Weekly Vulnerabilities Reports > August 16 to 22, 2004

Overview

80 new vulnerabilities reported during this period, including 17 critical vulnerabilities and 18 high severity vulnerabilities. This weekly summary report vulnerabilities in 102 products from 63 vendors including Mozilla, SGI, Gentoo, Apple, and Microsoft. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", and "Path Traversal".

  • 66 reported vulnerabilities are remotely exploitables.
  • 1 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 80 reported vulnerabilities are exploitable by an anonymous user.
  • Mozilla has the most reported vulnerabilities, with 17 reported vulnerabilities.
  • Mozilla has the most reported critical vulnerabilities, with 6 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

17 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2004-08-18 CVE-2004-0769 Mozilla Unspecified vulnerability in Mozilla Bugzilla

Buffer overflow in LHA allows remote attackers to execute arbitrary code via long pathnames in LHarc format 2 headers for a .LHZ archive, as originally demonstrated using the "x" option but also exploitable through "l" and "v", and fixed in header.c, a different issue than CVE-2004-0771.

10.0
2004-08-18 CVE-2004-0764 Mozilla Unspecified vulnerability in Mozilla Firefox, Mozilla and Thunderbird

Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote web sites to hijack the user interface via the "chrome" flag and XML User Interface Language (XUL) files.

10.0
2004-08-18 CVE-2004-0757 Mozilla Unspecified vulnerability in Mozilla Firefox, Mozilla and Thunderbird

Heap-based buffer overflow in the SendUidl in the POP3 capability for Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, may allow remote POP3 mail servers to execute arbitrary code.

10.0
2004-08-18 CVE-2004-0722 Mozilla
Netscape
Multiple vulnerability Fixed in SCO OpenServer Release 5.0.7 Maintenance Pack 4 Released -

Integer overflow in the SOAPParameter object constructor in (1) Netscape version 7.0 and 7.1 and (2) Mozilla 1.6, and possibly earlier versions, allows remote attackers to execute arbitrary code.

10.0
2004-08-18 CVE-2004-0631 Adobe Buffer Overflow vulnerability in Adobe Acrobat Reader For Unix UUDecode

Buffer overflow in the uudecoding feature for Adobe Acrobat Reader 5.0.5 and 5.0.6 for Unix and Linux, and possibly other versions including those before 5.0.9, allows remote attackers to execute arbitrary code via a long filename for the PDF file that is provided to the uudecode command.

10.0
2004-08-18 CVE-2004-0630 Adobe Remote Arbitrary Code Execution vulnerability in Adobe Acrobat Reader Shell Metacharacter

The uudecoding feature in Adobe Acrobat Reader 5.0.5 and 5.0.6 for Unix and Linux, and possibly other versions including those before 5.0.9, allows remote attackers to execute arbitrary code via shell metacharacters ("`" or backtick) in the filename of the PDF file that is provided to the uudecode command.

10.0
2004-08-18 CVE-2004-0523 MIT
SGI
SUN
Tinysofa
Principal Name Buffer Overrun vulnerability in MIT Kerberos 5 KRB5_AName_To_Localname

Multiple buffer overflows in krb5_aname_to_localname for MIT Kerberos 5 (krb5) 1.3.3 and earlier allow remote attackers to execute arbitrary code as root.

10.0
2004-08-18 CVE-2004-0521 SGI
Squirrelmail
SQL Injection vulnerability in SquirrelMail

SQL injection vulnerability in SquirrelMail before 1.4.3 RC1 allows remote attackers to execute unauthorized SQL statements, with unknown impact, probably via abook_database.php.

10.0
2004-08-18 CVE-2004-0513 Apple Security vulnerability in Apple Mac OS X

Unspecified vulnerability in Mac OS X before 10.3.4 has unknown impact and attack vectors related to "logging when tracing system calls."

10.0
2004-08-18 CVE-2004-0507 Ethereal Group
SGI
Protocol Dissector vulnerability in Ethereal

Buffer overflow in the MMSE dissector for Ethereal 0.10.1 to 0.10.3 allows remote attackers to cause a denial of service and possibly execute arbitrary code.

10.0
2004-08-18 CVE-2004-0487 Symantec Remote Code Execution vulnerability in Symantec Norton Antivirus 2.1

A certain ActiveX control in Symantec Norton AntiVirus 2004 allows remote attackers to cause a denial of service (resource consumption) and possibly execute arbitrary programs.

