Weekly Vulnerabilities Reports > July 19 to 25, 2004

Overview

5 new vulnerabilities reported during this period, including 0 critical vulnerabilities and 1 high severity vulnerabilities. This weekly summary report vulnerabilities in 11 products from 5 vendors including Phpbb Group, Esesix, Easyweb, Easyins, and Toplayer. Vulnerabilities are notably categorized as .

  • 5 reported vulnerabilities are remotely exploitables.
  • 5 reported vulnerabilities are exploitable by an anonymous user.
  • Phpbb Group has the most reported vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

0 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS

1 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2004-07-24 CVE-2004-2053 Easyins Remote File Include vulnerability in Easyins Stadtportal4.0

PHP remote file inclusion vulnerability in index.php in EasyIns Stadtportal 4 allows remote attackers to execute arbitrary PHP code via the site parameter.

7.5

4 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2004-07-24 CVE-2004-2051 Esesix Multiple vulnerability in eSeSIX Thintune Thin Client Devices

The Phoenix browser in eSeSIX Thintune thin clients running firmware 2.4.38 and earlier allows local users to read arbitrary files via a file:/// URL.

5.0
2004-07-23 CVE-2004-2047 Easyweb Directory Traversal vulnerability in Easyweb Filemanager 1.0Rc1

Directory traversal vulnerability in EasyWeb FileManager 1.0 RC-1 for PostNuke allows remote attackers to retrieve arbitrary files via a ..

5.0
2004-07-22 CVE-2004-1749 Toplayer Denial Of Service vulnerability in Toplayer Attack Mitigator 55003.11.008

Attack Mitigator IPS 5500 3.11.008, and possibly other versions, when configured in a one-armed routing configuration, allows remote attackers to cause a denial of service (CPU consumption) via a large number of HTTP requests.

5.0
2004-07-19 CVE-2004-2055 Phpbb Group HTTP Response Splitting vulnerability in PHPBB

Cross-site scripting (XSS) vulnerability in search.php for PhpBB 2.0.4 and 2.0.9 allows remote attackers to inject arbitrary HTMl or web script via the search_author parameter.

4.3

0 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS