Weekly Vulnerabilities Reports > November 22 to 28, 2004

Overview

135 new vulnerabilities reported during this period, including 41 critical vulnerabilities and 11 high severity vulnerabilities. This weekly summary report vulnerabilities in 195 products from 116 vendors including Cisco, Apple, Redhat, Dell, and SUN. Vulnerabilities are notably categorized as "Improper Input Validation", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Cross-site Scripting", "Path Traversal", and "Code Injection".

  • 117 reported vulnerabilities are remotely exploitables.
  • 2 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 134 reported vulnerabilities are exploitable by an anonymous user.
  • Cisco has the most reported vulnerabilities, with 8 reported vulnerabilities.
  • GNU has the most reported critical vulnerabilities, with 2 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

41 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2004-11-24 CVE-2004-0308 Cisco Unspecified vulnerability in Cisco Optical Networking Systems Software

Unknown vulnerability in Cisco ONS 15327 before 4.1(3), ONS 15454 before 4.6(1), ONS 15454 SD before 4.1(3), and Cisco ONS15600 before 1.3(0) allows a superuser whose account is locked out, disabled, or suspended to gain unauthorized access via a Telnet connection to the VxWorks shell.

10.0
2004-11-23 CVE-2004-0771 Tsugio Okamoto extract_one Buffer Overflow vulnerability in Tsugio Okamoto LHA 1.14/1.15/1.17

Buffer overflow in the extract_one function from lhext.c in LHA may allow attackers to execute arbitrary code via a long w (working directory) command line option, a different issue than CVE-2004-0769.

10.0
2004-11-23 CVE-2004-0636 AOL Unspecified vulnerability in AOL Instant Messenger 5.5/5.5.3415Beta/5.5.3595

Buffer overflow in the goaway function in the aim:goaway URI handler for AOL Instant Messenger (AIM) 5.5, including 5.5.3595, allows remote attackers to execute arbitrary code via a long Away message.

10.0
2004-11-23 CVE-2004-0597 Greg Roelofs
Microsoft
Remote vulnerability in LibPNG Graphics Library

Multiple buffer overflows in libpng 1.2.5 and earlier, as used in multiple products, allow remote attackers to execute arbitrary code via malformed PNG images in which (1) the png_handle_tRNS function does not properly validate the length of transparency chunk (tRNS) data, or the (2) png_handle_sBIT or (3) png_handle_hIST functions do not perform sufficient bounds checking.

10.0
2004-11-23 CVE-2004-0357 Seattle LAB Software Buffer Overflow vulnerability in Seattle LAB Software Slmail PRO 2.0.9

Stack-based buffer overflows in SL Mail Pro 2.0.9 allow remote attackers to execute arbitrary code via (1) user.dll, (2) loadpageadmin.dll or (3) loadpageuser.dll.

10.0
2004-11-23 CVE-2004-0356 Seattle LAB Software Remote Buffer Overflow vulnerability in Seattle Lab Software SLMail Pro

Stack-based buffer overflow in Supervisor Report Center in SL Mail Pro 2.0.9 and earlier allows remote attackers to execute arbitrary code via an HTTP request with a long HTTP sub-version.

10.0
2004-11-23 CVE-2004-0354 GNU Remote Buffer Overflow and Format String vulnerability in GNU Anubis

Multiple format string vulnerabilities in GNU Anubis 3.6.0 through 3.6.2, 3.9.92 and 3.9.93 allow remote attackers to execute arbitrary code via format string specifiers in strings passed to (1) the info function in log.c, (2) the anubis_error function in errs.c, or (3) the ssl_error function in ssl.c.

10.0
2004-11-23 CVE-2004-0353 GNU Remote Buffer Overflow and Format String vulnerability in GNU Anubis

Multiple buffer overflows in auth_ident() function in auth.c for GNU Anubis 3.6.0 through 3.6.2, 3.9.92 and 3.9.93 allow remote attackers to gain privileges via a long string.

10.0
2004-11-23 CVE-2004-0348 Spidersales Multiple vulnerability in Spidersales 2.0

SQL injection vulnerability in viewCart.asp in SpiderSales shopping cart software allows remote attackers to execute arbitrary SQL via the userId parameter.

10.0
2004-11-23 CVE-2004-0345 Volition Remote Buffer Overflow vulnerability in Volition RED Faction 1.0/1.1/1.20

Buffer overflow in Red Faction client 1.20 and earlier allows remote servers to execute arbitrary code via a long server name.

10.0
2004-11-23 CVE-2004-0343 Yabb Input Validation vulnerability in Yabb 1.5.4/1.5.5/1.5.5B

Multiple SQL injection vulnerabilities in YaBB SE 1.5.4 through 1.5.5b allow remote attackers to execute arbitrary SQL via (1) the msg parameter in ModifyMessage.php or (2) the postid parameter in ModifyMessage.php.

10.0
2004-11-23 CVE-2004-0338 Invision Power Services SQL Injection vulnerability in Invision Power Board Search.PHP st

SQL injection vulnerability in search.php for Invision Board Forum allows remote attackers to execute arbitrary SQL queries via the st parameter.

10.0
2004-11-23 CVE-2004-0333 Openpkg
Uudeview
Winzip
Gentoo
Buffer Overrun vulnerability in UUDeview MIME Archive

Buffer overflow in the UUDeview package, as used in WinZip 6.2 through WinZip 8.1 SR-1, and possibly other packages, allows remote attackers to execute arbitrary code via a MIME archive with certain long MIME parameters.

10.0
2004-11-23 CVE-2004-0332 Extremail Authentication Bypass vulnerability in eXtremail

Extremail 1.5.9 does not check passwords correctly when they are all digits or begin with a digit, which allows remote attackers to gain privileges.

