Weekly Vulnerabilities Reports > August 2 to 8, 2004

Overview

123 new vulnerabilities reported during this period, including 30 critical vulnerabilities and 33 high severity vulnerabilities. This weekly summary report vulnerabilities in 198 products from 90 vendors including Gentoo, Microsoft, Oracle, SGI, and IBM. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Integer Overflow or Wraparound", "Information Exposure", "Cross-site Scripting", and "Path Traversal".

  • 89 reported vulnerabilities are remotely exploitables.
  • 2 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 121 reported vulnerabilities are exploitable by an anonymous user.
  • Gentoo has the most reported vulnerabilities, with 12 reported vulnerabilities.
  • Gentoo has the most reported critical vulnerabilities, with 5 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

30 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2004-08-06 CVE-2004-0716 HP Remote Security vulnerability in HP Hp-Ux 11

Buffer overflow in the DCE daemon (DCED) for the DCE endpoint mapper (epmap) on HP-UX 11 allows remote attackers to execute arbitrary code via a request with a small fragment length and a large amount of data.

10.0
2004-08-06 CVE-2004-0680 Zoom Unspecified vulnerability in Zoom Model 5560 X3 Ethernet Adsl Modem

Zoom X3 ADSL modem has a terminal running on port 254 that can be accessed using the default HTML management password, even if the password has been changed for the HTTP interface, which could allow remote attackers to gain unauthorized access.

10.0
2004-08-06 CVE-2004-0676 Fastream Directory Traversal vulnerability in Fastream Netfile FTP web Server 6.5.1.980/6.5.1.981/6.7.2.1085

Directory traversal vulnerability in Fastream NETFile FTP/Web Server 6.7.2.1085 and earlier allows remote attackers to create or delete arbitrary files via ..

10.0
2004-08-06 CVE-2004-0659 Mplayer Buffer Overflow vulnerability in MPlayer GUI File Name

Buffer overflow in TranslateFilename for common.c in MPlayer 1.0pre4 allows remote attackers to execute arbitrary code via a long file name.

10.0
2004-08-06 CVE-2004-0650 Newatlanta Unspecified vulnerability in Newatlanta Servletexec 2.2/3.0

UploadServlet in Cisco Collaboration Server (CCS) running ServletExec before 3.0E allows remote attackers to upload and execute arbitrary files via a direct call to the UploadServlet URL.

10.0
2004-08-06 CVE-2004-0649 L2Tpd
Gentoo
Buffer overflow in write_packet in control.c for l2tpd may allow remote attackers to execute arbitrary code.
10.0
2004-08-06 CVE-2004-0648 Mozilla Unspecified vulnerability in Mozilla Firefox, Mozilla and Thunderbird

Mozilla (Suite) before 1.7.1, Firefox before 0.9.2, and Thunderbird before 0.7.2 allow remote attackers to launch arbitrary programs via a URI referencing the shell: protocol.

10.0
2004-08-06 CVE-2004-0645 Abisource
Wvware
Buffer overflow in the wvHandleDateTimePicture function in wv library (wvWare) 0.7.4 through 0.7.6 and 1.0.0 allows remote attackers to execute arbitrary code via a document with a long DateTime field.
10.0
2004-08-06 CVE-2004-0640 Netkit
Ssltelnetd
Format string vulnerability in the SSL_set_verify function in telnetd.c for SSLtelnet daemon (SSLtelnetd) 0.13 allows remote attackers to execute arbitrary code.
10.0
2004-08-06 CVE-2004-0586 IBM Unspecified vulnerability in IBM Acprunner 1.2.5.0

acpRunner ActiveX 1.2.5.0 allows remote attackers to execute arbitrary code via the (1) DownLoadURL, (2) SaveFilePath, and (3) Download ActiveX methods.

10.0
2004-08-06 CVE-2004-0557 SOX
Conectiva
Gentoo
Redhat
Buffer Overflow vulnerability in SoX WAV File

Multiple buffer overflows in the st_wavstartread function in wav.c for Sound eXchange (SoX) 12.17.2 through 12.17.4 allow remote attackers to execute arbitrary code via certain WAV file header fields.

10.0
2004-08-06 CVE-2004-0549 Microsoft Unspecified vulnerability in Microsoft Internet Explorer 5.01/5.5/6.0

The WebBrowser ActiveX control, or the Internet Explorer HTML rendering engine (MSHTML), as used in Internet Explorer 6, allows remote attackers to execute arbitrary code in the Local Security context by using the showModalDialog method and modifying the location to execute code such as Javascript, as demonstrated using (1) delayed HTTP redirect operations, and an HTTP response with a Location: header containing a "URL:" prepended to a "ms-its" protocol URI, or (2) modifying the location attribute of the window, as exploited by the Download.ject (aka Scob aka Toofer) using the ADODB.Stream object.

10.0
2004-08-06 CVE-2004-0543 Oracle SQL Injection vulnerability in Oracle Applications and E-Business Suite

Multiple SQL injection vulnerabilities in Oracle Applications 11.0 and Oracle E-Business Suite 11.5.1 through 11.5.8 allow remote attackers to execute arbitrary SQL procedures and queries.

