Weekly Vulnerabilities Reports > August 30 to September 5, 2004

Overview

24 new vulnerabilities reported during this period, including 0 critical vulnerabilities and 9 high severity vulnerabilities. This weekly summary report vulnerabilities in 26 products from 20 vendors including Jerod Moemeka, IBM, Oracle, Cutephp, and Phpwebsite. Vulnerabilities are notably categorized as and "Code Injection".

  • 20 reported vulnerabilities are remotely exploitables.
  • 23 reported vulnerabilities are exploitable by an anonymous user.
  • Jerod Moemeka has the most reported vulnerabilities, with 3 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

0 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS

9 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2004-09-02 CVE-2004-1661 Sitecubed Authentication Bypass vulnerability in SiteCubed MailWorks Professional

MailWorks Professional allows remote attackers to bypass authentication and gain privileges via a cookie that contains "auth=1" and "uId=1."

7.5
2004-09-01 CVE-2004-1654 Phpwebsite Input Validation vulnerability in PHPWebSite

SQL injection vulnerability in the calendar module in phpWebsite 0.9.3-4 and earlier allows remote attackers to execute arbitrary SQL commands via cal_template.

7.5
2004-08-31 CVE-2004-1652 Brickhost Remote Security vulnerability in Brickhost PHPscheduleit 1.0

phpScheduleIt 1.0.0 RC1 does not clear administrative privileges if the administrator logs in as a normal user, which allows users with physical access to gain administrative privileges.

7.5
2004-08-31 CVE-2004-1650 D Link Remote Configuration vulnerability in D-Link Dcs-900 Internet Camera 2.10/2.20/2.28

D-Link DCS-900 Internet Camera listens on UDP port 62976 for an IP address, which allows remote attackers to change the IP address of the camera via a UDP broadcast packet.

7.5
2004-08-30 CVE-2004-1660 Cutephp Remote Security vulnerability in CuteNews

PHP remote file inclusion vulnerability in CuteNews 1.3.6 and earlier allows remote attackers to execute arbitrary PHP code via the cutepath parameter to (1) show_archives.php or (2) show_news.php.

7.5
2004-08-30 CVE-2004-1647 WEB Animations Input Validation vulnerability in Web Animations Password Protect

SQL injection vulnerability in Password Protect allows remote attackers to execute arbitrary SQL statements and bypass authentication via (1) admin or Pass parameter to index_next.asp, (2) LoginId, OPass, or NPass to CPassChangePassword.asp, (3) users_edit.asp, or (4) users_add.asp.

7.5
2004-09-01 CVE-2004-1372 IBM Buffer Overflow vulnerability in IBM DB2 Universal Database REC2XML and GENERATE_DISTFILE

Multiple stack-based buffer overflows in IBM DB2 7.x and 8.1 allow local users to execute arbitrary code via (1) a long third argument to the rec2xml function or (2) a long filename argument to the generate_distfile procedure.

7.2
2004-08-31 CVE-2004-1774 Oracle Buffer Overflow vulnerability in Oracle Application Server and Oracle10G

Buffer overflow in the SDO_CODE_SIZE procedure of the MD2 package (MDSYS.MD2.SDO_CODE_SIZE) in Oracle 10g before 10.1.0.2 Patch 2 allows local users to execute arbitrary code via a long LAYER parameter.

7.2
2004-08-31 CVE-2004-1649 Microsoft Local Security vulnerability in Windows 2000 Server

Buffer overflow in Microsoft Msinfo32.exe might allow local users to execute arbitrary code via a long filename in the msinfo_file command line parameter.

7.2

15 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2004-09-02 CVE-2004-0637 Oracle Code Injection vulnerability in Oracle Oracle8I and Oracle9I

Oracle Database Server 8.1.7.4 through 9.2.0.4 allows local users to execute commands with additional privileges via the ctxsys.driload package, which is publicly accessible.

6.5
2004-08-31 CVE-2004-1653 Openbsd Remote Security vulnerability in OpenSSH

The default configuration for OpenSSH enables AllowTcpForwarding, which could allow remote authenticated users to perform a port bounce, when configured with an anonymous access program such as AnonCVS.

