Weekly Vulnerabilities Reports > October 4 to 10, 2004
Overview
6 new vulnerabilities reported during this period, including 0 critical vulnerabilities and 3 high severity vulnerabilities. This weekly summary report vulnerabilities in 17 products from 11 vendors including Realnetworks, Apple, Cyrus, Redhat, and Suse. Vulnerabilities are notably categorized as .
- 5 reported vulnerabilities are remotely exploitables.
- 6 reported vulnerabilities are exploitable by an anonymous user.
- Realnetworks has the most reported vulnerabilities, with 2 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
0 Critical Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|
3 High Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2004-10-07 | CVE-2005-0373 | Cyrus Openpkg Suse Conectiva Apple Redhat | Remote And Local vulnerability in Cyrus SASL Buffer overflow in digestmd5.c CVS release 1.170 (also referred to as digestmda5.c), as used in the DIGEST-MD5 SASL plugin for Cyrus-SASL but not in any official releases, allows remote attackers to execute arbitrary code. | 7.5 |
| 2004-10-06 | CVE-2005-0189 | Realnetworks | Buffer Overflow vulnerability in RealNetworks RealOne Player And RealPlayer ShowPreferences Action Stack-based buffer overflow in the HandleAction function in RealPlayer 10.5 (6.0.12.1040) and earlier allows remote attackers to execute arbitrary code via a long ShowPreferences argument. | 7.5 |
| 2004-10-06 | CVE-2005-0188 | Athoc | Remote Code Execution vulnerability in AtHoc ToolBar Format string vulnerability in the SetBaseURL function in AtHoc toolbar allows remote attackers to execute arbitrary code via format string specifiers in an invalid URL that is recorded in the debug log. | 7.5 |
1 Medium Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2004-10-05 | CVE-2004-0928 | Hitachi Macromedia | Remote vulnerability in Macromedia JRun The Microsoft IIS Connector in JRun 4.0 and Macromedia ColdFusion MX 6.0, 6.1, and 6.1 J2EE allows remote attackers to bypass authentication and view source files, such as .asp, .pl, and .php files, via an HTTP request that ends in ";.cfm". | 5.0 |
2 Low Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2004-10-06 | CVE-2005-0192 | Realnetworks | Directory Traversal vulnerability in RealPlayer Directory traversal vulnerability in the parsing of Skin file names in RealPlayer 10.5 (6.0.12.1040) and earlier allows remote attackers to read arbitrary files via a .. | 2.6 |
| 2004-10-04 | CVE-2004-1349 | SUN | Unspecified vulnerability in SUN Solaris and Sunos gzip before 1.3 in Solaris 8, when called with the -f or -force flags, will change the permissions of files that are hard linked to the target files, which allows local users to view or modify these files. | 2.1 |