Weekly Vulnerabilities Reports > April 5 to 11, 2004

Overview

13 new vulnerabilities reported during this period, including 0 critical vulnerabilities and 6 high severity vulnerabilities. This weekly summary report vulnerabilities in 7 products from 7 vendors including Tiki, Lcdproc, X Micro, Microsoft, and SUN. Vulnerabilities are notably categorized as "Information Exposure", "Cross-site Scripting", "Path Traversal", and "Code Injection".

  • 13 reported vulnerabilities are remotely exploitables.
  • 2 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 13 reported vulnerabilities are exploitable by an anonymous user.
  • Tiki has the most reported vulnerabilities, with 4 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

0 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS

6 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2004-04-11 CVE-2004-1926 Tiki Code Injection vulnerability in Tiki Tikiwiki Cms/Groupware 1.6.1/1.8.1

Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote attackers to inject arbitrary code via the (1) Theme, (2) Country, (3) Real Name, or (4) Displayed time zone fields in a User Profile, or the (5) Name, (6) Description, (7) URL, or (8) Country fields in a Directory/Add Site operation.

7.5
2004-04-10 CVE-2004-1921 X Micro Unspecified vulnerability in X-Micro Wlan 11B Broadband Router Firmware

X-Micro WLAN 11b Broadband Router 1.6.0.1 has a hardcoded "1502" username and password, which could allow remote attackers to gain access.

7.5
2004-04-10 CVE-2004-1920 X Micro Unspecified vulnerability in X-Micro Wlan 11B Broadband Router Firmware

X-Micro WLAN 11b Broadband Router 1.2.2, 1.2.2.3, 1.2.2.4, and 1.6.0.0 has a hardcoded "super" username and password, which could allow remote attackers to gain access.

7.5
2004-04-08 CVE-2004-1917 Lcdproc Remote vulnerability in LCDproc LCDd

Format string vulnerability in test_func_func in LCDProc 0.4.1 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the str variable.

7.5
2004-04-08 CVE-2004-1916 Lcdproc Remote vulnerability in LCDproc LCDd

Multiple buffer overflows in LCDProc 0.4.1, and possibly other 0.4.x versions up to 0.4.4, allows remote attackers to execute arbitrary code via (1) a long invalid command to parse_all_client_messages function, or (2) long argv command to test_func_func function.

7.5
2004-04-08 CVE-2004-1915 Lcdproc Remote vulnerability in LCDproc LCDd

Buffer overflow in the parse_all_client_messages function in LCDproc 0.4.x up to 0.4.4 allows remote attackers to execute arbitrary code via a large number of arguments.

7.5

6 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2004-04-11 CVE-2004-1927 Tiki Path Traversal vulnerability in Tiki Tikiwiki Cms/Groupware 1.6.1/1.8.1

Directory traversal vulnerability in the map feature (tiki-map.phtml) in Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote attackers to determine the existence of arbitrary files via ..

5.0
2004-04-11 CVE-2004-1923 Tiki Information Exposure vulnerability in Tiki Tikiwiki Cms/Groupware 1.6.1/1.8.1

Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote attackers to gain sensitive information via a direct request to (1) banner_click.php, (2) categorize.php, (3) tiki-admin_include_directory.php, (4) tiki-directory_search.php, which reveal the web server path in an error message.

5.0
2004-04-09 CVE-2004-1919 Crackalaka Remote Denial of Service vulnerability in Crackalaka 1.0.8

The hash_strcmp function in hasch.c in Crackalaka 1.0.8 allows remote attackers to cause a denial of service (crash) via large malformed strings.

5.0
2004-04-09 CVE-2004-1918 Rsniff Remote Denial of Service vulnerability in Rsniff 1.0

RSniff 1.0 allows remote attackers to cause a denial of service (connection exhaustion) via a large number of connections with a command other than AUTHENTICATE, or without any data, which prevents the socket from being closed properly.

5.0
2004-04-07 CVE-2004-1357 SUN Unspecified vulnerability in SUN Solaris 9.0

The Secure Shell (SSH) Daemon (SSHD) in Sun Solaris 9 does not properly log IP addresses when SSHD is configured with the ListenAddress as 0.0.0.0, which makes it easier for remote attackers to hide the source of their activities.

5.0
2004-04-11 CVE-2004-1924 Tiki Cross-Site Scripting vulnerability in Tiki Tikiwiki Cms/Groupware 1.6.1/1.8.1

Multiple cross-site scripting (XSS) vulnerabilities in Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allow remote attackers to inject arbitrary web script or HTML via via the (1) theme parameter to tiki-switch_theme.php, (2) find and priority parameters to messu-mailbox.php, (3) flag, priority, flagval, sort_mode, or find parameters to messu-read.php, (4) articleId parameter to tiki-read_article.php, (5) parentId parameter to tiki-browse_categories.php, (6) comments_threshold parameter to tiki-index.php (7) articleId parameter to tiki-print_article.php, (8) galleryId parameter to tiki-list_file_gallery.php, (9) galleryId parameter to tiki-upload_file.php, (10) faqId parameter to tiki-view_faq.php, (11) chartId parameter to tiki-view_chart.php, or (12) surveyId parameter to tiki-survey_stats_survey.php.

4.3

1 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2004-04-11 CVE-2004-1922 Microsoft Denial-Of-Service vulnerability in Internet Explorer

Microsoft Internet Explorer 5.5 and 6.0 allocates memory based on the memory size written in the BMP file instead of the actual BMP file size, which allows remote attackers to cause a denial of service (memory consumption) via a small BMP file with has a large memory size.

2.6