10.0
2004-08-06 CVE-2004-0542 PHP Remote Security vulnerability in PHP 4.4.6

PHP before 4.3.7 on Win32 platforms does not properly filter all shell metacharacters, which allows local or remote attackers to execute arbitrary code, overwrite files, and access internal environment variables via (1) the "%", "|", or ">" characters to the escapeshellcmd function, or (2) the "%" character to the escapeshellarg function.

10.0
2004-08-06 CVE-2004-0541 National Science Foundation Buffer Overflow vulnerability in Squid Proxy NTLM Authentication

Buffer overflow in the ntlm_check_auth (NTLM authentication) function for Squid Web Proxy Cache 2.5.x and 3.x, when compiled with NTLM handlers enabled, allows remote attackers to execute arbitrary code via a long password ("pass" variable).

10.0
2004-08-06 CVE-2004-0540 Microsoft Remote Security vulnerability in Microsoft Windows 2000 Server

Microsoft Windows 2000, when running in a domain whose Fully Qualified Domain Name (FQDN) is exactly 8 characters long, does not prevent users with expired passwords from logging on to the domain.

10.0
2004-08-06 CVE-2004-0539 Apple Unspecified vulnerability in Apple mac OS X and mac OS X Server

The "Show in Finder" button in the Safari web browser in Mac OS X 10.3.4 and 10.2.8 may execute downloaded applications, which could allow remote attackers to execute arbitrary code.

10.0
2004-08-06 CVE-2004-0524 Thiago Melo DE Paula Buffer Overrun vulnerability in SquirrelMail Change_Passwd Plug-in

Buffer overflow in the chpasswd command in the Change_passwd plugin before 4.0, as used in SquirrelMail, allows local users to gain root privileges via a long user name.

10.0
2004-08-06 CVE-2004-0522 Gallery Project
Debian
Authentication Bypass vulnerability in Gallery Project and Debian

Gallery 1.4.3 and earlier allows remote attackers to bypass authentication and obtain Gallery administrator privileges.

10.0
2004-08-06 CVE-2004-0492 Apache
IBM
HP
SGI
Openbsd
Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.
10.0
2004-08-06 CVE-2004-0461 Infoblox
ISC
Suse
Mandrakesoft
Redhat
Buffer Overflow vulnerability in ISC DHCPD VSPRINTF

The DHCP daemon (DHCPD) for ISC DHCP 3.0.1rc12 and 3.0.1rc13, when compiled in environments that do not provide the vsnprintf function, uses C include files that define vsnprintf to use the less safe vsprintf function, which can lead to buffer overflow vulnerabilities that enable a denial of service (server crash) and possibly execute arbitrary code.

10.0
2004-08-06 CVE-2004-0460 Infoblox
ISC
Suse
Mandrakesoft
Redhat
Buffer Overflow vulnerability in ISC DHCPD Hostname Options Logging

Buffer overflow in the logging capability for the DHCP daemon (DHCPD) for ISC DHCP 3.0.1rc12 and 3.0.1rc13 allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via multiple hostname options in (1) DISCOVER, (2) OFFER, (3) REQUEST, (4) ACK, or (5) NAK messages, which can generate a long string when writing to a log file.

10.0
2004-08-06 CVE-2004-0450 Log2Mail Unspecified vulnerability in Log2Mail

Format string vulnerability in the printlog function in log2mail before 0.2.5.2 allows local users or remote attackers to execute arbitrary code via format string specifiers in a logfile monitored by log2mail.

10.0
2004-08-06 CVE-2004-0418 CVS
Openpkg
SGI
Gentoo
Openbsd
serve_notify in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle empty data lines, which may allow remote attackers to perform an "out-of-bounds" write for a single byte to execute arbitrary code or modify critical program data.
10.0
2004-08-06 CVE-2004-0416 CVS
Openpkg
SGI
Gentoo
Openbsd
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Double free vulnerability for the error_prog_name string in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to execute arbitrary code.

10.0
2004-08-06 CVE-2004-0414 CVS
Openpkg
SGI
Gentoo
Openbsd
CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle malformed "Entry" lines, which prevents a NULL terminator from being used and may lead to a denial of service (crash), modification of critical program data, or arbitrary code execution.
10.0
2004-08-06 CVE-2004-0413 Openpkg
Subversion
Remote Integer Overflow vulnerability in Subversion SVN Protocol Parser

libsvn_ra_svn in Subversion 1.0.4 trusts the length field of (1) svn://, (2) svn+ssh://, and (3) other svn protocol URL strings, which allows remote attackers to cause a denial of service (memory consumption) and possibly execute arbitrary code via an integer overflow that leads to a heap-based buffer overflow.

10.0
2004-08-06 CVE-2004-0212 Avaya
Microsoft
Stack-based buffer overflow in the Task Scheduler for Windows 2000 and XP, and Internet Explorer 6 on Windows NT 4.0, allows local or remote attackers to execute arbitrary code via a .job file containing long parameters, as demonstrated using Internet Explorer and accessing a .job file on an anonymous share.
10.0
2004-08-06 CVE-2004-0201 Avaya
Microsoft
Heap-based buffer overflow in the HtmlHelp program (hh.exe) in HTML Help for Microsoft Windows 98, Me, NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary commands via a .CHM file with a large length field, a different vulnerability than CVE-2003-1041.
10.0
2004-08-04 CVE-2004-1371 Oracle Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Oracle products

Stack-based buffer overflow in Oracle 9i and 10g allows remote attackers to execute arbitrary code via a long token in the text of a wrapped procedure.