10.0
2004-11-23 CVE-2004-0330 Solarwinds Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Solarwinds Serv-U File Server

Buffer overflow in Serv-U ftp before 5.0.0.4 allows remote authenticated users to execute arbitrary code via a long time zone argument to the MDTM command.

10.0
2004-11-23 CVE-2004-0326 Proxy PRO Buffer Overrun vulnerability in Proxy-Pro Professional Gatekeeper 4.7

Buffer overflow in the web proxy for GateKeeper Pro 4.7 allows remote attackers to execute arbitrary code via a long GET request.

10.0
2004-11-23 CVE-2004-0318 Platform Privilege Escalation vulnerability in Platform Load Sharing Facility EAuth

Load Sharing Facility (LSF) 4.x, 5.x, and 6.x uses the LSF_EAUTH_UID environment variable, if it exists, instead of the real UID of the user, which could allow remote attackers within the local cluster to gain privileges.

10.0
2004-11-23 CVE-2004-0317 Platform Buffer Overflow vulnerability in Platform Load Sharing Facility EAuth Component

Buffer overflow in eauth in Load Sharing Facility 4.x, 5.x, and 6.x allows local users or remote attackers within the LSF cluster to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a long LSF_From_PC parameter.

10.0
2004-11-23 CVE-2004-0315 Avirt Remote Buffer Overrun vulnerability in Avirt Voice 4.0

Buffer overflow in Avirt Voice 4.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long GET request on port 1080.

10.0
2004-11-23 CVE-2004-0313 Psoproxy Remote Buffer Overflow vulnerability in Psoproxy Server 0.91

Buffer overflow in PSOProxy 0.91 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long HTTP request, as demonstrated using a long (1) GET argument or (2) method name.

10.0
2004-11-23 CVE-2004-0311 APC Unspecified vulnerability in APC Ap9606 3.0/3.0.1

American Power Conversion (APC) Web/SNMP Management SmartSlot Card 3.0 through 3.0.3 and 3.21 are shipped with a default password of TENmanUFactOryPOWER, which allows remote attackers to gain unauthorized access.

10.0
2004-11-23 CVE-2004-0309 Zonelabs Remote Buffer Overflow vulnerability in Zone Labs ZoneAlarm SMTP

Stack-based buffer overflow in the SMTP service support in vsmon.exe in Zone Labs ZoneAlarm before 4.5.538.001, ZoneLabs Integrity client 4.0 before 4.0.146.046, and 4.5 before 4.5.085, allows remote attackers to execute arbitrary code via a long RCPT TO argument.

10.0
2004-11-23 CVE-2004-0304 Webcortex SQL Injection vulnerability in Webcortex Webstores 2000 6.0

SQL injection vulnerability in browse_items.asp in WebCortex WebStores 2000 6.0 allows remote attackers to gain unauthorized access and execute arbitrary commands via the Search_Text parameter.

10.0
2004-11-23 CVE-2004-0300 Ecommerce Corporation Online Multiple vulnerability in Ecommerce Corporation Online Store KIT 3.0Lite/3.0Pro/3.0Standard

SQL injection vulnerability in Online Store Kit 3.0 allows remote attackers to inject arbitrary SQL and gain unauthorized access via (1) the cat parameter in shop.php, (2) the id parameter in more.php, (3) the cat_manufacturer parameter in shop_by_brand.php, or (4) the id parameter in listing.php.

10.0
2004-11-23 CVE-2004-0297 Ipswitch Remote LDAP Daemon Buffer Overflow vulnerability in Ipswitch Imail 8.0.3/8.0.5

Buffer overflow in the Lightweight Directory Access Protocol (LDAP) daemon (iLDAP.exe 3.9.15.10) in Ipswitch IMail Server 8.03 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via an LDAP message with a large tag length.

10.0
2004-11-23 CVE-2004-0292 Karjasoft Buffer Overflow vulnerability in Karjasoft Sami Http Server 1.0.4

Buffer overflow in KarjaSoft Sami HTTP Server 1.0.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP GET request.

10.0
2004-11-23 CVE-2004-0290 Freeform Interactive Remote Buffer Overflow vulnerability in Freeform Interactive Purge and Purge Jihad

Buffer overflow in Purge Jihad 2.0.1 and earlier allows remote game servers to execute arbitrary code via an information packet that contains large (1) battle type and (2) map name fields.

10.0
2004-11-23 CVE-2004-0288 Mnogosearch Buffer Overflow vulnerability in mnoGoSearch UdmDocToTextBuf

Buffer overflow in the UdmDocToTextBuf function in mnoGoSearch 3.2.13 through 3.2.15 could allow remote attackers to execute arbitrary code by indexing a large document.

10.0
2004-11-23 CVE-2004-0286 Robotftp Buffer Overflow vulnerability in RobotFTP Server Username

Buffer overflow in RobotFTP 1.0 and 2.0 beta 1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long username.

10.0
2004-11-23 CVE-2004-0277 Bolintech Unspecified vulnerability in Bolintech Dream FTP Server 1.02

Format string vulnerability in Dream FTP 1.02 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in the username.

10.0
2004-11-23 CVE-2004-0262 THE Palace Remote Buffer Overflow vulnerability in the Palace the Palace Client 3.5

Stack-based buffer overflow in The Palace 3.5 and earlier client allows remote attackers to execute arbitrary code via a link to a palace:// url followed by a long server address string.

10.0
2004-11-23 CVE-2004-0261 Openjournal Authentication Bypassing vulnerability in OpenJournal

oj.cgi in OpenJournal 2.0 through 2.0.5 allows remote attackers to bypass authentication and access the control panel via a 0 in the uid parameter.

