Weekly Vulnerabilities Reports > April 19 to 25, 2004

Overview

22 new vulnerabilities reported during this period, including 0 critical vulnerabilities and 8 high severity vulnerabilities. This weekly summary report vulnerabilities in 17 products from 15 vendors including Openbb, SUN, Postnuke Software Foundation, Freshmeat, and Phpbb Group. Vulnerabilities are notably categorized as and "Improper Restriction of Operations within the Bounds of a Memory Buffer".

  • 19 reported vulnerabilities are remotely exploitables.
  • 22 reported vulnerabilities are exploitable by an anonymous user.
  • Openbb has the most reported vulnerabilities, with 3 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

0 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS

8 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2004-04-25 CVE-2004-1969 Openbb The avatar upload capability in Open Bulletin Board (OpenBB) 1.0.6 and earlier allows remote attackers to execute arbitrary script by uploading files that include scripting code such as Javascript.
7.5
2004-04-25 CVE-2004-1967 Openbb Cross-Site Request Forgery vulnerability in OpenBB

Cross-site request forgery (CSRF) vulnerabilities in (1) cp_forums.php, (2) cp_usergroup.php, (3) cp_ipbans.php, (4) myhome.php, (5) post.php, or (6) moderator.php in Open Bulletin Board (OpenBB) 1.0.6 and earlier allow remote attackers to execute arbitrary code by including the code in an image tag or a link.

7.5
2004-04-23 CVE-2004-1961 Protector System Unspecified vulnerability in Protector System Protector System 1.15B1

blocker.php in Protector System 1.15b1 allows remote attackers to bypass SQL injection protection and execute limited SQL commands via URL-encoded "'" characters ("%27").

7.5
2004-04-23 CVE-2004-1952 Advanced Guestbook SQL Injection vulnerability in Advanced Guestbook Advanced Guestbook 2.2

SQL injection vulnerability in Advanced Guestbook 2.2 allows remote attackers to execute arbitrary SQL commands and gain privileges via the password.

7.5
2004-04-20 CVE-2004-1945 Kinesphere Corporation Remote Buffer Overflow vulnerability in Kinesphere Corporation Exchange Pop3 4.0/5.0

Buffer overflow in Kinesphere eXchange POP3 allows remote attackers to execute arbitrary code via a long MAIL FROM field.

7.5
2004-04-19 CVE-2004-1943 Phpbb Group Remote File Include vulnerability in PHPBB album_portal.php

PHP remote file inclusion vulnerability in album_portal.php in phpBB modified by Przemo 1.8 allows remote attackers to execute arbitrary PHP code via the phpbb_root_path parameter.

7.5
2004-04-19 CVE-2004-1942 SUN Information Disclosure vulnerability in Sun Solaris Patch

The Solaris 9 patches 113579-02 through 113579-05, and 114342-02 through 114342-05, prevent ypserv and ypxfrd from properly restricting access to secure NIS maps, which allows local users to use ypcat or ypmatch to extract the contents of a secure map such as passwd.adjunct.byname.

7.5
2004-04-19 CVE-2004-1938 Phorum SQL Injection vulnerability in Phorum Phorum_URIAuth

SQL injection vulnerability in userlogin.php in Phorum 3.4.7 allows remote attackers to execute arbitrary SQL commands via doubly hex-encoded characters such as "%2527", which is translated to "'", as demonstrated using the phorum_uriauth parameter to list.php.

7.5

12 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2004-04-23 CVE-2004-1963 Freshmeat nqt.php in Network Query Tool (NQT) 1.6 allows remote attackers to obtain sensitive information via a string in the portNum parameter, which reveals the full path in an error message.
5.0
2004-04-23 CVE-2004-1959 Protector System Unspecified vulnerability in Protector System Protector System 1.15B1

blocker_query.php in Protector System 1.15b1 for PHP-Nuke allows remote attackers to gain sensitive information via a string in the portNum parameter, which reveals the full path in an error message.

