Weekly Vulnerabilities Reports > April 5 to 11, 2004
Overview
13 new vulnerabilities reported during this period, including 0 critical vulnerabilities and 6 high severity vulnerabilities. This weekly summary report vulnerabilities in 7 products from 7 vendors including Tiki, Lcdproc, X Micro, Microsoft, and SUN. Vulnerabilities are notably categorized as "Information Exposure", "Cross-site Scripting", "Path Traversal", and "Code Injection".
- 13 reported vulnerabilities are remotely exploitables.
- 2 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 13 reported vulnerabilities are exploitable by an anonymous user.
- Tiki has the most reported vulnerabilities, with 4 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
0 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|
6 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2004-04-11 | CVE-2004-1926 | Tiki | Code Injection vulnerability in Tiki Tikiwiki Cms/Groupware 1.6.1/1.8.1 Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote attackers to inject arbitrary code via the (1) Theme, (2) Country, (3) Real Name, or (4) Displayed time zone fields in a User Profile, or the (5) Name, (6) Description, (7) URL, or (8) Country fields in a Directory/Add Site operation. | 7.5 |
2004-04-10 | CVE-2004-1921 | X Micro | Unspecified vulnerability in X-Micro Wlan 11B Broadband Router Firmware X-Micro WLAN 11b Broadband Router 1.6.0.1 has a hardcoded "1502" username and password, which could allow remote attackers to gain access. | 7.5 |
2004-04-10 | CVE-2004-1920 | X Micro | Unspecified vulnerability in X-Micro Wlan 11B Broadband Router Firmware X-Micro WLAN 11b Broadband Router 1.2.2, 1.2.2.3, 1.2.2.4, and 1.6.0.0 has a hardcoded "super" username and password, which could allow remote attackers to gain access. | 7.5 |
2004-04-08 | CVE-2004-1917 | Lcdproc | Remote vulnerability in LCDproc LCDd Format string vulnerability in test_func_func in LCDProc 0.4.1 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the str variable. | 7.5 |
2004-04-08 | CVE-2004-1916 | Lcdproc | Remote vulnerability in LCDproc LCDd Multiple buffer overflows in LCDProc 0.4.1, and possibly other 0.4.x versions up to 0.4.4, allows remote attackers to execute arbitrary code via (1) a long invalid command to parse_all_client_messages function, or (2) long argv command to test_func_func function. | 7.5 |
2004-04-08 | CVE-2004-1915 | Lcdproc | Remote vulnerability in LCDproc LCDd Buffer overflow in the parse_all_client_messages function in LCDproc 0.4.x up to 0.4.4 allows remote attackers to execute arbitrary code via a large number of arguments. | 7.5 |
6 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2004-04-11 | CVE-2004-1927 | Tiki | Path Traversal vulnerability in Tiki Tikiwiki Cms/Groupware 1.6.1/1.8.1 Directory traversal vulnerability in the map feature (tiki-map.phtml) in Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote attackers to determine the existence of arbitrary files via .. | 5.0 |
2004-04-11 | CVE-2004-1923 | Tiki | Information Exposure vulnerability in Tiki Tikiwiki Cms/Groupware 1.6.1/1.8.1 Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote attackers to gain sensitive information via a direct request to (1) banner_click.php, (2) categorize.php, (3) tiki-admin_include_directory.php, (4) tiki-directory_search.php, which reveal the web server path in an error message. | 5.0 |
2004-04-09 | CVE-2004-1919 | Crackalaka | Remote Denial of Service vulnerability in Crackalaka 1.0.8 The hash_strcmp function in hasch.c in Crackalaka 1.0.8 allows remote attackers to cause a denial of service (crash) via large malformed strings. | 5.0 |
2004-04-09 | CVE-2004-1918 | Rsniff | Remote Denial of Service vulnerability in Rsniff 1.0 RSniff 1.0 allows remote attackers to cause a denial of service (connection exhaustion) via a large number of connections with a command other than AUTHENTICATE, or without any data, which prevents the socket from being closed properly. | 5.0 |
2004-04-07 | CVE-2004-1357 | SUN | Unspecified vulnerability in SUN Solaris 9.0 The Secure Shell (SSH) Daemon (SSHD) in Sun Solaris 9 does not properly log IP addresses when SSHD is configured with the ListenAddress as 0.0.0.0, which makes it easier for remote attackers to hide the source of their activities. | 5.0 |
2004-04-11 | CVE-2004-1924 | Tiki | Cross-Site Scripting vulnerability in Tiki Tikiwiki Cms/Groupware 1.6.1/1.8.1 Multiple cross-site scripting (XSS) vulnerabilities in Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allow remote attackers to inject arbitrary web script or HTML via via the (1) theme parameter to tiki-switch_theme.php, (2) find and priority parameters to messu-mailbox.php, (3) flag, priority, flagval, sort_mode, or find parameters to messu-read.php, (4) articleId parameter to tiki-read_article.php, (5) parentId parameter to tiki-browse_categories.php, (6) comments_threshold parameter to tiki-index.php (7) articleId parameter to tiki-print_article.php, (8) galleryId parameter to tiki-list_file_gallery.php, (9) galleryId parameter to tiki-upload_file.php, (10) faqId parameter to tiki-view_faq.php, (11) chartId parameter to tiki-view_chart.php, or (12) surveyId parameter to tiki-survey_stats_survey.php. | 4.3 |
1 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2004-04-11 | CVE-2004-1922 | Microsoft | Unspecified vulnerability in Microsoft Internet Explorer 5.5/6.0 Microsoft Internet Explorer 5.5 and 6.0 allocates memory based on the memory size written in the BMP file instead of the actual BMP file size, which allows remote attackers to cause a denial of service (memory consumption) via a small BMP file with has a large memory size. | 2.6 |