10.0
2004-11-23 CVE-2004-0253 IBM Remote Command Execution vulnerability in IBM Cloudscape 5.1

IBM Cloudscape 5.1 running jdk 1.4.2_03 allows remote attackers to execute arbitrary programs or cause a denial of service via certain SQL code, possibly due to a SQL injection vulnerability.

10.0
2004-11-23 CVE-2004-0250 Photopost SQL Injection vulnerability in All Enthusiast Photopost PHP Pro

SQL injection vulnerability in PhotoPost PHP Pro 4.6 and earlier allows remote attackers to gain privileges via (1) the product parameter in showproduct.php or (2) the cat parameter in showcat.php.

10.0
2004-11-23 CVE-2004-0249 Phpx Multiple vulnerability in PHPx 3.2.3

PHPX 2.0 through 3.2.4 allows remote attackers to gain access to other accounts by modifying the cookie's PXL variable to reference another userID.

10.0
2004-11-23 CVE-2004-0246 Laurent Adda Module File Include vulnerability in Laurent Adda LES Commentaires 2.0

Multiple PHP remote file inclusion vulnerabilities in (1) fonctions.lib.php, (2) derniers_commentaires.php, and (3) admin.php in Les Commentaires 2.0 allow remote attackers to execute arbitrary PHP code via the rep parameter.

10.0
2004-11-23 CVE-2004-0241 Qualiteam Remote Command Execution vulnerability in Qualiteam X-Cart

X-Cart 3.4.3 allows remote attackers to execute arbitrary commands via the perl_binary argument in (1) upgrade.php or (2) general.php.

10.0
2004-11-23 CVE-2004-0239 Photopost SQL Injection vulnerability in All Enthusiast Photopost PHP Pro

SQL injection vulnerability in showphoto.php in PhotoPost PHP Pro 4.6 and earlier allows remote attackers to gain unauthorized access via the photo variable.

10.0
2004-11-23 CVE-2004-0236 Steelid SQL Injection vulnerability in SteelID thePhotoTool Login.ASP

SQL injection vulnerability in login.asp in thePHOTOtool allows remote attackers to gain unauthorized access via the password field.

10.0
2004-11-23 CVE-2004-0273 Realnetworks Path Traversal vulnerability in Realnetworks products

Directory traversal vulnerability in RealOne Player, RealOne Player 2.0, and RealOne Enterprise Desktop allows remote attackers to upload arbitrary files via an RMP file that contains ..

9.3
2004-11-23 CVE-2004-0259 JOE Lumbroso Acks Remote File Upload vulnerability in JOE Lumbroso Acks Formmail.PHP 2.0/5.0

The check_referer() function in Formmail.php 5.0 and earlier allows remote attackers to bypass access restrictions via an empty or spoofed HTTP Referer, as demonstrated using an application on the same web server that contains a cross-site scripting (XSS) issue.

9.3

11 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2004-11-23 CVE-2004-0258 Realnetworks Buffer Overrun vulnerability in Multiple RealPlayer/RealOne Player Supported File Type

Multiple buffer overflows in RealOne Player, RealOne Player 2.0, RealOne Enterprise Desktop, and RealPlayer Enterprise allow remote attackers to execute arbitrary code via malformed (1) .RP, (2) .RT, (3) .RAM, (4) .RPM or (5) .SMIL files.

7.6
2004-11-23 CVE-2004-0494 Avaya
Redhat
Multiple extfs backend scripts for GNOME virtual file system (VFS) before 1.0.1 may allow remote attackers to perform certain unauthorized actions via a gnome-vfs URI.
7.5
2004-11-23 CVE-2004-0285 Voice OF WEB Code Injection vulnerability in Voice of web Allmyguests, Allmylinks and Allmyvisitors

PHP remote file inclusion vulnerabilities in include/footer.inc.php in (1) AllMyVisitors, (2) AllMyLinks, and (3) AllMyGuests allow remote attackers to execute arbitrary PHP code via a URL in the _AMVconfig[cfg_serverpath] parameter.

7.5
2004-11-23 CVE-2004-0274 Eggheads Unspecified vulnerability in Eggheads Eggdrop IRC BOT

Share.mod in Eggheads Eggdrop IRC bot 1.6.10 through 1.6.15 can mistakenly assign STAT_OFFERED status to a bot that is not a sharebot, which allows remote attackers to use STAT_OFFERED to promote a bot to a sharebot and conduct unauthorized activities.

7.5
2004-11-23 CVE-2004-0272 Maxwebportal Input Validation vulnerability in Maxwebportal 1.30/1.31

SQL injection vulnerability in MaxWebPortal allows remote attackers to inject arbitrary SQL code and gain sensitive information via the SendTo parameter in Personal Messages.

7.5
2004-11-23 CVE-2004-0360 SUN Passwd Local Root Compromise vulnerability in Sun Solaris

Unknown vulnerability in passwd(1) in Solaris 8.0 and 9.0 allows local users to gain privileges via unknown attack vectors.

7.2
2004-11-23 CVE-2004-0346 Proftpd Project Buffer Overrun vulnerability in ProFTPD _xlate_ascii_write()

Off-by-one buffer overflow in _xlate_ascii_write() in ProFTPD 1.2.7 through 1.2.9rc2p allows local users to gain privileges via a 1024 byte RETR command.

7.2
2004-11-23 CVE-2004-0340 Texas Imperial Software Unspecified vulnerability in Texas Imperial Software Wftpd

Stack-based buffer overflow in WFTPD Pro Server 3.21 Release 1, Pro Server 3.20 Release 2, Server 3.21 Release 1, and Server 3.10 allows local users to execute arbitrary code via long (1) LIST, (2) NLST, or (3) STAT commands.

