Weekly Vulnerabilities Reports > August 23 to 29, 2004
Overview
17 new vulnerabilities reported during this period, including 0 critical vulnerabilities and 2 high severity vulnerabilities. This weekly summary report vulnerabilities in 19 products from 16 vendors including EFS Software, Music Daemon, Avaya, Openbsd, and Xoops. Vulnerabilities are notably categorized as .
- 14 reported vulnerabilities are remotely exploitables.
- 17 reported vulnerabilities are exploitable by an anonymous user.
- EFS Software has the most reported vulnerabilities, with 2 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
0 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|
2 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2004-08-24 | CVE-2004-1752 | Nakedsoft | Buffer Overflow vulnerability in NakedSoft Gaucho POP3 Email Header Stack-based buffer overflow in Gaucho 1.4 Build 145 allows remote attackers to execute arbitrary code via a POP3 email with a long Content-Type header. | 7.5 |
2004-08-26 | CVE-2004-1681 | QNX | Utility Server Flag Buffer Overflow vulnerability in QNX Photon Microgui and RTP Multiple buffer overflows in (1) phrelay-cfg, (2) phlocale, (3) pkg-installer, or (4) input-cfg in QNX Photon microGUI for QNX RTP 6.1 allow local users to gain privileges via a long -s (server) command line parameter. | 7.2 |
15 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2004-08-29 | CVE-2004-1642 | Texas Imperial Software | Remote Denial Of Service vulnerability in WFTPD Server MLST Argument WFTPD Pro Server 3.21 allows remote authenticated users to cause a denial of service (crash) via a series of long MLIST commands. | 5.0 |
2004-08-29 | CVE-2004-1641 | South River Technologies | Remote Heap Overflow vulnerability in Titan FTP Server CWD Command Heap-based buffer overflow in Titan FTP 3.21 and earlier allows remote attackers to cause a denial of service (crash) via a long FTP command such as (1) CWD, (2) STAT, or (3) LIST. | 5.0 |
2004-08-26 | CVE-2004-1751 | Massive Entertainment | Remote Denial of Service vulnerability in Massive Entertainment Ground Control II Operation Exodus 1.0.0.7 Ground Control II: Operation Exodus 1.0.0.7 and earlier allows remote servers to cause a denial of service (client or server crash) via a large packet, which generates a "Message too long" socket error that is treated as a critical error. | 5.0 |
2004-08-25 | CVE-2004-1662 | Yabb | YaBB SE 1.5.1 allows remote attackers to obtain sensitive information via a direct HTTP request to Admin.php, which reveals the full path in a PHP error message. | 5.0 |
2004-08-25 | CVE-2004-0819 | Openbsd | Denial-Of-Service vulnerability in OpenBSD The bridge functionality in OpenBSD 3.4 and 3.5, when running a gateway configured as a bridging firewall with the link2 option for IPSec enabled, allows remote attackers to cause a denial of service (crash) via an ICMP echo (ping) packet. | 5.0 |
2004-08-24 | CVE-2004-1745 | People CAN FLY | Remote Buffer Overflow vulnerability in People CAN FLY Painkiller 1.3.1 Buffer overflow in Painkiller 1.3.1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long password. | 5.0 |
2004-08-24 | CVE-2004-1744 | EFS Software | Remote Denial Of Service vulnerability in Easy File Sharing Web Server 1.2/1.25 Easy File Sharing (EFS) Webserver 1.25 allows remote attackers to cause a denial of service (CPU consumption or crash) via many large HTTP requests. | 5.0 |
2004-08-24 | CVE-2004-1743 | EFS Software | Unspecified vulnerability in EFS Software EFS web Server 1.2/1.25 Easy File Sharing (EFS) Webserver 1.25 allows remote attackers to view arbitrary files via an HTTP request for the disk_c virtual folder. | 5.0 |
2004-08-24 | CVE-2004-1742 | WEB APP ORG | Directory Traversal vulnerability in Web-App.Org Webapp 0.9.9 Directory traversal vulnerability in WebAPP 0.9.9 allows remote attackers to view arbitrary files via a .. | 5.0 |
2004-08-23 | CVE-2004-1741 | Music Daemon | Unspecified vulnerability in Music Daemon Music Daemon 0.1/0.2/0.3 Music daemon (musicd) 0.0.3 and earlier allows remote attackers to cause a denial of service (crash) by calling LOAD with a binary file as an argument, then calling SHOWLIST. | 5.0 |
2004-08-23 | CVE-2004-1740 | Music Daemon | Unspecified vulnerability in Music Daemon Music Daemon 0.1/0.2/0.3 Music daemon (musicd) 0.0.3 and earlier allows remote attackers to read arbitrary files by calling LOAD with a full pathname, then calling SHOWLIST. | 5.0 |
2004-08-23 | CVE-2004-1739 | Bird Chat | Remote Denial Of Service vulnerability in Bird Chat Internet Chat Server 1.61 Bird Chat 1.61 allows remote attackers to cause a denial of service (crash) via invalid users. | 5.0 |
2004-08-28 | CVE-2004-0820 | Nullsoft | Local Security vulnerability in Winamp Winamp before 5.0.4 allows remote attackers to execute arbitrary script in the Local computer zone via script in HTML files that are referenced from XML files contained in a .wsz skin file. | 4.6 |
2004-08-24 | CVE-2004-0800 | Avaya SUN | Local Command Line Format String vulnerability in Sun DtMail Format string vulnerability in CDE Mailer (dtmail) on Solaris 8 and 9 allows local users to gain privileges via format strings in the argv[0] value. | 4.6 |
2004-08-28 | CVE-2004-1640 | Xoops | Cross-Site vulnerability in Nagl XOOPS Dictionary Module Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 0.94 and 1.0 allow remote attackers to execute arbitrary web script and HTML via the (1) terme parameter to search.php or (2) letter parameter to letter.php. | 4.3 |
0 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|