows remote attackers to execute arbitrary code via the user parameter to resetpass. | 10.0 |
0 High Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|
2 Medium Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2004-03-11 | CVE-2003-1199 | Myproxy | Cross-Site Scripting vulnerability in Myproxy 20030629 Cross-site scripting (XSS) vulnerability in MyProxy 20030629 allows remote attackers to inject arbitrary web script or HTML via the URL. | 6.8 |
| 2004-03-12 | CVE-2004-1358 | SUN | Unspecified vulnerability in SUN Solaris 9.0 The patches (1) 114332-08 and (2) 114929-06 for Sun Solaris 9 disable the auditing functionality of the Basic Security Module (BSM), which allows attackers to avoid having their activity logged. | 5.0 |
0 Low Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|