7.2
2004-11-23 CVE-2004-0328 Gigabyte Authentication Bypass vulnerability in Gigabyte Gn-B46B 1.003.00

Gigabyte Gn-B46B 2.4Ghz wireless broadband router firmware 1.003.00 allows local users on the same local network as the router to bypass authentication by using a copy of the router's html menu on a separate system.

7.2
2004-11-23 CVE-2004-0279 AIM Sniff Unspecified vulnerability in AIM Sniff AIM Sniff

AIM Sniff (aimSniff.pl) 0.9b allows local users to overwrite arbitrary files via a symlink attack on /tmp/AS.log.

7.2
2004-11-23 CVE-2004-0238 0Verkill Local Buffer Overflow vulnerability in 0Verkill 0.16

Multiple buffer overflows in Overkill (0verkill) 0.15pre3 might allow local users to execute arbitrary code in the client via a long HOME environment variable in the (1) load_cfg and (2) save_cfg functions; possibly allow remote attackers to execute arbitrary code via long strings to (3) the send_message function; and, in the server, via (4) the parse_command_line function.

7.2

72 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2004-11-23 CVE-2004-0359 Invision Power Services Cross-Site Scripting vulnerability in Invision Power Board

Cross-site scripting (XSS) vulnerability in index.php for Invision Power Board 1.3 final allows remote attackers to execute arbitrary script as other users via the (1) c, (2) f, (3) showtopic, (4) showuser, or (5) username parameters.

6.8
2004-11-23 CVE-2004-0358 Virtuasystems Module Cross-Site Scripting vulnerability in VirtuaSystems VirtuaNews

Cross-site scripting (XSS) vulnerability in VirtuaNews Admin Panel Pro 1.0.3 allows remote attackers to execute arbitrary script as other users via (1) the mainnews parameter in admin.php, (2) the expand parameter in admin.php, (3) the id parameter in admin.php, (4) the catid parameter in admin.php, or (5) an unnamed parameter during the newslogo_upload action in admin.php.

6.8
2004-11-23 CVE-2004-0339 Phpbb Group Cross-Site Scripting vulnerability in PHPBB

Cross-site scripting (XSS) vulnerability in ViewTopic.php in phpBB, possibly 2.0.6c and earlier, allows remote attackers to execute arbitrary script or HTML as other users via the postorder parameter.

6.8
2004-11-23 CVE-2004-0337 Software602 Cross-Site Scripting vulnerability in Software602 602Pro LAN Suite Web Mail

Cross-site scripting (XSS) vulnerability in LAN SUITE Web Mail 602Pro allows remote attackers to execute arbitrary script or HTML as other users via a URL to index.html, followed by a / (slash) and the desired script.

6.8
2004-11-23 CVE-2004-0319 Ezboard HTML Injection vulnerability in Ezboard 7.3U

Cross-site scripting (XSS) vulnerability in the font tag in ezBoard 7.3u allows remote attackers to execute arbitrary script as other users, as demonstrated using the background:url in a (1) font color or (2) font face argument.

6.8
2004-11-23 CVE-2004-0310 Livejournal HTML Injection vulnerability in LiveJournal

Cross-site scripting (XSS) vulnerability in LiveJournal 1.0 and 1.1 allows remote attackers to execute Javascript as other users via the stylesheet, which does not strip the semicolon or parentheses, as demonstrated using a background:url.

6.8
2004-11-23 CVE-2004-0305 Webcortex Cross-Site Scripting vulnerability in Webcortex Webstores 2000 6.0

Cross-site scripting (XSS) vulnerability in error.asp in WebCortex WebStores 2000 6.0 allows remote attackers to execute arbitrary script as other users and steal session IDs via the Message_id parameter.

6.8
2004-11-23 CVE-2004-0301 Ecommerce Corporation Online Multiple vulnerability in Ecommerce Corporation Online Store KIT 3.0Lite/3.0Pro/3.0Standard

Cross-site scripting (XSS) vulnerability in more.php for Online Store Kit 3.0 allows remote attackers to inject arbitrary HTML via the id parameter.

6.8
2004-11-23 CVE-2004-0271 Maxwebportal Input Validation vulnerability in Maxwebportal 1.30/1.31

Multiple cross-site scripting vulnerabilities (XSS) in MaxWebPortal allow remote attackers to execute arbitrary web script as other users via (1) the sub_name parameter of dl_showall.asp, (2) the SendTo parameter in Personal Messages, (3) the HTTP_REFERER for down.asp, or (4) the image name of an Avatar in the register form.

6.8
2004-11-23 CVE-2004-0265 Francisco Burzi Cross-Site Scripting vulnerability in PHP-Nuke 'News' Module

Cross-site scripting (XSS) vulnerability in modules.php for Php-Nuke 6.x-7.1.0 allows remote attackers to execute arbitrary script as other users via URL-encoded (1) title or (2) fname parameters in the News or Reviews modules.

6.8
2004-11-23 CVE-2004-0254 Crosscom Olicom Cross-Site Scripting vulnerability in Crosscom Olicom Discuz 2.0/3.0

Cross-site scripting (XSS) vulnerability in Discuz! Board 2.x and 3.x allows remote attackers to execute arbitrary script as other users via an img tag.

6.8
2004-11-23 CVE-2004-0251 Rxgoogle CGI Cross-Site Scripting vulnerability in Rxgoogle.Cgi 1.0

Cross-site scripting (XSS) vulnerability in rxgoogle.cgi allows remote attackers to execute arbitrary script as other users via the query parameter.

6.8
2004-11-23 CVE-2004-0248 Phpx Multiple vulnerability in PHPx 3.2.3

Cross-site scripting vulnerability (XSS) in PHPX 3.2.3 allows remote attackers to execute arbitrary script as other users by injecting arbitrary HTML or script into (1) keywords argument of main.inc.php, (2) body argument of help.inc.php, or (3) the subject field in Personal Messages and Forum.

6.8
2004-11-23 CVE-2004-0344 Yabb Input Validation vulnerability in Yabb 1.5.5/1.5.5B

Directory traversal vulnerability in ModifyMessage.php in YaBB SE 1.5.4 through 1.5.5b allows remote attackers to delete arbitrary files via a ..

6.4
2004-11-23 CVE-2004-0312 Linksys Unspecified vulnerability in Linksys Wap55Ag 1.0.7

Linksys WAP55AG 1.07 allows remote attackers with access to an SNMP read only community string to gain access to read/write communtiy strings via a query for OID 1.3.6.1.4.1.3955.2.1.13.1.2.

6.4
2004-11-23 CVE-2004-0269 Francisco Burzi SQL Injection vulnerability in PHPNuke Category Parameter

SQL injection vulnerability in PHP-Nuke 6.9 and earlier, and possibly 7.x, allows remote attackers to inject arbitrary SQL code and gain sensitive information via (1) the category variable in the Search module or (2) the admin variable in the Web_Links module.

6.4
2004-11-23 CVE-2004-0347 Netscreen Cross-Site Scripting vulnerability in NetScreen SA 5000 Series delhomepage.cgi

Cross-site scripting (XSS) vulnerability in delhomepage.cgi in NetScreen-SA 5000 Series running firmware 3.3 Patch 1 (build 4797) allows remote authenticated users to execute arbitrary script as other users via the row parameter.

6.0
2004-11-23 CVE-2004-0744 Apple Unspecified vulnerability in Apple mac OS X and mac OS X Server

The TCP/IP Networking component in Mac OS X before 10.3.5 allows remote attackers to cause a denial of service (memory and resource consumption) via a "Rose Attack" that involves sending a subset of small IP fragments that do not form a complete, larger packet.

5.0
2004-11-23 CVE-2004-0743 Apple Unspecified vulnerability in Apple mac OS X and mac OS X Server

Safari in Mac OS X before 10.3.5, after sending form data using the POST method, may re-send the data to a GET method URL if that URL is redirected after the POST data and the user uses the forward or backward buttons, which may cause an information leak.

5.0
2004-11-23 CVE-2004-0599 Greg Roelofs Remote vulnerability in LibPNG Graphics Library

Multiple integer overflows in the (1) png_read_png in pngread.c or (2) png_handle_sPLT functions in pngrutil.c or (3) progressive display image reading capability in libpng 1.2.5 and earlier allow remote attackers to cause a denial of service (application crash) via a malformed PNG image.

5.0
2004-11-23 CVE-2004-0598 Greg Roelofs Remote vulnerability in LibPNG Graphics Library

The png_handle_iCCP function in libpng 1.2.5 and earlier allows remote attackers to cause a denial of service (application crash) via a certain PNG image that triggers a null dereference.

5.0
2004-11-23 CVE-2004-0361 Apple Denial Of Service vulnerability in Apple Safari Large JavaScript Array Handling

The Javascript engine in Safari 1.2 and earlier allows remote attackers to cause a denial of service (segmentation fault) by creating a new Array object with a large size value, then writing into that array.

5.0
2004-11-23 CVE-2004-0355 Invision Power Services Path Disclosure vulnerability in Invision Power Services Invision Board 1.3

Invision Power Board 1.3 Final allows remote attackers to gain sensitive information by selecting a file for "Personal Photo" that is not an image file, which displays the installation path in an error message.

5.0
2004-11-23 CVE-2004-0352 Cisco Denial Of Service vulnerability in Cisco Content Service Switch Management Port UDP

Cisco 11000 Series Content Services Switches (CSS) running WebNS 5.0(x) before 05.0(04.07)S, and 6.10(x) before 06.10(02.05)S allow remote attackers to cause a denial of service (device reset) via a malformed packet to UDP port 5002.

5.0
2004-11-23 CVE-2004-0349 Gweb Directory Traversal vulnerability in Gweb Http Server 0.5/0.6

Directory traversal vulnerability in GWeb HTTP Server 0.6 allows remote attackers to view arbitrary files via a ..

5.0
2004-11-23 CVE-2004-0336 Software602 Path Disclosure vulnerability in Software602 602Pro LAN Suite Web Mail Installation

LAN SUITE Web Mail 602Pro allows remote attackers to gain sensitive information via the mail login form, which contains the path to the mail directory.

5.0
2004-11-23 CVE-2004-0335 Software602 Remote Security vulnerability in 602Pro Lan Suite

LAN SUITE Web Mail 602Pro, when configured to use the "Directory browsing" feature, allows remote attackers to obtain a directory listing via an HTTP request to (1) index.html, (2) cgi-bin/, or (3) users/.

5.0
2004-11-23 CVE-2004-0334 Innomedia Security Bypass vulnerability in Innomedia Videophone Au75200Xvi04010X

InnoMedia VideoPhone allows remote attackers to bypass Basic Authorization via an HTTP request to (1) videophone_admindetail.asp, (2) videophone_syscfg.asp, (3) videophone_upgrade.asp, or (4) videophone_sysctrl.asp that contains a trailing / (slash).

5.0
2004-11-23 CVE-2004-0331 Dell Heap Overflow vulnerability in Dell OpenManage Web Server POST Request

Heap-based buffer overflow in Dell OpenManage Web Server 3.4.0 allows remote attackers to cause a denial of service (crash) via a HTTP POST with a long application variable.