10.0
2004-08-18 CVE-2004-0433 Mplayer
Xine
Multiple buffer overflows in the Real-Time Streaming Protocol (RTSP) client for (1) MPlayer before 1.0pre4 and (2) xine lib (xine-lib) before 1-rc4, when playing Real RTSP (realrtsp) streams, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (a) long URLs, (b) long Real server responses, or (c) long Real Data Transport (RDT) packets.
10.0
2004-08-18 CVE-2004-0425 Netegrity Heap Overflow vulnerability in Netegrity Sideminder Affiliate Agent 4.0

Heap-based buffer overflow in SiteMinder Affiliate Agent 4.x allows remote attackers to execute arbitrary code via a large SMPROFILE cookie.

10.0
2004-08-18 CVE-2004-0234 Clearswift
F Secure
Rarlab
Redhat
SGI
Stalker
Tsugio Okamoto
Winzip
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Multiple stack-based buffer overflows in the get_header function in header.c for LHA 1.14, as used in products such as Barracuda Spam Firewall, allow remote attackers or local users to execute arbitrary code via long directory or file names in an LHA archive, which triggers the overflow when testing or extracting the archive.

10.0
2004-08-18 CVE-2004-0226 Midnight Commander
SGI
Gentoo
Slackware
Multiple buffer overflows in Midnight Commander (mc) before 4.6.0 may allow attackers to cause a denial of service or execute arbitrary code.
10.0
2004-08-18 CVE-2003-1043 Mozilla Multiple vulnerability in Bugzilla

SQL injection vulnerability in Bugzilla 2.16.3 and earlier, and 2.17.1 through 2.17.4, allows remote authenticated users with editkeywords privileges to execute arbitrary SQL via the id parameter to editkeywords.cgi.

10.0
2004-08-18 CVE-2003-1042 Mozilla Multiple vulnerability in Bugzilla

SQL injection vulnerability in collectstats.pl for Bugzilla 2.16.3 and earlier allows remote authenticated users with editproducts privileges to execute arbitrary SQL via the product name.

10.0

18 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2004-08-20 CVE-2004-1732 Mydms SQL Injection Vulnerability And Directory Traversal vulnerability in Mydms 1.4/1.4.1

SQL injection vulnerability in out.ViewFolder.php in MyDMS before 1.4.2 allows remote attackers to execute arbitrary SQL commands via the folderid parameter.

7.5
2004-08-20 CVE-2004-1728 British National Corpus Remote Buffer Overflow vulnerability in British National Corpus SARA

Buffer overflow in British National Corpus SARA (sarad) allows remote attackers to execute arbitrary code by calling the client with a long string.

7.5
2004-08-20 CVE-2004-1726 John Bradley Buffer Overflow and Integer Handling vulnerability in John Bradley XV 3.10A

Multiple integer overflows in (1) xviris.c, (2) xvpcx.c, and (3) xvpm.c in XV allow remote attackers to execute arbitrary code via a crafted image file that triggers a heap-based buffer overflow.

7.5
2004-08-18 CVE-2004-1724 PHP Fusion Information Disclosure vulnerability in PHP Fusion PHP Fusion 4.0

The ReadMe First.txt file in PHP-Fusion 4.0 instructs users to set the permissions on the fusion_admin/db_backups directory to world read/write/execute (777), which allows remote attackers to download or view database backups, which have easily guessable filenames and contain the administrator username and password.

7.5
2004-08-18 CVE-2004-0779 Firebirdsql
Mozilla
Remote Security vulnerability in Firebird

The (1) Mozilla 1.6, (2) Firebird 0.7 and (3) Firefox 0.8 web browsers do not properly verify that cached passwords for SSL encrypted sites are only sent via SSL encrypted sessions to the site, which allows a remote attacker to cause a cached password to be sent in cleartext to a spoofed site.

7.5
2004-08-18 CVE-2004-0765 Mozilla Unspecified vulnerability in Mozilla Firefox, Mozilla and Thunderbird

The cert_TestHostName function in Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, only checks the hostname portion of a certificate when the hostname portion of the URI is not a fully qualified domain name (FQDN), which allows remote attackers to spoof trusted certificates.

7.5
2004-08-18 CVE-2004-0518 Apple Remote Security vulnerability in Apple Mac OS X Server

Unknown vulnerability in AppleFileServer for Mac OS X 10.3.4, related to "the use of SSH and reporting errors," has unknown impact and attack vectors.

