Weekly Vulnerabilities Reports > November 22 to 28, 2004
Overview
4 new vulnerabilities reported during this period, including 1 critical vulnerabilities and 2 high severity vulnerabilities. This weekly summary report vulnerabilities in 71 products from 28 vendors including Apple, Dell, Redhat, Cisco, and HP. Vulnerabilities are notably categorized as "Off-by-one Error", "NULL Pointer Dereference", and "Inclusion of Functionality from Untrusted Control Sphere".
- 2 reported vulnerabilities are remotely exploitables.
- 2 reported vulnerabilities are exploitable by an anonymous user.
- Apple has the most reported vulnerabilities, with 1 reported vulnerabilities.
- Allmyguests Project has the most reported critical vulnerabilities, with 1 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
1 Critical Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2004-11-23 | CVE-2004-0285 | Allmyguests Project Allmylinks Project Allmyvisitors Project | Inclusion of Functionality from Untrusted Control Sphere vulnerability in multiple products PHP remote file inclusion vulnerabilities in include/footer.inc.php in (1) AllMyVisitors, (2) AllMyLinks, and (3) AllMyGuests allow remote attackers to execute arbitrary PHP code via a URL in the _AMVconfig[cfg_serverpath] parameter. | 9.8 |
2 High Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2004-11-23 | CVE-2004-0346 | Proftpd | Off-by-one Error vulnerability in Proftpd 1.2.7/1.2.8/1.2.9 Off-by-one buffer overflow in _xlate_ascii_write() in ProFTPD 1.2.7 through 1.2.9rc2p allows local users to gain privileges via a 1024 byte RETR command. | 7.8 |
| 2004-11-23 | CVE-2004-0079 | Cisco Symantec HP Avaya Redhat Freebsd Openbsd Apple SCO 4D Checkpoint Dell Lite Neoteris Novell Openssl SGI Stonesoft Tarantella Vmware Bluecoat Securecomputing SUN | NULL Pointer Dereference vulnerability in multiple products The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference. | 7.5 |
1 Medium Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2004-11-23 | CVE-2004-0342 | Wftpd PRO Server Project | Off-by-one Error vulnerability in Wftpd PRO Server Project Wftpd PRO Server 3.21 WFTPD Pro Server 3.21 Release 1, with the XeroxDocutech option enabled, allows local users to cause a denial of service (crash) via a (1) MKD or (2) XMKD command that causes an absolute path of 260 characters to be used, which overwrites a cookie with a null character, possibly due to an off-by-one error. | 5.5 |
0 Low Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|