9.0

33 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2004-08-04 CVE-2004-1364 Oracle Path Traversal vulnerability in Oracle products

Directory traversal vulnerability in extproc in Oracle 9i and 10g allows remote attackers to access arbitrary libraries outside of the $ORACLE_HOME\bin directory.

8.5
2004-08-04 CVE-2004-1368 Oracle Multiple Unspecified vulnerability in Oracle

ISQL*Plus in Oracle 10g Application Server allows remote attackers to execute arbitrary files via an absolute pathname in the file parameter to the load.uix script.

7.8
2004-08-06 CVE-2004-1710 Andrew Kilpatrick Remote Security vulnerability in Page Cgi

page.cgi allows remote attackers to execute arbitrary commands via shell metacharacters in the url parameter.

7.5
2004-08-06 CVE-2004-0682 Comersus Open Technologies Multiple vulnerability in Comersus Open Technologies Comersus Cart 5.0.9

comersus_gatewayPayPal.asp in Comersus Cart 5.09, and possibly other versions before 5.098, allows remote attackers to change the prices of items by directly modifying them in the URL.

7.5
2004-08-06 CVE-2004-0669 IBM Unspecified vulnerability in IBM Lotus Domino 6.5.0/6.5.1

Lotus Domino 6.5.0 and 6.5.1, with IMAP enabled, allows remote authenticated users to change their quota by using the IMAP setquota command.

7.5
2004-08-06 CVE-2004-0666 Popclient Buffer Overflow vulnerability in Popclient 3.0B6

Off-by-one error in the POP3_readmsg function in popclient 3.0b6 allows remote attackers to cause a denial of service (application crash) via an e-mail message with a certain line length, which leads to a buffer overflow.

7.5
2004-08-06 CVE-2004-0550 Realnetworks Remote Security vulnerability in Realnetworks Realplayer 10.0

Buffer overflow in Real Networks RealPlayer 10 allows remote attackers to execute arbitrary code via a URL with a large number of "." (period) characters.

7.5
2004-08-06 CVE-2004-0538 Apple Unspecified vulnerability in Apple mac OS X and mac OS X Server

LaunchServices in Mac OS X 10.3.4 and 10.2.8 automatically registers and executes new applications, which could allow attackers to execute arbitrary code without warning the user.

7.5
2004-08-06 CVE-2004-0204 BEA
Borland Software
Businessobjects
Microsoft
Directory Traversal vulnerability in Business Objects Crystal Reports Web Form Viewer

Directory traversal vulnerability in the web viewers for Business Objects Crystal Reports 9 and 10, and Crystal Enterprise 9 or 10, as used in Visual Studio .NET 2003 and Outlook 2003 with Business Contact Manager, Microsoft Business Solutions CRM 1.2, and other products, allows remote attackers to read and delete arbitrary files via ".." sequences in the dynamicimag argument to crystalimagehandler.aspx.

7.5
2004-08-05 CVE-2004-0641 Thomson Unspecified vulnerability in Thomson Speedtouch 510Adslrouter

Thomson SpeedTouch 510 ADSL Router with firmware GV8BAA3.270, and possibly earlier versions, generates predictable TCP Initial Sequence Numbers (ISNs), which allows remote attackers to spoof or hijack TCP connections.

7.5
2004-08-04 CVE-2004-1370 Oracle Multiple Unspecified vulnerability in Oracle

Multiple SQL injection vulnerabilities in PL/SQL procedures that run with definer rights in Oracle 9i and 10g allow remote attackers to execute arbitrary SQL commands and gain privileges via (1) DBMS_EXPORT_EXTENSION, (2) WK_ACL.GET_ACL, (3) WK_ACL.STORE_ACL, (4) WK_ADM.COMPLETE_ACL_SNAPSHOT, (5) WK_ACL.DELETE_ACLS_WITH_STATEMENT, or (6) DRILOAD.VALIDATE_STMT.

7.5
2004-08-04 CVE-2004-1362 Oracle Multiple Unspecified vulnerability in Oracle

The PL/SQL module for the Oracle HTTP Server in Oracle Application Server 10g, when using the WE8ISO8859P1 character set, does not perform character conversions properly, which allows remote attackers to bypass access restrictions for certain procedures via an encoded URL with "%FF" encoded sequences that are improperly converted to "Y" characters.

7.5
2004-08-02 CVE-2004-1706 U S Robotics Denial Of Service vulnerability in U.S.Robotics Usr808054 1.21H

The U.S.

7.5
2004-08-06 CVE-2004-0667 Rsbac
Gentoo
Rule Set Based Access Control (RSBAC) 1.2.2 through 1.2.3 allows access to sys_creat, sys_open, and sys_mknod inside jails, which could allow local users to gain elevated privileges.
7.2
2004-08-06 CVE-2004-0658 Linux Unspecified vulnerability in Linux Kernel

Integer overflow in the hpsb_alloc_packet function (incorrectly reported as alloc_hpsb_packet) in IEEE 1394 (Firewire) driver 2.4 and 2.6 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via the functions (1) raw1394_write, (2) state_connected, (3) handle_remote_request, or (4) hpsb_make_writebpacket.

7.2
2004-08-06 CVE-2004-0655 Esearch Symbolic Link vulnerability in Esearch eupdatedb

eupdatedb in esearch 0.6.1 and earlier allows local users to create arbitrary files via a symlink attack on the esearchdb.py.tmp temporary file.

7.2
2004-08-06 CVE-2004-0652 BEA Local Password Disclosure vulnerability in BEA Weblogic Server 7.0/7.0.0.1/8.1

BEA WebLogic Server and WebLogic Express 7.0 through 7.0 Service Pack 4, and 8.1 through 8.1 Service Pack 2, allows attackers to obtain the username and password for booting the server by directly accessing certain internal methods.

7.2
2004-08-06 CVE-2004-0579 William Deich
Debian
Format string vulnerability in super before 3.23 allows local users to execute arbitrary code as root.
7.2
2004-08-06 CVE-2004-0548 GNU
Gentoo
Stack Buffer Overflow vulnerability in GNU Aspell

Multiple stack-based buffer overflows in the word-list-compress functionality in compress.c for Aspell allow local users to execute arbitrary code via a long entry in the wordlist that is not properly handled when using the (1) "c" compress option or (2) "d" decompress option.

7.2
2004-08-06 CVE-2004-0545 IBM LVM Utilities Symbolic Link vulnerability in IBM AIX 5.1/5.2

LVM for AIX 5.1 and 5.2 allows local users to overwrite arbitrary files via a symlink attack.

7.2
2004-08-06 CVE-2004-0544 IBM Buffer Overflow vulnerability in IBM AIX 4.3.3/5.1/5.2

Multiple buffer overflows in LVM for AIX 5.1 and 5.2 allow local users to gain privileges via the (1) putlvcb or (2) getlvcb commands.

7.2
2004-08-06 CVE-2004-0536 Tripwire Unspecified vulnerability in Tripwire

Format string vulnerability in Tripwire commercial 4.0.1 and earlier, including 2.4, and open source 2.3.1 and earlier, allows local users to gain privileges via format string specifiers in a file name, which is used in the generation of an email report.

7.2
2004-08-06 CVE-2004-0530 Slackware The PHP package in Slackware 8.1, 9.0, and 9.1, when linked against a static library, includes /tmp in the search path, which allows local users to execute arbitrary code as the PHP user by inserting shared libraries into the appropriate path.
7.2
2004-08-06 CVE-2004-0529 Cluecentral Unspecified vulnerability in Cluecentral Suexec.Patch

The modified suexec program in cPanel, when configured for mod_php and compiled for Apache 1.3.31 and earlier without mod_phpsuexec, allows local users to execute untrusted shared scripts and gain privileges, as demonstrated using untainted scripts such as (1) proftpdvhosts or (2) addalink.cgi, a different vulnerability than CVE-2004-0490.

7.2
2004-08-06 CVE-2004-0495 Avaya
Gentoo
Linux
Redhat
Suse
Conectiva
Device Driver vulnerability in Linux Kernel

Multiple unknown vulnerabilities in Linux kernel 2.4 and 2.6 allow local users to gain privileges or access kernel memory, as found by the Sparse source code checking tool.

7.2
2004-08-06 CVE-2004-0453 Vice Unspecified vulnerability in Vice 1.13/1.14/1.6

Format string vulnerability in the monitor "memory dump" command in VICE 1.6 to 1.14 allows local users to cause a denial of service (emulator crash) and possibly execute arbitrary code via format string specifiers in an output string.

7.2
2004-08-06 CVE-2004-0447 Linux Local Denial of Service vulnerability in Linux Kernel

Unknown vulnerability in Linux before 2.4.26 for IA64 allows local users to cause a denial of service, with unknown impact.

7.2
2004-08-06 CVE-2004-0213 Microsoft Unspecified vulnerability in Microsoft Windows 2000

Utility Manager in Windows 2000 launches winhlp32.exe while Utility Manager is running with raised privileges, which allows local users to gain system privileges via a "Shatter" style attack that sends a Windows message to cause Utility Manager to launch winhlp32 by directly accessing the context sensitive help and bypassing the GUI, then sending another message to winhlp32 in order to open a user-selected file, a different vulnerability than CVE-2003-0908.

7.2
2004-08-06 CVE-2004-0210 Avaya
Microsoft
The POSIX component of Microsoft Windows NT and Windows 2000 allows local users to execute arbitrary code via certain parameters, possibly by modifying message length values and causing a buffer overflow.
7.2
2004-08-06 CVE-2004-0205 Avaya
Microsoft
Remote Buffer Overflow vulnerability in Microsoft IIS 4 Redirect

Buffer overflow in Microsoft Internet Information Server (IIS) 4.0 allows local users to execute arbitrary code via the redirect function.