7.5
2004-08-18 CVE-2004-0432 Proftpd Project
Gentoo
Trustix
ProFTPD 1.2.9 treats the Allow and Deny directives for CIDR based ACL entries as if they were AllowAll, which could allow FTP clients to bypass intended access restrictions.
7.5
2004-08-18 CVE-2004-0419 X ORG
Xfree86 Project
Gentoo
XDM in XFree86 opens a chooserFd TCP socket even when DisplayManager.requestPort is 0, which could allow remote attackers to connect to the port, in violation of the intended restrictions.
7.5
2004-08-18 CVE-2003-1046 Mozilla Multiple vulnerability in Bugzilla

describecomponents.cgi in Bugzilla 2.17.3 and 2.17.4 does not properly verify group membership when bug entry groups are used, which allows remote attackers to list component descriptions for otherwise restricted products.

7.5
2004-08-18 CVE-2003-1044 Mozilla Multiple vulnerability in Bugzilla

editproducts.cgi in Bugzilla 2.16.3 and earlier, when usebuggroups is enabled, does not properly remove group add privileges from a group that is being deleted, which allows users with those privileges to perform unauthorized additions to the next group that is assigned with the original group ID.

7.5
2004-08-17 CVE-2004-1722 Merak Multiple vulnerability in Merak Mail Server 7.5.2

SQL injection vulnerability in calendar.html in Merak Mail Server 5.2.7 allows remote attackers to execute arbitrary SQL statements via the schedule parameter.

7.5
2004-08-16 CVE-2004-1737 THE Cacti Group
Gentoo
SQL Injection vulnerability in RaXnet Cacti Auth_Login.PHP

SQL injection vulnerability in auth_login.php in Cacti 0.8.5a allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username or (2) password parameters.

7.5
2004-08-16 CVE-2004-1717 GV Remote Buffer Overflow vulnerability in GV Postscript and PDF Viewer

Multiple buffer overflows in the psscan function in ps.c for gv (ghostview) allow remote attackers to execute arbitrary code via a Postscript file with a long (1) BoundingBox, (2) comment, (3) Orientation, (4) PageOrder, or (5) Pages value.

7.5
2004-08-18 CVE-2004-0514 Apple Security vulnerability in Apple Mac OS X

Unknown vulnerability in LoginWindow for Mac OS X 10.3.4, related to "handling of directory services lookups."

7.2
2004-08-18 CVE-2004-0490 Cpanel Local Privilege Escalation vulnerability in cPanel

cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec option, does not set the --enable-discard-path option, which causes php to use the SCRIPT_FILENAME variable to find and execute a script instead of the PATH_TRANSLATED variable, which allows local users to execute arbitrary PHP code as other users via a URL that references the attacker's script after the user's script, which executes the attacker's script with the user's privileges, a different vulnerability than CVE-2004-0529.

7.2
2004-08-18 CVE-2004-0228 Linux Unspecified vulnerability in Linux Kernel 2.6.0

Integer signedness error in the cpufreq proc handler (cpufreq_procctl) in Linux kernel 2.6 allows local users to gain privileges.

7.2
2004-08-18 CVE-2004-0134 SGI Privilege Escalation vulnerability in IRIX Checkpoint and Restart libcpr Library Loading

cpr (libcpr) in SGI IRIX before 6.5.25 allows local users to gain privileges by loading a user provided library while restarting the checkpointed process.

7.2

39 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2004-08-18 CVE-2004-0520 Open Webmail
SGI
Squirrelmail
HTML Injection vulnerability in SquirrelMail Email Header

Cross-site scripting (XSS) vulnerability in mime.php for SquirrelMail before 1.4.3 allows remote attackers to insert arbitrary HTML and script via the content-type mail header, as demonstrated using read_body.php.

6.8
2004-08-18 CVE-2004-0519 SGI
Squirrelmail
Cross-Site Scripting vulnerability in SquirrelMail Folder Name

Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.2 allow remote attackers to execute arbitrary script as other users and possibly steal authentication information via multiple attack vectors, including the mailbox parameter in compose.php.

6.8
2004-08-16 CVE-2004-1716 Powie HTML Injection vulnerability in PScript PForum User Profile

Cross-site scripting (XSS) vulnerability in PForum before 1.26 allows remote attackers to inject arbitrary web script or HTML via the (1) IRC Server or (2) AIM ID fields in the user profile.