5.0
2004-11-23 CVE-2004-0329 Freechat Remote Denial Of Service vulnerability in Freechat 0.1.1A/1.1.1A

FreeChat 1.1.1a allows remote attackers to cause a denial of service (crash) via certain unexpected strings, as demonstrated using "aaaaa".

5.0
2004-11-23 CVE-2004-0327 Skintech Unspecified vulnerability in Skintech PHPnewsmanager 1.36

Directory traversal vulnerability in functions.php in PhpNewsManager 1.46 allows remote attackers to retrieve arbitrary files via ..

5.0
2004-11-23 CVE-2004-0321 Singularity Software Unspecified vulnerability in Singularity Software Team Factor 1.25/1.25M

Team Factor 1.25 and earlier allows remote attackers to cause a denial of service (crash) via a packet that uses a negative number to specify the size of the data block that follows, which causes Team Factor to read unallocated memory.

5.0
2004-11-23 CVE-2004-0316 Avirt Buffer Overrun vulnerability in Avirt Soho 4.3

Buffer overflow in Avirt Soho 4.3 allows remote attackers to cause a denial of service (crash) via (1) a large GET request to port 1080 or (2) a large GET request of % characters to port 8080.

5.0
2004-11-23 CVE-2004-0307 Cisco Unspecified vulnerability in Cisco Optical Networking Systems Software

Cisco ONS 15327 before 4.1(3), ONS 15454 before 4.6(1), and ONS 15454 SD before 4.1(3) allows remote attackers to cause a denial of service (reset) by not sending the ACK portion of the TCP three-way handshake and sending an invalid response instead.

5.0
2004-11-23 CVE-2004-0306 Cisco Unspecified vulnerability in Cisco Optical Networking Systems Software

Cisco ONS 15327 before 4.1(3), ONS 15454 before 4.6(1), ONS 15454 SD before 4.1(3), and Cisco ONS 15600 before 1.3(0) enable TFTP service on UDP port 69 by default, which allows remote attackers to GET or PUT ONS system files on the current active TCC in the /flash0 or /flash1 directories.

5.0
2004-11-23 CVE-2004-0303 Fools Workshop Remote File Disclosure vulnerability in Owl's Workshop

OWLS 1.0 allows remote attackers to retrieve arbitrary files via absolute pathnames in (1) the file parameter in /glossaries/index.php, (2) the filename parameter in /readings/index.php, or (3) the filename parameter in /multiplechoice/resultsignore.php, as demonstrated using /etc/passwd.

5.0
2004-11-23 CVE-2004-0302 Fools Workshop Remote File Disclosure vulnerability in Fools Workshop Owls Workshop 1.0

Directory traversal vulnerability in OWLS 1.0 allows remote attackers to read arbitrary files via a ..

5.0
2004-11-23 CVE-2004-0298 Aclogic Remote Resource Exhaustion vulnerability in Aclogic Cesarftp 0.99E

CesarFTP 0.99e allows remote attackers to cause a denial of service (CPU consumption) via a long RETR parameter.

5.0
2004-11-23 CVE-2004-0296 Transsoft Denial of Service vulnerability in Transsoft Broker FTP Server 6.1.0.0

TsFtpSrv.exe in Broker FTP 6.1.0.0 allows remote attackers to cause a TsFtpSrv.exe to exit with an exception by opening and immediately closing a connection.

5.0
2004-11-23 CVE-2004-0295 Transsoft Denial of Service vulnerability in Transsoft Broker FTP Server 6.1.0.0

TsFtpSrv.exe in Broker FTP 6.1.0.0 allows remote attackers to cause a denial of service (CPU consumption) via an open idle connection.

5.0
2004-11-23 CVE-2004-0294 Yabb Unspecified vulnerability in Yabb 1Goldsp1.3.1

YaBB 1 SP 1.3.1 displays different error messages when a user exists or not, which makes it easier for remote attackers to identify valid users and conduct a brute force password guessing attack.

5.0
2004-11-23 CVE-2004-0293 Shopcartcgi Remote File Disclosure vulnerability in Shopcartcgi 2.3

Directory traversal vulnerability in ShopCartCGI 2.3 allows remote attackers to retrieve arbitrary files via a ..

5.0
2004-11-23 CVE-2004-0291 Yabb SQL Injection vulnerability in YABB SE Quote Parameter

SQL injection vulnerability in post.php for YaBB SE 1.5.4 and 1.5.5 allows remote attackers to obtain hashed passwords via the quote parameter.

5.0
2004-11-23 CVE-2004-0287 Xlight FTP Server Remote Send File Request Denial Of Service vulnerability in Xlight FTP Server Xlight FTP Server 1.52

Xlight FTP server 1.52 allows remote authenticated users to cause a denial of service (crash) via a RETR command with a long argument containing a large number of / (slash) characters, possibly triggering a buffer overflow.

5.0
2004-11-23 CVE-2004-0284 Microsoft Unspecified vulnerability in Microsoft IE, Internet Explorer and Outlook

Microsoft Internet Explorer 6.0, Outlook 2002, and Outlook 2003 allow remote attackers to cause a denial of service (CPU consumption), if "Do not save encrypted pages to disk" is disabled, via a web site or HTML e-mail that contains two null characters (%00) after the host name.

5.0
2004-11-23 CVE-2004-0282 Crob Remote Denial Of Service vulnerability in Crob FTP Server 3.5.2

Crob FTP daemon 3.5.2 allows remote attackers to cause a denial of service (crash) by repeatedly connecting to and disconnecting from the server.

5.0
2004-11-23 CVE-2004-0281 Caucho Unspecified vulnerability in Caucho Resin 2.1.12

Caucho Technology Resin 2.1.12 allows remote attackers to gain sensitive information and view the contents of the /WEB-INF/ directory via an HTTP request for "WEB-INF..", which is equivalent to "WEB-INF" in Windows.

5.0
2004-11-23 CVE-2004-0280 Caucho Technology Unspecified vulnerability in Caucho Technology Resin 2.1.12

Caucho Technology Resin 2.1.12 allows remote attackers to view JSP source via an HTTP request to a .jsp file that ends in a "%20" (encoded space character), e.g.

5.0
2004-11-23 CVE-2004-0278 Ratbag Denial of Service vulnerability in Ratbag Game Engine

Ratbag game engine, as used in products such as Dirt Track Racing, Leadfoot, and World of Outlaws Spring Cars, allows remote attackers to cause a denial of service (CPU consumption) via a TCP packet that specifies the length of data to read and then sends a second TCP packet that contains less data than specified, which causes Ratbag to repeatedly check the socket for more data.

5.0
2004-11-23 CVE-2004-0276 Monkey Project Improper Input Validation vulnerability in Monkey-Project Monkey

The get_real_string function in Monkey HTTP Daemon (monkeyd) 0.8.1 and earlier allows remote attackers to cause a denial of service (crash) via an HTTP request with a sequence of "%" characters and a missing Host field.

5.0
2004-11-23 CVE-2004-0275 Bosdev SQL Injection vulnerability in Bosdev Bosdates 3.0/3.1/3.2

SQL injection vulnerability in calendar_download.php in BosDates 3.2 and earlier allows remote attackers to obtain sensitive information and gain access via the calendar parameter.

5.0
2004-11-23 CVE-2004-0270 Clam Anti Virus Denial Of Service vulnerability in Clam Anti-Virus Clamav 0.65

libclamav in Clam AntiVirus 0.65 allows remote attackers to cause a denial of service (crash) via a uuencoded e-mail message with an invalid line length (e.g., a lowercase character), which causes an assert error in clamd that terminates the calling program.

5.0
2004-11-23 CVE-2004-0268 Evolutionx Remote Buffer Overflow vulnerability in EvolutionX

Multiple buffer overflows in EvolutionX 3921 and 3935 allow remote attackers to cause a denial of service (hang) via (1) a long cd command to the FTP server, or (2) a long dir command to the telnet server.

5.0
2004-11-23 CVE-2004-0266 Francisco Burzi SQL Injection vulnerability in PHP-Nuke Public Message

SQL injection vulnerability in the "public message" capability (public_message) for Php-Nuke 6.x to 7.1.0 allows remote attackers to obtain the administrator password via the c_mid parameter.

5.0
2004-11-23 CVE-2004-0264 JIM Rees
Shaun2K2
Remote Denial of Service vulnerability in Shaun2k2 Palmhttpd Server

palmhttpd for PalmOS allows remote attackers to cause a denial of service (crash) by establishing two simultaneous HTTP connections, which exceeds the PalmOS accept queue.

5.0
2004-11-23 CVE-2004-0263 Apache
IBM
PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information.
5.0
2004-11-23 CVE-2004-0260 Cactusoft Remote Arbitrary File Deletion Backdoor vulnerability in Cactusoft Cactushop Lite 5.0

The AddToMailingList function in CactuSoft CactuShop 5.0 Lite contains a backdoor that allows remote attackers to delete arbitrary files via an email address that starts with |||.

5.0
2004-11-23 CVE-2004-0257 Netbsd
Openbsd
Remote Denial Of Service vulnerability in BSD ICMPV6 Handling Routines

OpenBSD 3.4 and NetBSD 1.6 and 1.6.1 allow remote attackers to cause a denial of service (crash) by sending an IPv6 packet with a small MTU to a listening port and then issuing a TCP connect to that port.

5.0
2004-11-23 CVE-2004-0255 Xlight FTP Server Remote Denial Of Service vulnerability in XLight FTP Server Long Directory Request

Xlight 1.52, with log to screen enabled, allows remote attackers to cause a denial of service by requesting a long directory consisting of .

5.0
2004-11-23 CVE-2004-0252 Typsoft Remote Denial Of Service vulnerability in Typsoft FTP Server 1.1

TYPSoft FTP Server 1.10 allows remote attackers to cause a denial of service (CPU consumption) via an empty USER name.

5.0
2004-11-23 CVE-2004-0247 Cauldron Remote Denial Of Service vulnerability in Cauldron Chaser Client and Chaser Server

The client and server of Chaser 1.50 and earlier allow remote attackers to cause a denial of service (crash via exception) via a UDP packet with a length field that is greater than the actual data length, which causes Chaser to read unexpected memory.

5.0
2004-11-23 CVE-2004-0245 WEB Crossing INC Remote Denial Of Service vulnerability in Web Crossing Web Server Component

Web Crossing 4.x and 5.x allows remote attackers to cause a denial of service (crash) by sending a HTTP POST request with a large or negative Content-Length, which causes an integer divide-by-zero.

5.0
2004-11-23 CVE-2004-0243 IBM Remote Security vulnerability in IBM AIX

AIX 4.3.3 through AIX 5.1, when direct remote login is disabled, displays a different message if the password is correct, which allows remote attackers to guess the password via brute force methods.

5.0
2004-11-23 CVE-2004-0242 Qualiteam Remote Information Disclosure vulnerability in Qualiteam X-Cart

X-Cart 3.4.3 allows remote attackers to gain sensitive information via a mode parameter with (1) phpinfo command or (2) perlinfo command.

5.0
2004-11-23 CVE-2004-0240 Qualiteam Directory Traversal vulnerability in X-Cart

Directory traversal vulnerability in X-Cart 3.4.3 allows remote attackers to view arbitrary files via a ..

