Weekly Vulnerabilities Reports > September 20 to 26, 2004
Overview
7 new vulnerabilities reported during this period, including 1 critical vulnerabilities and 2 high severity vulnerabilities. This weekly summary report vulnerabilities in 8 products from 6 vendors including Emulive, Symantec, CA, Jabberstudio, and Pinnacle Systems. Vulnerabilities are notably categorized as .
- 7 reported vulnerabilities are remotely exploitables.
- 7 reported vulnerabilities are exploitable by an anonymous user.
- Emulive has the most reported vulnerabilities, with 2 reported vulnerabilities.
- Emulive has the most reported critical vulnerabilities, with 1 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
1 Critical Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2004-09-20 | CVE-2004-1695 | Emulive | Authentication Bypass And Denial Of Service vulnerability in Emulive Server4 Commercebuild7560 EmuLive Server4 Commerce Edition Build 7560 allows remote attackers to bypass authentication for the remote administration feature via a URL that contains an extra leading / (slash). | 10.0 |
2 High Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2004-09-21 | CVE-2004-1697 | CA | The "Forgot your Password" link in Computer Associates (CA) Unicenter Management Portal 2.0 and 3.1 displays different error messages for users that exist and users that do not exist, which could allow remote attackers to guess valid usernames. | 7.5 |
| 2004-09-21 | CVE-2004-1694 | Symantec | Remote Database Default Password vulnerability in Symantec ON Command CCM and ON Icommand Symantec ON Command CCM 5.4.x and iCommand 3.0.x has four default usernames and passwords, one of which is hardcoded, which allows remote attackers to gain unauthorized access. | 7.5 |
4 Medium Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2004-09-24 | CVE-2004-1698 | Leadmind | Remote Denial Of Service vulnerability in Leadmind Popmessenger 1.60 The Base64 function in PopMessenger 1.60 (before 20 Sep 2004) and earlier allows remote attackers to cause a denial of service (application crash) via invalid characters in a message, which causes several alert dialogs to be displayed and leads to a crash. | 5.0 |
| 2004-09-21 | CVE-2004-1699 | Pinnacle Systems | Denial Of Service vulnerability in Pinnacle Systems Showcenter 1.51 SettingsBase.php in Pinnacle ShowCenter 1.51 allows remote attackers to cause a denial of service (web interface errors) via an invalid Skin parameter. | 5.0 |
| 2004-09-21 | CVE-2004-1696 | Emulive | Authentication Bypass And Denial Of Service vulnerability in Emulive Server4 Commercebuild7560 EmuLive Server4 Commerce Edition Build 7560 allows remote attackers to cause a denial of service (application crash) via a sequence of carriage returns sent to TCP port 66. | 5.0 |
| 2004-09-21 | CVE-2004-1378 | Jabberstudio | Remote Denial Of Service vulnerability in Jabber Studio JabberD The expat XML parser code, as used in the open source Jabber (jabberd) 1.4.3 and earlier, jadc2s 0.9.0 and earlier, and possibly other packages, allows remote attackers to cause a denial of service (application crash) via a malformed packet to a socket that accepts XML connections. | 5.0 |
0 Low Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|