7.2
2004-08-06 CVE-2004-0135 SGI Unspecified vulnerability in SGI Irix

The syssgi SGI_IOPROBE system call in IRIX 6.5.20 through 6.5.24 allows local users to gain privileges by reading and writing to kernel memory.

7.2
2004-08-06 CVE-2004-0125 Freebsd Unspecified vulnerability in Freebsd

The jail system call in FreeBSD 4.x before 4.10-RELEASE does not verify that an attempt to manipulate routing tables originated from a non-jailed process, which could allow local users to modify the routing table.

7.2
2004-08-04 CVE-2004-1363 Oracle Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Oracle products

Buffer overflow in extproc in Oracle 10g allows remote attackers to execute arbitrary code via environment variables in the library name, which are expanded after the length check is performed.

7.2

51 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2004-08-06 CVE-2004-0681 Comersus Open Technologies Multiple vulnerability in Comersus Open Technologies Comersus Cart 5.09

Multiple cross-site scripting (XSS) vulnerabilities in (1) comersus_customerAuthenticateForm.asp, (2) comersus_backoffice_message.asp, (3) comersus_supportError.asp, or (4) comersus_message.asp in Comersus Cart 5.09 allow remote attackers to execute web script as other users via the message parameter.

6.8
2004-08-06 CVE-2004-0675 Mcmurtrey Whitaker AND Associates Cross-Site Scripting vulnerability in McMurtrey/Whitaker & Associates Cart32 GetLatestBuilds Script

Cross-site scripting (XSS) vulnerability in (1) cart32.exe or (2) c32web.exe in Cart32 shopping cart allows remote attackers to execute arbitrary web script via the cart32 parameter to a GetLatestBuilds command.

6.8
2004-08-06 CVE-2004-0673 Simm Comm Cross-Site Scripting vulnerability in Simm-Comm SCI Photo Chat 3.4.9

Cross-site scripting (XSS) vulnerability in SCI Photo Chat Server 3.4.9 allows remote attackers to execute arbitrary web script as other users via an invalid request that is echoed in the resulting error message.

6.8
2004-08-06 CVE-2004-0672 Netegrity Cross-Site Scripting vulnerability in Netegrity IdentityMinder

Multiple cross-site scripting (XSS) vulnerabilities in the primary and management web interfaces in Netegrity IdentityMinder Web Edition 5.6 allows remote attackers to execute script as other users via (1) script that starts with %00 in the numOfExpressions parameter or (2) the mobjtype parameter.

6.8
2004-08-06 CVE-2004-0663 Powerportal Cross-Site Scripting vulnerability in Powerportal 1.1B/1.3/1.3B

Cross-site scripting (XSS) vulnerability in modules.php in PowerPortal 1.x allows remote attackers to inject arbitrary script or HTML via the (1) id parameter to the (a) private_messages module; (2) search parameter to the (b) links and (c) content modules; and (3) files parameter to the gallery module.

6.8
2004-08-06 CVE-2004-0660 Cutephp Unspecified vulnerability in Cutephp Cutenews 0.88/1.3/1.3.1

Cross-site scripting (XSS) vulnerability in (1) show_archives.php, (2) show_news.php, and possibly other php files in CuteNews 1.3.1 allows remote attackers to inject arbitrary script or HTML via the id parameter.

6.8
2004-08-06 CVE-2004-0639 Open Webmail
SGI
Squirrelmail
HTML Injection vulnerability in SquirrelMail From Email Header

Multiple cross-site scripting (XSS) vulnerabilities in Squirrelmail 1.2.10 and earlier allow remote attackers to inject arbitrary HTML or script via (1) the $mailer variable in read_body.php, (2) the $senderNames_part variable in mailbox_display.php, and possibly other vectors including (3) the $event_title variable or (4) the $event_text variable.

6.8
2004-08-06 CVE-2004-0591 Inter7 HTML Injection vulnerability in Inter7 Sqwebmail 4.0.4

Cross-site scripting (XSS) vulnerability in the print_header_uc function for SqWebMail 4.0.4 and earlier, and possibly 3.x, allows remote attackers to inject arbitrary web script or HRML via (1) e-mail headers or (2) a message with a "message/delivery-status" MIME Content-Type.

6.8
2004-08-06 CVE-2004-0588 Usermin Unspecified vulnerability in Usermin 1.070

Cross-site scripting (XSS) vulnerability in the web mail module for Usermin 1.070 allows remote attackers to insert arbitrary HTML and script via e-mail messages.

6.8
2004-08-06 CVE-2004-0584 Horde HTML Injection vulnerability in Horde IMP Email Header

Unknown vulnerability in Horde IMP 3.2.3 and earlier, before a "security fix," does not properly validate input, which allows remote attackers to execute arbitrary script as other users via script or HTML in an e-mail message, possibly triggering a cross-site scripting (XSS) vulnerability.

6.8
2004-08-06 CVE-2004-0493 Avaya
Gentoo
Trustix
Apache
IBM
The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.
6.4
2004-08-06 CVE-2004-0684 IBM Denial-Of-Service vulnerability in IBM products

WebSphere Edge Component Caching Proxy in WebSphere Edge Server 5.02, with the JunctionRewrite directive enabled, allows remote attackers to cause a denial of service via an HTTP GET request without any parameters.