5.0
2004-11-23 CVE-2004-0237 Aprox Portal Directory traversal vulnerability in index.php in Aprox PHP Portal allows remote attackers to read arbitrary files via a full pathname in the show parameter.
5.0
2004-11-23 CVE-2004-0112 Cisco
HP
Symantec
Avaya
Freebsd
Redhat
Apple
Openbsd
SCO
4D
Checkpoint
Lite
Novell
Openssl
SGI
Stonesoft
Tarantella
Vmware
Neoteris
Bluecoat
Securecomputing
SUN
Dell
The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read.
5.0
2004-11-23 CVE-2004-0081 Cisco
Symantec
HP
Avaya
Freebsd
Openbsd
Redhat
SCO
Apple
4D
Checkpoint
Lite
Neoteris
Novell
Openssl
SGI
Stonesoft
Vmware
Bluecoat
Securecomputing
Dell
Tarantella
SUN
OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.
5.0
2004-11-23 CVE-2004-0079 Cisco
Symantec
HP
Avaya
Freebsd
Openbsd
Redhat
SCO
Apple
4D
Checkpoint
Lite
Neoteris
Novell
Openssl
SGI
Stonesoft
Vmware
Bluecoat
Securecomputing
Dell
Tarantella
SUN
The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.
5.0
2004-11-23 CVE-2004-0244 Cisco Improper Input Validation vulnerability in Cisco IOS 12.1E/12.2Sy/12.2Za

Cisco 6000, 6500, and 7600 series systems with Multilayer Switch Feature Card 2 (MSFC2) and a FlexWAN or OSM module allow local users to cause a denial of service (hang or reset) by sending a layer 2 frame packet that encapsulates a layer 3 packet, but has inconsistent length values with that packet.

4.7
2004-11-23 CVE-2004-0314 Freewebs Cross-Site Scripting vulnerability in Webzedit

Cross-site scripting (XSS) vulnerability in done.jsp in WebzEdit 1.9 and earlier allows remote attackers to execute arbitrary script as other users via the message parameter.

4.3
2004-11-23 CVE-2004-0203 Microsoft Cross-Site Scripting vulnerability in Microsoft Exchange Server 5.5

Cross-site scripting (XSS) vulnerability in Outlook Web Access for Exchange Server 5.5 Service Pack 4 allows remote attackers to insert arbitrary script and spoof content in HTML email or web caches via an HTML redirect query.

4.3

11 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2004-11-23 CVE-2004-0415 Linux
Redhat
Trustix
Linux kernel does not properly convert 64-bit file offset pointers to 32 bits, which allows local users to access portions of kernel memory.
2.1
2004-11-23 CVE-2004-0351 Spidersales Multiple vulnerability in Spidersales 2.0

Spider Sales shopping cart stores the private key in the same database and table as the public key, which allows local users with access to the database to decrypt data.

2.1
2004-11-23 CVE-2004-0350 Spidersales Multiple vulnerability in Spidersales 2.0

SpiderSales shopping cart does not enforce a minimum length for the private key, which can make it easier for local users to obtain the private key by factoring.

2.1
2004-11-23 CVE-2004-0342 Texas Imperial Software Unspecified vulnerability in Texas Imperial Software Wftpd

WFTPD Pro Server 3.21 Release 1, with the XeroxDocutech option enabled, allows local users to cause a denial of service (crash) via a (1) MKD or (2) XMKD command that causes an absolute path of 260 characters to be used, which overwrites a cookie with a null character, possibly due to an off-by-one error.

2.1
2004-11-23 CVE-2004-0341 Texas Imperial Software Unspecified vulnerability in Texas Imperial Software Wftpd

WFTPD Pro Server 3.21 Release 1 allocates memory for a command until a 0Ah byte (newline) is sent, which allows local users to cause a denial of service (CPU consumption) by continuing to send a long command that does not contain a newline.

2.1
2004-11-23 CVE-2004-0320 Ncipher Unspecified vulnerability in Ncipher Nshield

Unknown vulnerability in nCipher Hardware Security Modules (HSM) 1.67.x through 1.99.x allows local users to access secrets stored in the module's run-time memory via certain sequences of commands.

2.1
2004-11-23 CVE-2004-0299 Smallftpd Remote Denial Of Service vulnerability in Smallftpd 1.0.3

Buffer overflow in smallftpd 0.99 allows local users to cause a denial of service (crash) via an FTP request with a large number of "/" (slash) characters.

2.1
2004-11-23 CVE-2004-0289 Paul L Daniels Local Buffer Overflow vulnerability in Paul L Daniels Signaturedb 0.1.1

Buffer overflow in sdbscan in SignatureDB 0.1.1 allows local users to cause a denial of service (segmentation fault) via a database file that contains a large key parameter.

2.1
2004-11-23 CVE-2004-0283 Mailmgr Unspecified vulnerability in Mailmgr 1.2.3

Mailmgr 1.2.3 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/mailmgr.unsort, (2) /tmp/mailmgr.tmp, or (3) /tmp/mailmgr.sort.

2.1
2004-11-23 CVE-2004-0267 Broadcom Unspecified vulnerability in Broadcom Inoculateit 6.0

The (1) inoregupdate, (2) uniftest, or (3) unimove scripts in eTrust InoculateIT for Linux 6.0 allow local users to overwrite arbitrary files via a symlink attack on files in /tmp.

2.1
2004-11-23 CVE-2004-0256 GNU Local Insecure Temporary Directory Creation vulnerability in GNU LibTool

GNU libtool before 1.5.2, during compile time, allows local users to overwrite arbitrary files via a symlink attack on libtool directories in /tmp.

2.1