6.4
2004-09-05 CVE-2004-1664 Activision Remote Denial of Service vulnerability in Call of Duty

Call of Duty 1.4 and earlier allows remote attackers to cause a denial of service (game end) via a large (1) query or (2) reply packet, which is not properly handled by the buffer overflow protection mechanism.

5.0
2004-09-04 CVE-2004-1663 Brocade
Engenio
Broadcom
Storagetek
IBM
Engenio/LSI Logic storage controllers, as used in products such as Storagetek D280, and IBM DS4100 (formerly FastT 100) and Brocade SilkWorm Switches, allow remote attackers to cause a denial of service (freeze and possible data corruption) via crafted TCP packets.
5.0
2004-09-01 CVE-2004-1656 Comersus Open Technologies Unspecified vulnerability in Comersus Open Technologies Comersus Cart 5.0.991

CRLF injection vulnerability in Comersus Shopping Cart 5.0991 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the redirecturl parameter.

5.0
2004-08-30 CVE-2004-1646 Jerod Moemeka Multiple vulnerability in Jerod Moemeka Xedus 1.0

Directory traversal vulnerability in Xedus 1.0 allows remote attackers to read arbitrary files via a ..

5.0
2004-08-30 CVE-2004-1644 Jerod Moemeka Multiple vulnerability in Jerod Moemeka Xedus 1.0

Xedus 1.0 allows remote attackers to cause a denial of service (refuse connections) by connecting multiple times from the same IP address.

5.0
2004-09-02 CVE-2004-1658 Kerio Unspecified vulnerability in Kerio Personal Firewall

Kerio Personal Firewall 4.0 (KPF4) allows local users with administrative privileges to bypass the Application Security feature and execute arbitrary processes by directly writing to \device\physicalmemory to restore the running kernel's SDT ServiceTable.

4.6
2004-09-05 CVE-2004-1665 Psnews Cross-Site Scripting vulnerability in Psnews 1.1

Cross-site scripting (XSS) vulnerability in index.php in PsNews 1.1 allows remote attackers to inject arbitrary web script or HTML via the no parameter.

4.3
2004-09-02 CVE-2004-1659 Cutephp Cross-Site Scripting vulnerability in CuteNews 'index.php'

Cross-site scripting (XSS) vulnerability in index.php in CuteNews 1.3.6 and earlier allows remote attackers with Administrator, Editor, Journalist or Commenter privileges to inject arbitrary web script or HTML via the mod parameter.

4.3
2004-09-01 CVE-2004-1657 Newtelligence HTML Injection vulnerability in Newtelligence DasBlog Request Log

Cross-site scripting (XSS) vulnerability in the Activity and Events Viewer for Newtelligence DasBlog allows remote attackers to inject arbitrary web script or HTML via the (1) User Agent or (2) Referrer HTTP headers.

4.3
2004-09-01 CVE-2004-1655 Phpwebsite Input Validation vulnerability in PHPWebSite

Cross-site scripting (XSS) vulnerability in phpWebsite 0.9.3-4 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) CM_pid parameter in the comments module or (2) the subject or message fields in the notes module.

4.3
2004-08-31 CVE-2004-1651 Brickhost HTML Injection vulnerability in Brickhost PHPscheduleit 1.0Rc1

Multiple cross-site scripting (XSS) vulnerabilities in the registration page in phpScheduleIt 1.0.0 RC1 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Lastname fields during new user registration, or (3) the Schedule Name field.

4.3
2004-08-31 CVE-2004-1648 WEB Animations Input Validation vulnerability in Web Animations Password Protect

Cross-site scripting (XSS) vulnerability in (1) index.asp, (2) ChangePassword.asp, (3) users_list.asp, (4) and users_add.asp in Password Protect allows remote attackers to inject arbitrary web script or HTML via the ShowMsg parameter.

4.3
2004-08-30 CVE-2004-1645 Jerod Moemeka Multiple vulnerability in Jerod Moemeka Xedus 1.0

Cross-site scripting (XSS) vulnerability in Xedus 1.0 allows remote attackers to execute arbitrary web script or HTML via the (1) username parameter to test.x, (2) username parameter to TestServer.x, or (3) param parameter to testgetrequest.x.

4.3

0 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS