Weekly Vulnerabilities Reports > March 15 to 21, 2004
Overview
36 new vulnerabilities reported during this period, including 1 critical vulnerabilities and 18 high severity vulnerabilities. This weekly summary report vulnerabilities in 44 products from 25 vendors including Apple, Warpspeed, Expinion NET, Linux, and Symantec. Vulnerabilities are notably categorized as .
- 32 reported vulnerabilities are remotely exploitables.
- 36 reported vulnerabilities are exploitable by an anonymous user.
- Apple has the most reported vulnerabilities, with 5 reported vulnerabilities.
- Apple has the most reported critical vulnerabilities, with 1 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
1 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2004-03-15 | CVE-2004-0168 | Apple | Unspecified vulnerability in Apple mac OS X and mac OS X Server Unknown vulnerability in CoreFoundation for Mac OS X 10.3.2, related to "notification logging." | 10.0 |
18 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2004-03-20 | CVE-2004-1847 | Expinion NET | Multiple vulnerability in Expinion.net News Manager Lite News Manager Lite 2.5 allows remote attackers to bypass authentication and gain administrator privileges by setting the ADMIN parameter in the NEWS_LOGIN cookie. | 7.5 |
2004-03-20 | CVE-2004-1846 | Expinion NET | Multiple vulnerability in Expinion.Net News Manager Lite 2.5 Multiple SQL injection vulnerabilities in News Manager Lite 2.5 allow remote attackers to execute arbitrary SQL code via the (1) ID parameter to more.asp, (2) ID parameter to category_news.asp, or (3) filter parameter to news_sort.asp. | 7.5 |
2004-03-20 | CVE-2004-1843 | Expinion NET | SQL Injection vulnerability in Expinion.net Member Management System ID Parameter SQL injection vulnerability in Member Management System 2.1 allows remote attackers to execute arbitrary SQL via the ID parameter to (1) resend.asp or (2) news_view.asp. | 7.5 |
2004-03-20 | CVE-2004-1833 | Borland Software | Privilege Escalation vulnerability in Borland Interbase Database User The admin.ib file in Borland Interbase 7.1 for Linux has default world writable permissions, which allows local users to gain database administrative privileges. | 7.5 |
2004-03-16 | CVE-2004-1826 | Mambo | SQL Injection vulnerability in Mambo Open Source SQL injection vulnerability in index.php in Mambo Open Source 4.5 stable 1.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2004-03-15 | CVE-2004-1821 | Warpspeed | Multiple vulnerability in Warpspeed 4Nalbum Module 0.92 SQL injection vulnerability in 4nalbum 0.92 for PHP-Nuke 6.5 through 7.0 allows remote attackers to gain privileges or perform unauthorized database operations via the gid parameter. | 7.5 |
2004-03-15 | CVE-2004-1820 | Warpspeed | Multiple vulnerability in Warpspeed 4Nalbum Module 0.92 PHP remote file inclusion vulnerability in displaycategory.php in 4nalbum 0.92 for PHP-Nuke 6.5 through 7.0 allows remote attackers to execute arbitrary PHP code by modifying the basepath parameter to reference a URL on a remote web server that contains fileFunctions.php. | 7.5 |
2004-03-15 | CVE-2004-0193 | ISS | Heap Overflow vulnerability in Internet Security Systems Protocol Analysis Module SMB Parsing Heap-based buffer overflow in the ISS Protocol Analysis Module (PAM), as used in certain versions of RealSecure Network 7.0 and Server Sensor 7.0, Proventia A, G, and M Series, RealSecure Desktop 7.0 and 3.6, RealSecure Guard 3.6, RealSecure Sentry 3.6, BlackICE PC Protection 3.6, and BlackICE Server Protection 3.6, allows remote attackers to execute arbitrary code via an SMB packet containing an authentication request with a long username. | 7.5 |
2004-03-15 | CVE-2004-0190 | Symantec | Unspecified vulnerability in Symantec products Symantec FireWall/VPN Appliance model 200 records a cleartext password for the password administration page, which may be cached on the administrator's local system or in a proxy, which allows attackers to steal the password and gain privileges. | 7.5 |
2004-03-15 | CVE-2004-0189 | Squid | Unspecified vulnerability in Squid The "%xx" URL decoding function in Squid 2.5STABLE4 and earlier allows remote attackers to bypass url_regex ACLs via a URL with a NULL ("%00") character, which causes Squid to use only a portion of the requested URL when comparing it against the access control lists. | 7.5 |
2004-03-15 | CVE-2004-0167 | Apple | Remote vulnerability in Multiple Apple Mac OS X Local And DiskArbitration in Mac OS X 10.2.8 and 10.3.2 does not properly initialize writeable removable media. | 7.5 |
2004-03-15 | CVE-2004-0159 | Samhain Labs | Remote Format String vulnerability in Samhain Labs HSFTP Format string vulnerability in hsftp 1.11 allows remote authenticated users to cause a denial of service and possibly execute arbitrary code via file names containing format string characters that are not properly handled when executing an "ls" command. | 7.5 |
2004-03-15 | CVE-2004-0110 | SGI Xmlsoft | Remote URI Parsing Buffer Overrun vulnerability in libxml2 Buffer overflow in the (1) nanohttp or (2) nanoftp modules in XMLSoft Libxml 2 (Libxml2) 2.6.0 through 2.6.5 allow remote attackers to execute arbitrary code via a long URL. | 7.5 |
2004-03-15 | CVE-2004-0094 | Xfree86 Project | Buffer Overflow vulnerability in XFree86 Direct Rendering Infrastructure Integer signedness errors in XFree86 4.1.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code when using the GLX extension and Direct Rendering Infrastructure (DRI). | 7.5 |
2004-03-15 | CVE-2004-0093 | Xfree86 Project | Buffer Overflow vulnerability in XFree86 Direct Rendering Infrastructure XFree86 4.1.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an out-of-bounds array index when using the GLX extension and Direct Rendering Infrastructure (DRI). | 7.5 |
2004-03-15 | CVE-2004-0188 | Calife | Unspecified vulnerability in Calife 2.8.4C/2.8.5 Heap-based buffer overflow in Calife 2.8.5 and earlier may allow local users to execute arbitrary code via a long password. | 7.2 |
2004-03-15 | CVE-2004-0186 | Samba Linux | Local Privilege Elevation vulnerability in Linux Kernel Samba Share smbmnt in Samba 2.x and 3.x on Linux 2.6, when installed setuid, allows local users to gain root privileges by mounting a Samba share that contains a setuid root program, whose setuid attributes are not cleared when the share is mounted. | 7.2 |
2004-03-15 | CVE-2004-0172 | Juan Cespedes | Local Command Line Parameter Heap Overflow vulnerability in Juan Cespedes Ltrace 0.3.10 Heap-based buffer overflow in the search_for_command function of ltrace 0.3.10, if it is installed setuid, could allow local users to execute arbitrary code via a long filename. | 7.2 |
16 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2004-03-15 | CVE-2004-1818 | Warpspeed | Multiple vulnerability in WarpSpeed 4nAlbum Module For PHPNuke Cross-site scripting (XSS) vulnerability in nmimage.php in 4nalbum 0.92 for PHP-Nuke 6.5 through 7.0 allows remote attackers to execute arbitrary script as other users by injecting arbitrary script into the z parameter. | 6.8 |
2004-03-15 | CVE-2004-0192 | Symantec | Cross-Site Scripting vulnerability in Symantec Gateway Security 5400 2.0 Cross-site scripting (XSS) vulnerability in the Management Service for Symantec Gateway Security 2.0 allows remote attackers to steal cookies and hijack a management session via a /sgmi URL that contains malicious script, which is not quoted in the resulting error page. | 6.8 |
2004-03-15 | CVE-2004-0191 | Mozilla | Cross-Site Scripting vulnerability in Mozilla Browser Zombie Document Mozilla before 1.4.2 executes Javascript events in the context of a new page while it is being loaded, allowing it to interact with the previous page (zombie document) and enable cross-domain and cross-site scripting (XSS) attacks, as demonstrated using onmousemove events. | 6.8 |
2004-03-19 | CVE-2004-1853 | Atari | Remote Client Buffer Overflow vulnerability in Atari Terminator 3 WAR of the Machines 1.0 Buffer overflow in Terminator 3: War of the Machines 1.0 allows remote attackers to cause a denial of service via a long ServerInfo variable. | 5.0 |
2004-03-18 | CVE-2004-1830 | Francisco Burzi | Multiple vulnerability in Francisco Burzi PHP-Nuke 6.0 error.php in Error Manager 2.1 for PHP-Nuke 6.0 allows remote attackers to obtain sensitive information via an invalid (1) language, (2) newlang, or (3) lang parameter, which leaks the pathname in a PHP error message. | 5.0 |
