Weekly Vulnerabilities Reports > July 26 to August 1, 2004

Overview

3 new vulnerabilities reported during this period, including 1 critical vulnerabilities and 2 high severity vulnerabilities. This weekly summary report vulnerabilities in 11 products from 3 vendors including Microsoft, Fusionphp, and Risearch. Vulnerabilities are notably categorized as "Server-Side Request Forgery (SSRF)", "Double Free", and "Cross-Site Request Forgery (CSRF)".

  • 2 reported vulnerabilities are remotely exploitables.
  • 3 reported vulnerabilities are exploitable by an anonymous user.
  • Microsoft has the most reported vulnerabilities, with 1 reported vulnerabilities.
  • Risearch has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

1 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2004-07-27 CVE-2004-2061 Risearch Server-Side Request Forgery (SSRF) vulnerability in Risearch and Risearch PRO

RiSearch 1.0.01 and RiSearch Pro 3.2.06 allows remote attackers to use the show.pl script as an open proxy, or read arbitrary local files, by setting the url parameter to a (1) http://, (2) ftp://, or (3) file:// URL.
9.8

2 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2004-07-30 CVE-2004-1703 Fusionphp Cross-Site Request Forgery (CSRF) vulnerability in Fusionphp Fusion News 3.6.1

Fusion News 3.6.1 allows remote attackers to add user accounts, if the administrator is logged in, via a comment that contains an img bbcode tag that calls index.php with the signup action, which is executed when the administrator's browser loads the page with the img tag.
8.8
2004-07-27 CVE-2003-1048 Microsoft Double Free vulnerability in Microsoft products

Double free vulnerability in mshtml.dll for certain versions of Internet Explorer 6.x allows remote attackers to cause a denial of service (application crash) via a malformed GIF image.
7.8

0 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS

0 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS