Weekly Vulnerabilities Reports > November 22 to 28, 2004
Overview
131 new vulnerabilities reported during this period, including 42 critical vulnerabilities and 11 high severity vulnerabilities. This weekly summary report vulnerabilities in 194 products from 118 vendors including Cisco, Apple, Redhat, Dell, and Microsoft. Vulnerabilities are notably categorized as "Off-by-one Error", "Improper Input Validation", "NULL Pointer Dereference", "Inclusion of Functionality from Untrusted Control Sphere", and "Improper Restriction of Operations within the Bounds of a Memory Buffer".
- 114 reported vulnerabilities are remotely exploitables.
- 2 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 128 reported vulnerabilities are exploitable by an anonymous user.
- Cisco has the most reported vulnerabilities, with 7 reported vulnerabilities.
- GNU has the most reported critical vulnerabilities, with 2 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
42 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2004-11-24 | CVE-2004-0308 | Cisco | Unspecified vulnerability in Cisco Optical Networking Systems Software Unknown vulnerability in Cisco ONS 15327 before 4.1(3), ONS 15454 before 4.6(1), ONS 15454 SD before 4.1(3), and Cisco ONS15600 before 1.3(0) allows a superuser whose account is locked out, disabled, or suspended to gain unauthorized access via a Telnet connection to the VxWorks shell. | 10.0 |
2004-11-23 | CVE-2004-0771 | Tsugio Okamoto | extract_one Buffer Overflow vulnerability in Tsugio Okamoto LHA 1.14/1.15/1.17 Buffer overflow in the extract_one function from lhext.c in LHA may allow attackers to execute arbitrary code via a long w (working directory) command line option, a different issue than CVE-2004-0769. | 10.0 |
2004-11-23 | CVE-2004-0636 | AOL | Unspecified vulnerability in AOL Instant Messenger 5.5/5.5.3415Beta/5.5.3595 Buffer overflow in the goaway function in the aim:goaway URI handler for AOL Instant Messenger (AIM) 5.5, including 5.5.3595, allows remote attackers to execute arbitrary code via a long Away message. | 10.0 |
2004-11-23 | CVE-2004-0597 | Greg Roelofs Microsoft | Remote vulnerability in LibPNG Graphics Library Multiple buffer overflows in libpng 1.2.5 and earlier, as used in multiple products, allow remote attackers to execute arbitrary code via malformed PNG images in which (1) the png_handle_tRNS function does not properly validate the length of transparency chunk (tRNS) data, or the (2) png_handle_sBIT or (3) png_handle_hIST functions do not perform sufficient bounds checking. | 10.0 |
2004-11-23 | CVE-2004-0357 | Seattle LAB Software | Buffer Overflow vulnerability in Seattle LAB Software Slmail PRO 2.0.9 Stack-based buffer overflows in SL Mail Pro 2.0.9 allow remote attackers to execute arbitrary code via (1) user.dll, (2) loadpageadmin.dll or (3) loadpageuser.dll. | 10.0 |
2004-11-23 | CVE-2004-0356 | Seattle LAB Software | Remote Buffer Overflow vulnerability in Seattle Lab Software SLMail Pro Stack-based buffer overflow in Supervisor Report Center in SL Mail Pro 2.0.9 and earlier allows remote attackers to execute arbitrary code via an HTTP request with a long HTTP sub-version. | 10.0 |
2004-11-23 | CVE-2004-0354 | GNU | Remote Buffer Overflow and Format String vulnerability in GNU Anubis Multiple format string vulnerabilities in GNU Anubis 3.6.0 through 3.6.2, 3.9.92 and 3.9.93 allow remote attackers to execute arbitrary code via format string specifiers in strings passed to (1) the info function in log.c, (2) the anubis_error function in errs.c, or (3) the ssl_error function in ssl.c. | 10.0 |
2004-11-23 | CVE-2004-0353 | GNU | Remote Buffer Overflow and Format String vulnerability in GNU Anubis Multiple buffer overflows in auth_ident() function in auth.c for GNU Anubis 3.6.0 through 3.6.2, 3.9.92 and 3.9.93 allow remote attackers to gain privileges via a long string. | 10.0 |
2004-11-23 | CVE-2004-0348 | Spidersales | Multiple vulnerability in Spidersales 2.0 SQL injection vulnerability in viewCart.asp in SpiderSales shopping cart software allows remote attackers to execute arbitrary SQL via the userId parameter. | 10.0 |
2004-11-23 | CVE-2004-0345 | Volition | Remote Buffer Overflow vulnerability in Volition RED Faction 1.0/1.1/1.20 Buffer overflow in Red Faction client 1.20 and earlier allows remote servers to execute arbitrary code via a long server name. | 10.0 |
2004-11-23 | CVE-2004-0343 | Yabb | Input Validation vulnerability in Yabb 1.5.4/1.5.5/1.5.5B Multiple SQL injection vulnerabilities in YaBB SE 1.5.4 through 1.5.5b allow remote attackers to execute arbitrary SQL via (1) the msg parameter in ModifyMessage.php or (2) the postid parameter in ModifyMessage.php. | 10.0 |
2004-11-23 | CVE-2004-0338 | Invision Power Services | SQL Injection vulnerability in Invision Power Board Search.PHP st SQL injection vulnerability in search.php for Invision Board Forum allows remote attackers to execute arbitrary SQL queries via the st parameter. | 10.0 |
2004-11-23 | CVE-2004-0333 | Openpkg Uudeview Winzip Gentoo | Buffer Overrun vulnerability in UUDeview MIME Archive Buffer overflow in the UUDeview package, as used in WinZip 6.2 through WinZip 8.1 SR-1, and possibly other packages, allows remote attackers to execute arbitrary code via a MIME archive with certain long MIME parameters. | 10.0 |
2004-11-23 | CVE-2004-0332 | Extremail | Authentication Bypass vulnerability in eXtremail Extremail 1.5.9 does not check passwords correctly when they are all digits or begin with a digit, which allows remote attackers to gain privileges. | 10.0 |
2004-11-23 | CVE-2004-0330 | Solarwinds | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Solarwinds Serv-U File Server Buffer overflow in Serv-U ftp before 5.0.0.4 allows remote authenticated users to execute arbitrary code via a long time zone argument to the MDTM command. | 10.0 |
2004-11-23 | CVE-2004-0326 | Proxy PRO | Buffer Overrun vulnerability in Proxy-Pro Professional Gatekeeper 4.7 Buffer overflow in the web proxy for GateKeeper Pro 4.7 allows remote attackers to execute arbitrary code via a long GET request. | 10.0 |
2004-11-23 | CVE-2004-0318 | Platform | Privilege Escalation vulnerability in Platform Load Sharing Facility EAuth Load Sharing Facility (LSF) 4.x, 5.x, and 6.x uses the LSF_EAUTH_UID environment variable, if it exists, instead of the real UID of the user, which could allow remote attackers within the local cluster to gain privileges. | 10.0 |
2004-11-23 | CVE-2004-0317 | Platform | Buffer Overflow vulnerability in Platform Load Sharing Facility EAuth Component Buffer overflow in eauth in Load Sharing Facility 4.x, 5.x, and 6.x allows local users or remote attackers within the LSF cluster to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a long LSF_From_PC parameter. | 10.0 |
2004-11-23 | CVE-2004-0315 | Avirt | Remote Buffer Overrun vulnerability in Avirt Voice 4.0 Buffer overflow in Avirt Voice 4.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long GET request on port 1080. | 10.0 |
2004-11-23 | CVE-2004-0313 | Psoproxy | Remote Buffer Overflow vulnerability in Psoproxy Server 0.91 Buffer overflow in PSOProxy 0.91 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long HTTP request, as demonstrated using a long (1) GET argument or (2) method name. | 10.0 |
2004-11-23 | CVE-2004-0311 | APC | Unspecified vulnerability in APC Ap9606 3.0/3.0.1 American Power Conversion (APC) Web/SNMP Management SmartSlot Card 3.0 through 3.0.3 and 3.21 are shipped with a default password of TENmanUFactOryPOWER, which allows remote attackers to gain unauthorized access. | 10.0 |
2004-11-23 | CVE-2004-0309 | Zonelabs | Remote Buffer Overflow vulnerability in Zone Labs ZoneAlarm SMTP Stack-based buffer overflow in the SMTP service support in vsmon.exe in Zone Labs ZoneAlarm before 4.5.538.001, ZoneLabs Integrity client 4.0 before 4.0.146.046, and 4.5 before 4.5.085, allows remote attackers to execute arbitrary code via a long RCPT TO argument. | 10.0 |
2004-11-23 | CVE-2004-0304 | Webcortex | SQL Injection vulnerability in Webcortex Webstores 2000 6.0 SQL injection vulnerability in browse_items.asp in WebCortex WebStores 2000 6.0 allows remote attackers to gain unauthorized access and execute arbitrary commands via the Search_Text parameter. | 10.0 |
2004-11-23 | CVE-2004-0300 | Ecommerce Corporation Online | Multiple vulnerability in Ecommerce Corporation Online Store KIT 3.0Lite/3.0Pro/3.0Standard SQL injection vulnerability in Online Store Kit 3.0 allows remote attackers to inject arbitrary SQL and gain unauthorized access via (1) the cat parameter in shop.php, (2) the id parameter in more.php, (3) the cat_manufacturer parameter in shop_by_brand.php, or (4) the id parameter in listing.php. | 10.0 |
2004-11-23 | CVE-2004-0297 | Ipswitch | Remote LDAP Daemon Buffer Overflow vulnerability in Ipswitch Imail 8.0.3/8.0.5 Buffer overflow in the Lightweight Directory Access Protocol (LDAP) daemon (iLDAP.exe 3.9.15.10) in Ipswitch IMail Server 8.03 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via an LDAP message with a large tag length. | 10.0 |
2004-11-23 | CVE-2004-0292 | Karjasoft | Buffer Overflow vulnerability in Karjasoft Sami Http Server 1.0.4 Buffer overflow in KarjaSoft Sami HTTP Server 1.0.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP GET request. | 10.0 |
2004-11-23 | CVE-2004-0290 | Freeform Interactive | Remote Buffer Overflow vulnerability in Freeform Interactive Purge and Purge Jihad Buffer overflow in Purge Jihad 2.0.1 and earlier allows remote game servers to execute arbitrary code via an information packet that contains large (1) battle type and (2) map name fields. | 10.0 |
2004-11-23 | CVE-2004-0288 | Mnogosearch | Buffer Overflow vulnerability in mnoGoSearch UdmDocToTextBuf Buffer overflow in the UdmDocToTextBuf function in mnoGoSearch 3.2.13 through 3.2.15 could allow remote attackers to execute arbitrary code by indexing a large document. | 10.0 |
2004-11-23 | CVE-2004-0286 | Robotftp | Buffer Overflow vulnerability in RobotFTP Server Username Buffer overflow in RobotFTP 1.0 and 2.0 beta 1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long username. | 10.0 |
2004-11-23 | CVE-2004-0277 | Bolintech | Unspecified vulnerability in Bolintech Dream FTP Server 1.02 Format string vulnerability in Dream FTP 1.02 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in the username. | 10.0 |
2004-11-23 | CVE-2004-0262 | THE Palace | Remote Buffer Overflow vulnerability in the Palace the Palace Client 3.5 Stack-based buffer overflow in The Palace 3.5 and earlier client allows remote attackers to execute arbitrary code via a link to a palace:// url followed by a long server address string. | 10.0 |
2004-11-23 | CVE-2004-0261 | Openjournal | Authentication Bypassing vulnerability in OpenJournal oj.cgi in OpenJournal 2.0 through 2.0.5 allows remote attackers to bypass authentication and access the control panel via a 0 in the uid parameter. | 10.0 |
2004-11-23 | CVE-2004-0253 | IBM | Remote Command Execution vulnerability in IBM Cloudscape 5.1 IBM Cloudscape 5.1 running jdk 1.4.2_03 allows remote attackers to execute arbitrary programs or cause a denial of service via certain SQL code, possibly due to a SQL injection vulnerability. | 10.0 |
2004-11-23 | CVE-2004-0250 | Photopost | SQL Injection vulnerability in All Enthusiast Photopost PHP Pro SQL injection vulnerability in PhotoPost PHP Pro 4.6 and earlier allows remote attackers to gain privileges via (1) the product parameter in showproduct.php or (2) the cat parameter in showcat.php. | 10.0 |
2004-11-23 | CVE-2004-0249 | Phpx | Multiple vulnerability in PHPx 3.2.3 PHPX 2.0 through 3.2.4 allows remote attackers to gain access to other accounts by modifying the cookie's PXL variable to reference another userID. | 10.0 |
2004-11-23 | CVE-2004-0246 | Laurent Adda | Module File Include vulnerability in Laurent Adda LES Commentaires 2.0 Multiple PHP remote file inclusion vulnerabilities in (1) fonctions.lib.php, (2) derniers_commentaires.php, and (3) admin.php in Les Commentaires 2.0 allow remote attackers to execute arbitrary PHP code via the rep parameter. | 10.0 |
2004-11-23 | CVE-2004-0241 | Qualiteam | Remote Command Execution vulnerability in Qualiteam X-Cart X-Cart 3.4.3 allows remote attackers to execute arbitrary commands via the perl_binary argument in (1) upgrade.php or (2) general.php. | 10.0 |
2004-11-23 | CVE-2004-0239 | Photopost | SQL Injection vulnerability in All Enthusiast Photopost PHP Pro SQL injection vulnerability in showphoto.php in PhotoPost PHP Pro 4.6 and earlier allows remote attackers to gain unauthorized access via the photo variable. | 10.0 |
2004-11-23 | CVE-2004-0236 | Steelid | SQL Injection vulnerability in SteelID thePhotoTool Login.ASP SQL injection vulnerability in login.asp in thePHOTOtool allows remote attackers to gain unauthorized access via the password field. | 10.0 |