2004-03-15 | CVE-2004-1819 | Warpspeed | Multiple vulnerability in Warpspeed 4Nalbum Module 0.92 4nalbum 0.92 for PHP-Nuke 6.5 through 7.0 allows remote attackers to obtain sensitive information via a direct request to displaycategory.php, which reveals the path in an error message. | 5.0 |
2004-03-15 | CVE-2004-1816 | Macromedia SUN | Denial Of Service vulnerability in Multiple Vendor SOAP Server Undisclosed Request Unknown vulnerability in Sun Java System Application Server 7.0 Update 2 and earlier, when a SOAP web service expects an array of objects as an argument, allows remote attackers to cause a denial of service (memory consumption). | 5.0 |
2004-03-15 | CVE-2004-1815 | Macromedia SUN | Denial Of Service vulnerability in Multiple Vendor SOAP Server Undisclosed Request Unknown vulnerability in ColdFusion MX 6.0 and 6.1, and JRun 4.0, when a SOAP web service expects an array of objects as an argument, allows remote attackers to cause a denial of service (memory consumption). | 5.0 |
2004-03-15 | CVE-2004-0171 | Freebsd Openbsd | Remote Denial Of Service vulnerability in BSD Out Of Sequence Packets FreeBSD 5.1 and earlier, and Mac OS X before 10.3.4, allows remote attackers to cause a denial of service (resource exhaustion of memory buffers and system crash) via a large number of out-of-sequence TCP packets, which prevents the operating system from creating new connections. | 5.0 |
2004-03-15 | CVE-2004-0169 | Apple | Remote Denial of Service vulnerability in Apple Darwin Streaming Server 4.1.3 QuickTime Streaming Server in MacOS X 10.2.8 and 10.3.2 allows remote attackers to cause a denial of service (crash) via DESCRIBE requests with long User-Agent fields, which causes an Assert error to be triggered in the BufferIsFull function. | 5.0 |
2004-03-15 | CVE-2004-0166 | Apple | Unspecified vulnerability in Apple mac OS X and mac OS X Server Unknown vulnerability in Safari web browser for Mac OS X 10.2.8 related to "the display of URLs in the status bar." | 5.0 |
2004-03-15 | CVE-2004-0165 | Apple | Unspecified vulnerability in Apple mac OS X and mac OS X Server Format string vulnerability in Point-to-Point Protocol (PPP) daemon (pppd) 2.4.0 for Mac OS X 10.3.2 and earlier allows remote attackers to read arbitrary pppd process data, including PAP or CHAP authentication credentials, to gain privileges. | 5.0 |
2004-03-18 | CVE-2004-1829 | Error Manager | Multiple vulnerability in Error Manager PHP-Nuke Module 2.1 Multiple cross-site scripting (XSS) vulnerabilities in error.php in Gijza.net Error Manager 2.1 for PHP-Nuke 6.0 allow remote attackers to inject arbitrary web script or HTML via the (1) pagetitle or (2) error parameters, or (3) certain parameters in the error log. | 4.3 |
2004-03-16 | CVE-2004-1825 | Mambo | Cross-Site Scripting vulnerability in Mambo Open Source 4.51.0.0/4.51.0.1 Cross-site scripting (XSS) vulnerability in index.php in Mambo Open Source 4.5 stable 1.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) return or (2) mos_change_template parameters. | 4.3 |
2004-03-15 | CVE-2004-1822 | Phorum | Module Cross-Site Scripting vulnerability in Phorum Multiple cross-site scripting (XSS) vulnerabilities in Phorum 3.1 through 5.0.3 beta allow remote attackers to inject arbitrary web script or HTML via the (1) HTTP_REFERER parameter to login.php, (2) HTTP_REFERER parameter to register.php, or (3) target parameter to profile.php. | 4.3 |
2004-03-15 | CVE-2004-1817 | Francisco Burzi | Cross-Site Scripting vulnerability in Francisco Burzi PHP-Nuke 7.1 Cross-site scripting (XSS) vulnerability in modules.php in Php-Nuke 7.1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) Your Name field, (2) e-mail field, (3) nicname field, (4) fname parameter, (5) ratenum parameter, or (6) search field. | 4.3 |
1 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2004-03-15 | CVE-2004-0075 | Linux | Unspecified vulnerability in Linux Kernel The Vicam USB driver in Linux before 2.4.25 does not use the copy_from_user function when copying data from userspace to kernel space, which crosses security boundaries and allows local users to cause a denial of service. | 2.1 |