Weekly Vulnerabilities Reports > April 19 to 25, 2004
Overview
22 new vulnerabilities reported during this period, including 0 critical vulnerabilities and 8 high severity vulnerabilities. This weekly summary report vulnerabilities in 17 products from 15 vendors including Openbb, SUN, Postnuke Software Foundation, Freshmeat, and Phpbb Group. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", and "Cross-Site Request Forgery (CSRF)".
- 19 reported vulnerabilities are remotely exploitables.
- 22 reported vulnerabilities are exploitable by an anonymous user.
- Openbb has the most reported vulnerabilities, with 3 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
0 Critical Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|
8 High Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2004-04-25 | CVE-2004-1967 | Openbb | Cross-Site Request Forgery (CSRF) vulnerability in Openbb 1.0.6 Cross-site request forgery (CSRF) vulnerabilities in (1) cp_forums.php, (2) cp_usergroup.php, (3) cp_ipbans.php, (4) myhome.php, (5) post.php, or (6) moderator.php in Open Bulletin Board (OpenBB) 1.0.6 and earlier allow remote attackers to execute arbitrary code by including the code in an image tag or a link. | 8.8 |
| 2004-04-25 | CVE-2004-1969 | Openbb | The avatar upload capability in Open Bulletin Board (OpenBB) 1.0.6 and earlier allows remote attackers to execute arbitrary script by uploading files that include scripting code such as Javascript. | 7.5 |
| 2004-04-23 | CVE-2004-1961 | Protector System | Unspecified vulnerability in Protector System Protector System 1.15B1 blocker.php in Protector System 1.15b1 allows remote attackers to bypass SQL injection protection and execute limited SQL commands via URL-encoded "'" characters ("%27"). | 7.5 |
| 2004-04-23 | CVE-2004-1952 | Advanced Guestbook | SQL Injection vulnerability in Advanced Guestbook Advanced Guestbook 2.2 SQL injection vulnerability in Advanced Guestbook 2.2 allows remote attackers to execute arbitrary SQL commands and gain privileges via the password. | 7.5 |
| 2004-04-20 | CVE-2004-1945 | Kinesphere Corporation | Remote Buffer Overflow vulnerability in Kinesphere Corporation Exchange Pop3 4.0/5.0 Buffer overflow in Kinesphere eXchange POP3 allows remote attackers to execute arbitrary code via a long MAIL FROM field. | 7.5 |
| 2004-04-19 | CVE-2004-1943 | Phpbb Group | Remote File Include vulnerability in PHPBB album_portal.php PHP remote file inclusion vulnerability in album_portal.php in phpBB modified by Przemo 1.8 allows remote attackers to execute arbitrary PHP code via the phpbb_root_path parameter. | 7.5 |
| 2004-04-19 | CVE-2004-1942 | SUN | Information Disclosure vulnerability in Sun Solaris Patch The Solaris 9 patches 113579-02 through 113579-05, and 114342-02 through 114342-05, prevent ypserv and ypxfrd from properly restricting access to secure NIS maps, which allows local users to use ypcat or ypmatch to extract the contents of a secure map such as passwd.adjunct.byname. | 7.5 |
| 2004-04-19 | CVE-2004-1938 | Phorum | SQL Injection vulnerability in Phorum Phorum_URIAuth SQL injection vulnerability in userlogin.php in Phorum 3.4.7 allows remote attackers to execute arbitrary SQL commands via doubly hex-encoded characters such as "%2527", which is translated to "'", as demonstrated using the phorum_uriauth parameter to list.php. | 7.5 |
12 Medium Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2004-04-23 | CVE-2004-1963 | Freshmeat | nqt.php in Network Query Tool (NQT) 1.6 allows remote attackers to obtain sensitive information via a string in the portNum parameter, which reveals the full path in an error message. | 5.0 |
| 2004-04-23 | CVE-2004-1959 | Protector System | Unspecified vulnerability in Protector System Protector System 1.15B1 blocker_query.php in Protector System 1.15b1 for PHP-Nuke allows remote attackers to gain sensitive information via a string in the portNum parameter, which reveals the full path in an error message. | 5.0 |
| 2004-04-21 | CVE-2004-1956 | Postnuke Software Foundation | Cross-Site Scripting And Path Disclosure vulnerability in Postnuke Software Foundation Postnuke 0.726 PostNuke 0.7.2.6 allows remote attackers to gain information via a direct HTTP request to files in the (1) includes/blocks directory, (2) pnadodb directory, (3) NS-NewUser module, (4) NS-Your_Account, (5) NS-LostPassword module, or (6) NS-User module which reveals the path to the web server in a PHP error message. | 5.0 |
| 2004-04-20 | CVE-2004-1992 | Solarwinds | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Solarwinds Serv-U File Server Buffer overflow in Serv-U FTP server before 5.0.0.6 allows remote attackers to cause a denial of service (crash) via a long -l parameter, which triggers an out-of-bounds read. | 5.0 |
| 2004-04-19 | CVE-2004-1950 | Phpbb Group | Unspecified vulnerability in PHPbb Group PHPbb phpBB 2.0.8a and earlier trusts the IP address that is in the X-Forwarded-For in the HTTP header, which allows remote attackers to spoof IP addresses. | 5.0 |
| 2004-04-19 | CVE-2004-1947 | Softwin | Remote File Upload And Execution vulnerability in Softwin BitDefender AvxScanOnlineCtrl COM Object The AVXSCANONLINE.AvxScanOnlineCtrl.1 ActiveX control in BitDefender Scan Online allows remote attackers to (1) obtain sensitive information such as system drives and contents or (2) use the RequestFile method to download and execute arbitrary code via an object codebase that uses bitdefender.cab. | 5.0 |
| 2004-04-19 | CVE-2004-1941 | Fastream | Denial Of Service vulnerability in Fastream Netfile FTP web Server 6.5.1.980 Fastream NETFile FTP/Web Server 6.5.1.980 allows remote attackers to cause a denial of service via a username that does not exist. | 5.0 |
| 2004-04-20 | CVE-2004-1948 | Ncftp Software | Local Information Disclosure vulnerability in NcFTP NcFTP client 3.1.6 and 3.1.7, when the username and password are included in an FTP URL that is provided on the command line, allows local users to obtain sensitive information via "ps aux," which displays the URL in the process list. | 4.6 |
| 2004-04-19 | CVE-2004-1946 | Cherokee | Local Security vulnerability in Cherokee Httpd 0.4.16 Format string vulnerability in the PRINT_ERROR function in common.c for Cherokee Web Server 0.4.16 and earlier allows local users to execute arbitrary code via format string specifiers in the -C command line argument. | 4.6 |
| 2004-04-25 | CVE-2004-1965 | Openbb | Input Validation vulnerability in OpenBB Multiple cross-site scripting (XSS) vulnerabilities in Open Bulletin Board (OpenBB) 1.0.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) redirect parameter to member.php, (2) to parameter to myhome.php (3) TID parameter to post.php, or (4) redirect parameter to index.php. | 4.3 |
| 2004-04-23 | CVE-2004-1964 | Freshmeat | Cross-Site Scripting vulnerability in Network Query Tool 1.0/1.6 Cross-site scripting (XSS) vulnerability in nqt.php in Network Query Tool (NQT) 1.6 allows remote attackers to inject arbitrary web script or HTML via the portNum parameter. | 4.3 |
| 2004-04-21 | CVE-2004-1954 | Phprofession | Multiple vulnerability in PHProfession 2.5 Cross-site scripting (XSS) vulnerability in modules.php in phProfession 2.5 allows remote attackers to inject arbitrary web script or HTML via the jcode parameter. | 4.3 |
2 Low Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2004-04-21 | CVE-2004-1957 | Postnuke Software Foundation | Cross-Site Scripting And Path Disclosure vulnerability in PostNuke Phoenix Multiple cross-site scripting (XSS) vulnerabilities in PostNuke 0.726 allows remote attackers to inject arbitrary web script or HTML via the (1) lid and query parameters to the Downloads module, (2) query parameter to the Web_links module, or (3) hlpfile parameter to openwindow.php. | 2.6 |
| 2004-04-23 | CVE-2004-1356 | SUN | Local Denial Of Service vulnerability in Sun Solaris SendFileV Unknown vulnerability in the sendfilev function in Sun Solaris 8 and 9 allows local users to cause a denial of service (system panic) via unknown vectors. | 2.1 |