Weekly Vulnerabilities Reports > May 24 to 30, 2004
Overview
10 new vulnerabilities reported during this period, including 0 critical vulnerabilities and 4 high severity vulnerabilities. This weekly summary report vulnerabilities in 7 products from 7 vendors including E107, Linux, Netgear, Neocrome, and Jportal. Vulnerabilities are notably categorized as .
- 9 reported vulnerabilities are remotely exploitables.
- 10 reported vulnerabilities are exploitable by an anonymous user.
- E107 has the most reported vulnerabilities, with 4 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
0 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|
4 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2004-05-29 | CVE-2004-2042 | E107 | Multiple vulnerability in E107 0.615/0.615A Multiple SQL injection vulnerabilities in e107 0.615 allow remote attackers to inject arbitrary SQL code and gain sensitive information via (1) content parameter to content.php, (2) content_id parameter to content.php, or (3) list parameter to news.php. | 7.5 |
2004-05-29 | CVE-2004-2041 | E107 | Multiple vulnerability in e107 Website System PHP remote file inclusion vulnerability in secure_img_render.php in e107 0.615 allows remote attackers to execute arbitrary PHP code by modifying the p parameter to reference a URL on a remote web server that contains the code. | 7.5 |
2004-05-28 | CVE-2004-2036 | Jportal | SQL Injection vulnerability in Jportal web Portal 2.2.1 SQL injection vulnerability in the art_print function in print.inc.php in unknown versions of jPortal before 2.3.1 allows remote attackers to inject arbitrary SQL commands via the id parameter. | 7.5 |
2004-05-24 | CVE-2004-2032 | Netgear | Unspecified vulnerability in Netgear Rp114 3.26 Netgear RP114 allows remote attackers to bypass the keyword based URL filtering by requesting a long URL, as demonstrated using a large number of %20 (hex-encoded space) sequences. | 7.5 |
5 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2004-05-29 | CVE-2004-2039 | E107 | Multiple vulnerability in E107 0.615/0.615A e107 0.615 allows remote attackers to obtain sensitive information via a direct request to (1) alt_news.php, (2) backend_menu.php, (3) clock_menu.php, (4) counter_menu.php, (5) login_menu.php, and other files, which reveal the full path in a PHP error message. | 5.0 |
2004-05-26 | CVE-2004-2035 | Minishare | Remote Denial Of Service vulnerability in Minishare Minimal Http Server 1.3.2 MiniShare 1.3.2 allows remote attackers to cause a denial of service (crash) via a malformed HTTP GET or HEAD request without the proper number of trailing CRLF sequences. | 5.0 |
2004-05-26 | CVE-2004-2033 | Orenosv | Denial Of Service vulnerability in Orenosv Http FTP Server 0.5.9C/0.5.9E/0.5.9F Orenosv 0.5.9f allows remote attackers to cause a denial of service (crash) via a long HTTP GET request. | 5.0 |
2004-05-29 | CVE-2004-2040 | E107 | Multiple vulnerability in E107 0.615/0.615A Multiple cross-site scripting (XSS) vulnerabilities in e107 0.615 allow remote attackers to inject arbitrary web script or HTML via the (1) LAN_407 parameter to clock_menu.php, (2) "email article to a friend" field, (3) "submit news" field, or (4) avmsg parameter to usersettings.php. | 4.3 |
2004-05-29 | CVE-2004-2038 | Neocrome | HTML Injection vulnerability in Land Down Under BBCode Cross-site scripting (XSS) vulnerability in Land Down Under (LDU) before LDU 700 allows remote attackers to inject arbitrary web script or HTML via a BBcode img tag in (1) functions.php, (2) header.php or (3) auth.inc.php. | 4.3 |
1 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2004-05-26 | CVE-2004-2135 | Linux | Information Disclosure vulnerability in Linux Kernel Cryptoloop cryptoloop on Linux kernel 2.6.x, when used on certain file systems with a block size 1024 or greater, has certain "IV computation" weaknesses that allow watermarked files to be detected without decryption. | 2.1 |