6.8
2004-08-18 CVE-2004-0760 Mozilla Multiple vulnerability Fixed in SCO OpenServer Release 5.0.7 Maintenance Pack 4 Released -

Mozilla allows remote attackers to cause Mozilla to open a URI as a different MIME type than expected via a null character (%00) in an FTP URI.

6.4
2004-08-18 CVE-2004-0759 Mozilla Multiple vulnerability Fixed in SCO OpenServer Release 5.0.7 Maintenance Pack 4 Released -

Mozilla before 1.7 allows remote web servers to read arbitrary files via Javascript that sets the value of an <input type="file"> tag.

6.4
2004-08-18 CVE-2004-0235 Clearswift
F Secure
Rarlab
Redhat
SGI
Stalker
Tsugio Okamoto
Winzip
Buffer Overflow/Directory Traversal vulnerability in Multiple LHA

Multiple directory traversal vulnerabilities in LHA 1.14 allow remote attackers or local users to create arbitrary files via an LHA archive containing filenames with (1) ..

6.4
2004-08-20 CVE-2004-1733 Mydms SQL Injection Vulnerability And Directory Traversal vulnerability in Mydms 1.4/1.4.1/1.4.2

Directory traversal vulnerability in MyDMS 1.4.2 and other versions allows remote registered users to read arbitrary files via ..

5.0
2004-08-20 CVE-2004-1731 Mantis Unspecified vulnerability in Mantis

signup_page.php in Mantis bugtracker allows remote attackers to send e-mail bombs by creating multiple users and providing the same e-mail address.

5.0
2004-08-20 CVE-2004-1727 Working Resources INC Denial Of Service vulnerability in Working Resources Inc. Badblue 2.50

BadBlue 2.5 allows remote attackers to cause a denial of service (refuse HTTP connections) via a large number of connections from the same IP address.

5.0
2004-08-18 CVE-2004-0839 Microsoft
Avaya
Nortel
Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by "wottapoop.html".
5.0
2004-08-18 CVE-2004-0767 Ngsec Unspecified vulnerability in Ngsec Stackdefender 1.10

NGSEC StackDefender 1.10 allows attackers to cause a denial of service (system crash) via an invalid address for the ObjectAttribues parameter to the hooks for the (1) ZwCreateFile or (2) ZwOpenFile functions.

5.0
2004-08-18 CVE-2004-0766 Ngsec Unspecified vulnerability in Ngsec Stackdefender 2.0

NGSEC StackDefender 2.0 allows attackers to cause a denial of service (system crash) via an invalid address for the BaseAddress parameter to the hooks for the (1) ZwAllocateVirtualMemory or (2) ZwProtectVirtualMemory functions.

5.0
2004-08-18 CVE-2004-0763 Mozilla Unspecified vulnerability in Mozilla Firefox 0.9.1/0.9.2

Mozilla Firefox 0.9.1 and 0.9.2 allows remote web sites to spoof certificates of trusted web sites via redirects and Javascript that uses the "onunload" method.

5.0
2004-08-18 CVE-2004-0762 Mozilla Unspecified vulnerability in Mozilla Firefox, Mozilla and Thunderbird

Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote web sites to install arbitrary extensions by using interactive events to manipulate the XPInstall Security dialog box.

5.0
2004-08-18 CVE-2004-0761 Mozilla Unspecified vulnerability in Mozilla Firefox, Mozilla and Thunderbird

Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote attackers to use certain redirect sequences to spoof the security lock icon that makes a web page appear to be encrypted.

5.0
2004-08-18 CVE-2004-0758 Mozilla Multiple vulnerability Fixed in SCO OpenServer Release 5.0.7 Maintenance Pack 4 Released -

Mozilla 1.5 through 1.7 allows a CA certificate to be imported even when their DN is the same as that of the built-in CA root certificate, which allows remote attackers to cause a denial of service to SSL pages because the malicious certificate is treated as invalid.

5.0
2004-08-18 CVE-2004-0506 Ethereal Group
SGI
Protocol Dissector vulnerability in Ethereal

The SPNEGO dissector in Ethereal 0.9.8 to 0.10.3 allows remote attackers to cause a denial of service (crash) via unknown attack vectors that cause a null pointer dereference.

5.0
2004-08-18 CVE-2004-0505 Ethereal Group
SGI
Protocol Dissector vulnerability in Ethereal

The AIM dissector in Ethereal 0.10.3 allows remote attackers to cause a denial of service (assert error) via unknown attack vectors.