5.0
2004-08-06 CVE-2004-0683 Symantec Denial-Of-Service vulnerability in Norton AntiVirus 2003 Professional Edition

Symantec Norton AntiVirus 2002 and 2003 allows remote attackers to cause a denial of service (CPU consumption) via a compressed archive that contains a large number of directories.

5.0
2004-08-06 CVE-2004-0679 Unreal Unspecified vulnerability in Unreal Unrealircd

The IP cloaking feature (cloak.c) in UnrealIRCd 3.2, and possibly other versions, uses a weak hashing scheme to hide IP addresses, which could allow remote attackers to use brute force methods to gain other user's IP addresses.

5.0
2004-08-06 CVE-2004-0677 Fastream Denial-Of-Service vulnerability in Netfile Ftp Web Server

Fastream NETFile FTP Server 6.7.2.1085 and earlier allows remote attackers to cause a denial of service (temporary hang) via the cd command with an unusual argument, possibly due to multiple leading slashes and/or an access to the floppy drive ("A").

5.0
2004-08-06 CVE-2004-0674 Enterasys Denial Of Service vulnerability in Enterasys Xsr-1805, Xsr-1850 and Xsr-3000

Enterasys XSR-1800 series Security Routers, when running firmware 7.0.0.0 and using Policy-Based Routing, allow remote attackers to cause a denial of service (crash) via a packet with the IP record route option set.

5.0
2004-08-06 CVE-2004-0671 Symantec Unspecified vulnerability in Symantec Brightmail Antispam 6.0

Brightmail Spamfilter 6.0 and earlier beta releases allows remote attackers to read mail from other users by modifying the id parameter in a viewMsgDetails.do request.

5.0
2004-08-06 CVE-2004-0670 Zyxel Remote Denial Of Service vulnerability in ZyXEL Prestige Router Authentication Password Field

Prestige 650HW-31 running Rompager 4.7 software allows remote attackers to cause a denial of service (device reboot) via a long password.

5.0
2004-08-06 CVE-2004-0668 IBM Remote Denial Of Service vulnerability in IBM Lotus Domino Server Web Access Malicious Email View

Web Access in Lotus Domino 6.5.1 allows remote attackers to cause a denial of service (server crash) via a large e-mail message, as demonstrated using a large image attachment.

5.0
2004-08-06 CVE-2004-0665 Cgiscript NET Path Disclosure vulnerability in Cgiscript.Net Csfaq 1.0

csFAQ.cgi in csFAQ allows remote attackers to gain sensitive information via an invalid database parameter, which reveals the path to the web server in an error message.

5.0
2004-08-06 CVE-2004-0664 Powerportal Input Validation vulnerability in Powerportal 1.1B/1.3/1.3B

Directory traversal vulnerability in modules.php in PowerPortal 1.x allows remote attackers to list arbitrary directories via a ..

5.0
2004-08-06 CVE-2004-0662 Powerportal Input Validation vulnerability in Powerportal 1.1B/1.3/1.3B

PowerPortal 1.x allows remote attackers to gain sensitive information via invalid or missing parameters in HTTP requests to (1) resize.php or (2) modules.php, which reveals the path in an error message.

5.0
2004-08-06 CVE-2004-0661 D Link Unspecified vulnerability in D-Link Di-604, Di-614+ and Di-624

Integer signedness error in D-Link AirPlus DI-614+ running firmware 2.30 and earlier allows remote attackers to cause a denial of service (IP lease depletion) via a DHCP request with the LEASETIME option set to -1, which makes the DHCP lease valid for thirteen or more years.

5.0
2004-08-06 CVE-2004-0657 NTP
HP
Integer Overflow OR Wraparound vulnerability in multiple products

Integer overflow in the NTP daemon (NTPd) before 4.0 causes the NTP server to return the wrong date/time offset when a client requests a date/time that is more than 34 years away from the server's time.

5.0
2004-08-06 CVE-2004-0656 Pureftpd Unspecified vulnerability in Pureftpd

The accept_client function in PureFTPd 1.0.18 and earlier allows remote attackers to cause a denial of service by exceeding the maximum number of connections.

5.0
2004-08-06 CVE-2004-0651 SUN Remote Denial Of Service vulnerability in Sun Java Runtime Environment

Unknown vulnerability in Sun Java Runtime Environment (JRE) 1.4.2 through 1.4.2_03 allows remote attackers to cause a denial of service (virtual machine hang).

5.0
2004-08-06 CVE-2004-0589 Cisco Unspecified vulnerability in Cisco IOS

Cisco IOS 11.1(x) through 11.3(x) and 12.0(x) through 12.2(x), when configured for BGP routing, allows remote attackers to cause a denial of service (device reload) via malformed BGP (1) OPEN or (2) UPDATE messages.

5.0
2004-08-06 CVE-2004-0583 Usermin
Webmin
Debian
Multiple Unspecified vulnerability in Webmin

The account lockout functionality in (1) Webmin 1.140 and (2) Usermin 1.070 does not parse certain character strings, which allows remote attackers to conduct a brute force attack to guess user IDs and passwords.