5.0
2004-04-21 CVE-2004-1956 Postnuke Software Foundation Cross-Site Scripting And Path Disclosure vulnerability in Postnuke Software Foundation Postnuke 0.726

PostNuke 0.7.2.6 allows remote attackers to gain information via a direct HTTP request to files in the (1) includes/blocks directory, (2) pnadodb directory, (3) NS-NewUser module, (4) NS-Your_Account, (5) NS-LostPassword module, or (6) NS-User module which reveals the path to the web server in a PHP error message.

5.0
2004-04-20 CVE-2004-1992 Solarwinds Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Solarwinds Serv-U File Server

Buffer overflow in Serv-U FTP server before 5.0.0.6 allows remote attackers to cause a denial of service (crash) via a long -l parameter, which triggers an out-of-bounds read.

5.0
2004-04-19 CVE-2004-1950 Phpbb Group Unspecified vulnerability in PHPbb Group PHPbb

phpBB 2.0.8a and earlier trusts the IP address that is in the X-Forwarded-For in the HTTP header, which allows remote attackers to spoof IP addresses.

5.0
2004-04-19 CVE-2004-1947 Softwin Remote File Upload And Execution vulnerability in Softwin BitDefender AvxScanOnlineCtrl COM Object

The AVXSCANONLINE.AvxScanOnlineCtrl.1 ActiveX control in BitDefender Scan Online allows remote attackers to (1) obtain sensitive information such as system drives and contents or (2) use the RequestFile method to download and execute arbitrary code via an object codebase that uses bitdefender.cab.

5.0
2004-04-19 CVE-2004-1941 Fastream Denial Of Service vulnerability in Fastream Netfile FTP web Server 6.5.1.980

Fastream NETFile FTP/Web Server 6.5.1.980 allows remote attackers to cause a denial of service via a username that does not exist.

5.0
2004-04-20 CVE-2004-1948 Ncftp Software Local Information Disclosure vulnerability in NcFTP

NcFTP client 3.1.6 and 3.1.7, when the username and password are included in an FTP URL that is provided on the command line, allows local users to obtain sensitive information via "ps aux," which displays the URL in the process list.

4.6
2004-04-19 CVE-2004-1946 Cherokee Local Security vulnerability in Cherokee Httpd 0.4.16

Format string vulnerability in the PRINT_ERROR function in common.c for Cherokee Web Server 0.4.16 and earlier allows local users to execute arbitrary code via format string specifiers in the -C command line argument.

4.6
2004-04-25 CVE-2004-1965 Openbb Input Validation vulnerability in OpenBB

Multiple cross-site scripting (XSS) vulnerabilities in Open Bulletin Board (OpenBB) 1.0.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) redirect parameter to member.php, (2) to parameter to myhome.php (3) TID parameter to post.php, or (4) redirect parameter to index.php.

4.3
2004-04-23 CVE-2004-1964 Freshmeat Cross-Site Scripting vulnerability in Network Query Tool 1.0/1.6

Cross-site scripting (XSS) vulnerability in nqt.php in Network Query Tool (NQT) 1.6 allows remote attackers to inject arbitrary web script or HTML via the portNum parameter.

4.3
2004-04-21 CVE-2004-1954 Phprofession Multiple vulnerability in PHProfession 2.5

Cross-site scripting (XSS) vulnerability in modules.php in phProfession 2.5 allows remote attackers to inject arbitrary web script or HTML via the jcode parameter.

4.3

2 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2004-04-21 CVE-2004-1957 Postnuke Software Foundation Cross-Site Scripting And Path Disclosure vulnerability in PostNuke Phoenix

Multiple cross-site scripting (XSS) vulnerabilities in PostNuke 0.726 allows remote attackers to inject arbitrary web script or HTML via the (1) lid and query parameters to the Downloads module, (2) query parameter to the Web_links module, or (3) hlpfile parameter to openwindow.php.

2.6
2004-04-23 CVE-2004-1356 SUN Local Denial Of Service vulnerability in Sun Solaris SendFileV

Unknown vulnerability in the sendfilev function in Sun Solaris 8 and 9 allows local users to cause a denial of service (system panic) via unknown vectors.

2.1