5.0
2004-08-18 CVE-2004-0504 Ethereal Group
SGI
Protocol Dissector vulnerability in Ethereal

Ethereal 0.10.3 allows remote attackers to cause a denial of service (crash) via certain SIP messages between Hotsip servers and clients.

5.0
2004-08-18 CVE-2004-0503 Microsoft Unspecified vulnerability in Microsoft Outlook 2003

Microsoft Outlook 2003 allows remote attackers to bypass the default zone restrictions and execute script within media files via a Rich Text Format (RTF) message containing an OLE object for the Windows Media Player, which bypasses Media Player's setting to disallow scripting and may lead to unprompted installation of an executable when exploited in conjunction with predictable-file-location exposures such as CVE-2004-0502.

5.0
2004-08-18 CVE-2004-0502 Microsoft Unspecified vulnerability in Microsoft Outlook 2003

Outlook 2003, when replying to an e-mail message, stores certain files in a predictable location for the "src" of an img tag of the original message, which allows remote attackers to bypass zone restrictions and exploit other issues that rely on predictable locations, as demonstrated using a shell: URI.

5.0
2004-08-18 CVE-2004-0501 Microsoft Unspecified vulnerability in Microsoft Outlook 2003

Outlook 2003 allows remote attackers to bypass intended access restrictions and cause Outlook to request a URL from a remote site via an HTML e-mail message containing a Vector Markup Language (VML) entity whose src parameter points to the remote site, which could allow remote attackers to know when a message has been read, verify valid e-mail addresses, and possibly leak other information.

5.0
2004-08-18 CVE-2004-0476 3Com Remote 812 ADSL Router Telnet Buffer Overflow vulnerability in 3Com 3Cp4144 1.1.9.4

Buffer overflow in 3Com OfficeConnect Remote 812 ADSL Router 1.1.9.4 allows remote attackers to cause a denial of service (reboot or packet loss) via a long string containing Telnet escape characters to the Telnet port.

5.0
2004-08-18 CVE-2004-0421 Greg Roelofs
Openpkg
Redhat
Trustix
Denial Of Service vulnerability in LibPNG Broken PNG Out Of Bounds Access

The Portable Network Graphics library (libpng) 1.0.15 and earlier allows attackers to cause a denial of service (crash) via a malformed PNG image file that triggers an error that causes an out-of-bounds read when creating the error message.

5.0
2004-08-18 CVE-2004-0412 GNU Password Retrieval vulnerability in GNU Mailman

Mailman before 2.1.5 allows remote attackers to obtain user passwords via a crafted email request to the Mailman server.

5.0
2004-08-18 CVE-2004-0375 Symantec Remote Denial Of Service vulnerability in Symantec Client Firewall Products SYMNDIS.SYS Driver

SYMNDIS.SYS in Symantec Norton Internet Security 2003 and 2004, Norton Personal Firewall 2003 and 2004, Client Firewall 5.01 and 5.1.1, and Client Security 1.0 and 1.1 allow remote attackers to cause a denial of service (infinite loop) via a TCP packet with (1) SACK option or (2) Alternate Checksum Data option followed by a length of zero.

5.0
2004-08-18 CVE-2004-0232 Midnight Commander
SGI
Gentoo
Slackware
Multiple format string vulnerabilities in Midnight Commander (mc) before 4.6.0 may allow attackers to cause a denial of service or execute arbitrary code.
5.0
2004-08-18 CVE-2004-0230 Oracle
Openpgp
Mcafee
Netbsd
Xinuos
Juniper
TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP.
5.0
2004-08-18 CVE-2003-1045 Mozilla Multiple vulnerability in Bugzilla

votes.cgi in Bugzilla 2.16.3 and earlier, and 2.17.1 through 2.17.4, allows remote attackers to read a user's voting page when that user has voted on a restricted bug, which allows remote attackers to read potentially sensitive voting information by modifying the who parameter.

5.0
2004-08-17 CVE-2004-1721 Merak Multiple vulnerability in Merak Mail Server 5.2.7

The (1) function.php or (2) function.view.php scripts in Merak Mail Server 5.2.7 allow remote attackers to read arbitrary PHP files via a direct HTTP request to port 32000.

