Weekly Vulnerabilities Reports > June 14 to 20, 2004
Overview
11 new vulnerabilities reported during this period, including 0 critical vulnerabilities and 5 high severity vulnerabilities. This weekly summary report vulnerabilities in 14 products from 10 vendors including Microsoft, Mcafee, Symantec, SUN, and Carnegie Mellon University. Vulnerabilities are notably categorized as .
- 10 reported vulnerabilities are remotely exploitables.
- 11 reported vulnerabilities are exploitable by an anonymous user.
- Microsoft has the most reported vulnerabilities, with 2 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
0 Critical Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|
5 High Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2004-06-14 | CVE-2004-0396 | CVS | Heap Overflow vulnerability in CVS Malformed Entry Modified and Unchanged Flag Insertion Heap-based buffer overflow in CVS 1.11.x up to 1.11.15, and 1.12.x up to 1.12.7, when using the pserver mechanism allows remote attackers to execute arbitrary code via Entry lines. | 7.5 |
| 2004-06-14 | CVE-2004-0227 | Triornis | Remote Buffer Overflow vulnerability in Triornis ZoneMinder Buffer overflow in the zms script in ZoneMinder before 1.19.2 may allow a remote attacker to execute arbitrary code via a long query string. | 7.5 |
| 2004-06-14 | CVE-2004-0038 | Mcafee | Remote Code Execution vulnerability in Mcafee Epolicy Orchestrator 2.5/2.5.1/3.0 McAfee ePolicy Orchestrator (ePO) 2.5.1 Patch 13 and 3.0 SP2a Patch 3 allows remote attackers to execute arbitrary commands via certain HTTP POST requests to the spipe/file handler on ePO TCP port 81. | 7.5 |
| 2004-06-14 | CVE-2003-1041 | Microsoft | Unspecified vulnerability in Microsoft IE and Internet Explorer Internet Explorer 5.x and 6.0 allows remote attackers to execute arbitrary programs via a modified directory traversal attack using a URL containing ".." (dot dot) sequences and a filename that ends in "::" which is treated as a .chm file even if it does not have a .chm extension. | 7.5 |
| 2004-06-14 | CVE-2002-1580 | Carnegie Mellon University | Unspecified vulnerability in Carnegie Mellon University Cyrus Imap Server Integer overflow in imapparse.c for Cyrus IMAP server 1.4 and 2.1.10 allows remote attackers to execute arbitrary code via a large length value that facilitates a buffer overflow attack, a different vulnerability than CVE-2002-1347. | 7.5 |
5 Medium Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2004-06-14 | CVE-2004-0199 | Microsoft | Unspecified vulnerability in Microsoft Windows 2003 Server and Windows XP Help and Support Center in Microsoft Windows XP and Windows Server 2003 SP1 does not properly validate HCP URLs, which allows remote attackers to execute arbitrary code, as demonstrated using certain hcp:// URLs that access the DVD Upgrade capability (dvdupgrd.htm). | 5.1 |
| 2004-06-15 | CVE-2004-1754 | Symantec | Unspecified vulnerability in Symantec Enterprise Firewall and Gateway Security The DNS proxy (DNSd) for multiple Symantec Gateway Security products allows remote attackers to poison the DNS cache via a malicious DNS server query response that contains authoritative or additional records. | 5.0 |
| 2004-06-14 | CVE-2004-0392 | Kame | Unspecified vulnerability in Kame Racoon racoon before 20040407b allows remote attackers to cause a denial of service (infinite loop and dropped connections) via an IKE message with a malformed Generic Payload Header containing invalid (1) "Security Association Next Payload" and (2) "RESERVED" fields. | 5.0 |
| 2004-06-14 | CVE-2004-0154 | NFS | Denial Of Service vulnerability in NFS-Utils rpc.mountd rpc.mountd in nfs-utils after 1.0.3 and before 1.0.6 allows attackers to cause a denial of service (crash) via an NFS mount of a directory from a client whose reverse DNS lookup name is different from the forward lookup name. | 5.0 |
| 2004-06-14 | CVE-2004-0050 | Verity | Unspecified vulnerability in Verity Ultraseek Verity Ultraseek before 5.2.2 allows remote attackers to obtain the full pathname of the document root via an MS-DOS device name in the web search option, such as (1) NUL, (2) CON, (3) AUX, (4) COM1, (5) COM2, and others. | 5.0 |
1 Low Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2004-06-19 | CVE-2004-1346 | SUN | Denial Of Service vulnerability in SUN Solaris 9.0 The Sun Solaris Volume Manager (SVM) on Solaris 9 allows local users to cause a denial of service (kernel panic) via a malformed probe request to the SVM. | 2.1 |