5.0
2004-08-06 CVE-2004-0582 Webmin Multiple Unspecified vulnerability in Webmin 1.1.40

Unknown vulnerability in Webmin 1.140 allows remote attackers to bypass access control rules and gain read access to configuration information for a module.

5.0
2004-08-06 CVE-2004-0580 Linksys Information Disclosure and Denial of Service vulnerability in Multiple Linksys Devices DHCP

DHCP on Linksys BEFSR11, BEFSR41, BEFSR81, and BEFSRU31 Cable/DSL Routers, firmware version 1.45.7, does not properly clear previously used buffer contents in a BOOTP reply packet, which allows remote attackers to obtain sensitive information.

5.0
2004-08-06 CVE-2004-0551 Cisco Denial-Of-Service vulnerability in Cisco Catalyst 4500

Cisco CatOS 5.x before 5.5(20) through 8.x before 8.2(2) and 8.3(2)GLX, as used in Catalyst switches, allows remote attackers to cause a denial of service (system crash and reload) by sending invalid packets instead of the final ACK portion of the three-way handshake to the (1) Telnet, (2) HTTP, or (3) SSH services, aka "TCP-ACK DoS attack."

5.0
2004-08-06 CVE-2004-0547 Postgresql Unspecified vulnerability in Postgresql 7.2.1

Buffer overflow in the ODBC driver for PostgreSQL before 7.2.1 allows remote attackers to cause a denial of service (crash).

5.0
2004-08-06 CVE-2004-0537 Opera Software Unspecified vulnerability in Opera Software Opera web Browser 7.23/7.50

Opera 7.50 and earlier allows remote web sites to provide a "Shortcut Icon" (favicon) that is wider than expected, which could allow the web sites to spoof a trusted domain and facilitate phishing attacks using a wide icon and extra spaces.

5.0
2004-08-06 CVE-2004-0528 Netscape Unspecified vulnerability in Netscape Navigator 7.1

Netscape Navigator 7.1 allows remote attackers to spoof a legitimate URL in the status bar via A HREF tags with modified "alt" values that point to the legitimate site, combined with an image map whose href points to the malicious site, which facilitates a "phishing" attack.

5.0
2004-08-06 CVE-2004-0527 KDE Unspecified vulnerability in KDE Konqueror

KDE Konqueror 2.1.1 and 2.2.2 allows remote attackers to spoof a legitimate URL in the status bar via A HREF tags with modified "alt" values that point to the legitimate site, combined with an image map whose href points to the malicious site, which facilitates a "phishing" attack.

5.0
2004-08-06 CVE-2004-0526 Microsoft Unspecified vulnerability in Microsoft products

Unknown versions of Internet Explorer and Outlook allow remote attackers to spoof a legitimate URL in the status bar via A HREF tags with modified "alt" values that point to the legitimate site, combined with an image map whose href points to the malicious site, which facilitates a "phishing" attack.

5.0
2004-08-06 CVE-2004-0525 HP Remote Denial of Service vulnerability in HP Integrated Lights Out

HP Integrated Lights-Out (iLO) 1.10 and other versions before 1.55 allows remote attackers to cause a denial of service (hang) by accessing iLO using the TCP/IP reserved port zero.

5.0
2004-08-06 CVE-2004-0417 CVS
Openpkg
SGI
Gentoo
Openbsd
Integer overflow in the "Max-dotdot" CVS protocol command (serve_max_dotdot) for CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to cause a server crash, which could cause temporary data to remain undeleted and consume disk space.
5.0
2004-08-06 CVE-2004-0215 Avaya
Microsoft
Microsoft Outlook Express 5.5 and 6 allows attackers to cause a denial of service (application crash) via a malformed e-mail header.
5.0
2004-08-06 CVE-2004-0202 Microsoft Remote Malformed Packet Denial Of Service vulnerability in Microsoft DirectX DirectPlay

IDirectPlay4 Application Programming Interface (API) of Microsoft DirectPlay 7.0a thru 9.0b, as used in Windows Server 2003 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed packet.

5.0
2004-08-04 CVE-2004-1679 Jigunet Directory Traversal vulnerability in Jigunet Twinftp Enterprise and Twinftp Standard

Directory traversal vulnerability in TwinFTP 1.0.3 R2 allows remote attackers to create arbitrary files via a .../ (triple dot) in the (1) CWD, (2) STOR, or (3) RETR commands.

5.0
2004-08-04 CVE-2004-1369 Oracle Multiple Unspecified vulnerability in Oracle

The TNS Listener in Oracle 10g allows remote attackers to cause a denial of service (listener crash) via a malformed service_register_NSGR request containing a value that is used as an invalid offset for a pointer that references incorrect memory.

5.0
2004-08-02 CVE-2004-1708 Shawn Webb Denial Of Service vulnerability in Shawn Webb Webbsyte Chat 0.9

Webbsyte Chat 0.9.0 allows remote attackers to cause a denial of service (crash) via a large number of connections.

5.0
2004-08-06 CVE-2004-0647 Shorewall Unspecified vulnerability in Shorewall

shorewall 1.4.10c and earlier, and 2.0.x before 2.0.3a, allows local users to overwrite arbitrary files via a symlink attack on the chains-$$ temporary file.

4.6
2004-08-06 CVE-2004-0581 GNU
Mandrakesoft
Symbolic Link vulnerability in KSymoops KSymoops-GZNM Insecure Temporary File Handling

ksymoops-gznm script in Mandrake Linux 9.1 through 10.0, and Corporate Server 2.1, allows local users to delete arbitrary files via a symlink attack on files in /tmp.

4.6
2004-08-04 CVE-2004-1366 Oracle Credentials Management vulnerability in Oracle products

Oracle 10g Database Server stores the password for the SYSMAN account in cleartext in the world-readable emoms.properties file, which could allow local users to gain DBA privileges.

4.6
2004-08-04 CVE-2004-1365 Oracle Multiple Unspecified vulnerability in Oracle

Extproc in Oracle 9i and 10g does not require authentication to load a library or execute a function, which allows local users to execute arbitrary commands as the Oracle user.

4.6
2004-08-04 CVE-2004-1367 Oracle Information Exposure vulnerability in Oracle products

Oracle 10g Database Server, when installed with a password that contains an exclamation point ("!") for the (1) DBSNMP or (2) SYSMAN user, generates an error that logs the password in the world-readable postDBCreation.log file, which could allow local users to obtain that password and use it against SYS or SYSTEM accounts, which may have been installed with the same password.

4.4
2004-08-06 CVE-2004-1712 Typepad Cross-Site Scripting vulnerability in TypePad

Cross-site scripting (XSS) vulnerability in TypePad allows remote attackers to inject arbitrary Javascript via the name parameter.

4.3
2004-08-06 CVE-2004-1711 Moodle Unspecified vulnerability in Moodle

Cross-site scripting (XSS) vulnerability in post.php in Moodle before 1.3 allows remote attackers to inject arbitrary web script or HTML via the reply parameter.

4.3
2004-08-06 CVE-2004-0678 12Planet Cross-Site Scripting vulnerability in 12Planet Chat Server 2.9

Cross-site scripting (XSS) in one2planet.infolet.InfoServlet in 12Planet Chat Server 2.9 allows remote attackers to execute arbitrary script as other users via the page parameter.

4.3

9 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2004-08-06 CVE-2004-0654 SUN Denial Of Service vulnerability in Sun Solaris Basic Security Module Auditing

Unknown vulnerability in the Basic Security Module (BSM), when configured to audit either the Administrative (ad) or the System-Wide Administration (as) audit class in Solaris 7, 8, and 9, allows local users to cause a denial of service (kernel panic).

2.1
2004-08-06 CVE-2004-0653 SUN Unspecified vulnerability in SUN Solaris 9.0

Solaris 9, when configured as a Kerberos client with patch 112908-12 or 115168-03 and using pam_krb5 as an "auth" module with the debug feature enabled, records passwords in plaintext, which could allow local users to gain other user's passwords by reading log files.

2.1
2004-08-06 CVE-2004-0596 Linux Local Denial Of Service vulnerability in Linux Kernel Equalizer Load Balancer Device Driver

The Equalizer Load-balancer for serial network interfaces (eql.c) in Linux kernel 2.6.x up to 2.6.7 allows local users to cause a denial of service via a non-existent device name that triggers a null dereference.

2.1
2004-08-06 CVE-2004-0587 Mandrakesoft
Redhat
Suse
Denial of Service vulnerability in Linux Kernel HbaApiNode Improper File Permissions

Insecure permissions for the /proc/scsi/qla2300/HbaApiNode file in Linux allows local users to cause a denial of service.

2.1
2004-08-06 CVE-2004-0554 Avaya
Gentoo
Linux
Redhat
Suse
Conectiva
Local Denial Of Service vulnerability in Linux Kernel Floating Point Exception Handler

Linux kernel 2.4.x and 2.6.x for x86 allows local users to cause a denial of service (system crash), possibly via an infinite loop that triggers a signal handler with a certain sequence of fsave and frstor instructions, as originally demonstrated using a "crash.c" program.

2.1
2004-08-06 CVE-2004-0535 Mandrakesoft
Suse
Conectiva
Engardelinux
Gentoo
Linux
The e1000 driver for Linux kernel 2.4.26 and earlier does not properly initialize memory before using it, which allows local users to read portions of kernel memory.
2.1
2004-08-06 CVE-2004-0137 SGI Denial Of Service vulnerability in SGI IRIX Undisclosed Init

Unknown vulnerability in init for IRIX 6.5.20 through 6.5.24 allows local users to cause a denial of service (system panic) as a result of "page invalidation issues."

2.1
2004-08-06 CVE-2004-0136 SGI Local Denial Of Service vulnerability in SGI IRIX Undisclosed MapElf32Exec

The mapelf32exec function call in IRIX 6.5.20 through 6.5.24 allows local users to cause a denial of service (system crash) via a "corrupted binary."

2.1
2004-08-04 CVE-2004-1709 Datakey Local Security vulnerability in Rainbow Ikey2032 Usb Token

Datakey Rainbow iKey2032 USB token, when using the CIP client package, does not encrypt communications between the token and the driver, which could allow local users to obtain the PINs of other users.

2.1