5.0
2004-08-17 CVE-2004-1720 Merak Multiple vulnerability in Merak Mail Server 7.4.5

The (1) address.html and possibly (2) calendar.html pages in Merak Mail Server 5.2.7 allow remote attackers to gain sensitive information via an invalid HTTP request, which reveals the installation path.

5.0
2004-08-18 CVE-2004-0517 Apple Security vulnerability in Apple Mac OS X

Unknown vulnerability in Mac OS X 10.3.4, related to "handling of process IDs during package installation," a different vulnerability than CVE-2004-0516.

4.6
2004-08-18 CVE-2004-0516 Apple Security vulnerability in Apple Mac OS X

Unknown vulnerability in Mac OS X 10.3.4, related to "package installation scripts," a different vulnerability than CVE-2004-0517.

4.6
2004-08-18 CVE-2004-0515 Apple Security vulnerability in Apple Mac OS X

Unknown vulnerability in LoginWindow for Mac OS X 10.3.4, related to "handling of console log files."

4.6
2004-08-18 CVE-2004-0229 Gentoo
Linux
Unspecified vulnerability in Linux kernel Framebuffer Code

The framebuffer driver in Linux kernel 2.6.x does not properly use the fb_copy_cmap function, with unknown impact.

4.6
2004-08-21 CVE-2004-1735 Sympa HTML Injection vulnerability in Sympa New List

Cross-site scripting (XSS) vulnerability in the create list option in Sympa 4.1.x and earlier allows remote authenticated users to inject arbitrary web script or HTML via the description field.

4.3
2004-08-20 CVE-2004-1729 Nihuo Software HTML Injection vulnerability in Nihuo Software web LOG Analyzer 1.6

Cross-site scripting (XSS) vulnerability in Nihuo Web Log Analyzer 1.6 allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header.

4.3
2004-08-18 CVE-2004-0175 Openbsd Path Traversal vulnerability in Openbsd Openssh

Directory traversal vulnerability in scp for OpenSSH before 3.4p1 allows remote malicious servers to overwrite arbitrary files.

4.3
2004-08-17 CVE-2004-1719 Merak Multiple vulnerability in Merak Mail Server 7.4.5

Multiple cross-site scripting (XSS) vulnerabilities in Merak Webmail Server 5.2.7 allow remote attackers to inject arbitrary web script or HTML via the (1) category, (2) cserver, (3) ext, (4) global, (5) showgroups, (6) or showlite parameters to address.html, or the (7) spage or (8) autoresponder parameters to settings.html, the (9) folder parameter to readmail.html, or the (10) attachmentpage_text_error parameter to attachment.html, (11) folder, (12) ct, or (13) cv parameters to calendar.html, (14) an <img> tag, or (15) the subject of an e-mail message.

4.3

6 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2004-08-18 CVE-2004-0435 Freebsd Buffer Cache Implementation vulnerability in FreeBSD Msync(2) System Call

Certain "programming errors" in the msync system call for FreeBSD 5.2.1 and earlier, and 4.10 and earlier, do not properly handle the MS_INVALIDATE operation, which leads to cache consistency problems that allow a local user to prevent certain changes to files from being committed to disk.

3.6
2004-08-18 CVE-2004-0394 Linux Buffer Overflow vulnerability in Linux Kernel 2.6.20.1

A "potential" buffer overflow exists in the panic() function in Linux 2.4.x, although it may not be exploitable due to the functionality of panic.

2.1
2004-08-18 CVE-2004-0233 SGI
Utempter
Slackware
Local vulnerability in UTempter

Utempter allows device names that contain ..

2.1
2004-08-18 CVE-2004-0231 Midnight Commander
SGI
Gentoo
Slackware
Multiple vulnerabilities in Midnight Commander (mc) before 4.6.0, with unknown impact, related to "Insecure temporary file and directory creations."
2.1
2004-08-18 CVE-2003-0193 Catdoc Local Insecure Temporary File Creation vulnerability in CatDoc XLSView

msxlsview.sh in xlsview for catdoc 0.91 and earlier allows local users to overwrite arbitrary files via a symlink attack on predictable temporary file names ("word$$.html").

2.1
2004-08-17 CVE-2004-1718 Pedestal Software Local Denial Of Service vulnerability in Pedestal Software Integrity Protection Driver 1.2/1.3/1.4

The ZwOpenSection function in Integrity Protection Driver (IPD) 1.4 and earlier allows local users to cause a denial of service (crash) via an invalid pointer in the "oa" argument.

2.1