Weekly Vulnerabilities Reports > May 17 to 23, 2004
Overview
4 new vulnerabilities reported during this period, including 0 critical vulnerabilities and 0 high severity vulnerabilities. This weekly summary report vulnerabilities in 3 products from 3 vendors including E107, Liferay, and Trevor Hogan. Vulnerabilities are notably categorized as and "Cross-site Scripting".
- 4 reported vulnerabilities are remotely exploitables.
- 1 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 4 reported vulnerabilities are exploitable by an anonymous user.
- E107 has the most reported vulnerabilities, with 2 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
0 Critical Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|
0 High Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|
4 Medium Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2004-05-22 | CVE-2004-2029 | Trevor Hogan | Denial of Service vulnerability in Trevor Hogan Bnbt 7.5Betarelease2 The Util_DecodeHTTPAuth function in BNBT BitTorrent Tracker Beta 7.5 Release 2 and earlier allows remote attackers to cause a denial of service (crash) via a Basic Authorization HTTP request with a "A==" value. | 5.0 |
| 2004-05-22 | CVE-2004-2030 | Liferay | Cross-Site Scripting vulnerability in Liferay Enterprise Portal 2.1.0 Multiple cross-site scripting (XSS) vulnerabilities in index.jsp for Liferay before 2.2.0 release 10/1/2004 allow remote attackers to inject arbitrary web script or HTML, as demonstrated using the message subject. | 4.3 |
| 2004-05-21 | CVE-2004-2031 | E107 | HTML Injection vulnerability in e107 Website System Cross-site scripting (XSS) vulnerability in user.php in e107 allows remote attackers to inject arbitrary web script or HTML via the (1) URL, (2) MSN, or (3) AIM fields. | 4.3 |
| 2004-05-21 | CVE-2004-2028 | E107 | HTML Injection vulnerability in e107 Website System Cross-site scripting (XSS) vulnerability in stats.php in e107 allows remote attackers to inject arbitrary web script or HTML via the referer parameter to log.php. | 4.3 |
0 Low Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|