2004-11-23 | CVE-2004-0285 | Allmyguests Project Allmylinks Project Allmyvisitors Project | Inclusion of Functionality from Untrusted Control Sphere vulnerability in multiple products PHP remote file inclusion vulnerabilities in include/footer.inc.php in (1) AllMyVisitors, (2) AllMyLinks, and (3) AllMyGuests allow remote attackers to execute arbitrary PHP code via a URL in the _AMVconfig[cfg_serverpath] parameter. | 9.8 |
2004-11-23 | CVE-2004-0273 | Realnetworks | Path Traversal vulnerability in Realnetworks products Directory traversal vulnerability in RealOne Player, RealOne Player 2.0, and RealOne Enterprise Desktop allows remote attackers to upload arbitrary files via an RMP file that contains .. | 9.3 |
2004-11-23 | CVE-2004-0259 | JOE Lumbroso Acks | Remote File Upload vulnerability in JOE Lumbroso Acks Formmail.PHP 2.0/5.0 The check_referer() function in Formmail.php 5.0 and earlier allows remote attackers to bypass access restrictions via an empty or spoofed HTTP Referer, as demonstrated using an application on the same web server that contains a cross-site scripting (XSS) issue. | 9.3 |
11 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2004-11-23 | CVE-2004-0346 | Proftpd | Off-by-one Error vulnerability in Proftpd 1.2.7/1.2.8/1.2.9 Off-by-one buffer overflow in _xlate_ascii_write() in ProFTPD 1.2.7 through 1.2.9rc2p allows local users to gain privileges via a 1024 byte RETR command. | 7.8 |
2004-11-23 | CVE-2004-0258 | Realnetworks | Buffer Overrun vulnerability in Multiple RealPlayer/RealOne Player Supported File Type Multiple buffer overflows in RealOne Player, RealOne Player 2.0, RealOne Enterprise Desktop, and RealPlayer Enterprise allow remote attackers to execute arbitrary code via malformed (1) .RP, (2) .RT, (3) .RAM, (4) .RPM or (5) .SMIL files. | 7.6 |
2004-11-23 | CVE-2004-0494 | Avaya Redhat | Multiple extfs backend scripts for GNOME virtual file system (VFS) before 1.0.1 may allow remote attackers to perform certain unauthorized actions via a gnome-vfs URI. | 7.5 |
2004-11-23 | CVE-2004-0274 | Eggheads | Unspecified vulnerability in Eggheads Eggdrop IRC BOT Share.mod in Eggheads Eggdrop IRC bot 1.6.10 through 1.6.15 can mistakenly assign STAT_OFFERED status to a bot that is not a sharebot, which allows remote attackers to use STAT_OFFERED to promote a bot to a sharebot and conduct unauthorized activities. | 7.5 |
2004-11-23 | CVE-2004-0272 | Maxwebportal | Input Validation vulnerability in Maxwebportal 1.30/1.31 SQL injection vulnerability in MaxWebPortal allows remote attackers to inject arbitrary SQL code and gain sensitive information via the SendTo parameter in Personal Messages. | 7.5 |
2004-11-23 | CVE-2004-0079 | Cisco Symantec HP Avaya Redhat Freebsd Openbsd Apple SCO 4D Checkpoint Dell Lite Neoteris Novell Openssl SGI Stonesoft Tarantella Vmware Bluecoat Securecomputing SUN | NULL Pointer Dereference vulnerability in multiple products The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference. | 7.5 |
2004-11-23 | CVE-2004-0360 | SUN | Passwd Local Root Compromise vulnerability in Sun Solaris Unknown vulnerability in passwd(1) in Solaris 8.0 and 9.0 allows local users to gain privileges via unknown attack vectors. | 7.2 |
2004-11-23 | CVE-2004-0340 | Texas Imperial Software | Unspecified vulnerability in Texas Imperial Software Wftpd Stack-based buffer overflow in WFTPD Pro Server 3.21 Release 1, Pro Server 3.20 Release 2, Server 3.21 Release 1, and Server 3.10 allows local users to execute arbitrary code via long (1) LIST, (2) NLST, or (3) STAT commands. | 7.2 |
2004-11-23 | CVE-2004-0328 | Gigabyte | Authentication Bypass vulnerability in Gigabyte Gn-B46B 1.003.00 Gigabyte Gn-B46B 2.4Ghz wireless broadband router firmware 1.003.00 allows local users on the same local network as the router to bypass authentication by using a copy of the router's html menu on a separate system. | 7.2 |
2004-11-23 | CVE-2004-0279 | AIM Sniff | Unspecified vulnerability in AIM Sniff AIM Sniff AIM Sniff (aimSniff.pl) 0.9b allows local users to overwrite arbitrary files via a symlink attack on /tmp/AS.log. | 7.2 |
2004-11-23 | CVE-2004-0238 | 0Verkill | Local Buffer Overflow vulnerability in 0Verkill 0.16 Multiple buffer overflows in Overkill (0verkill) 0.15pre3 might allow local users to execute arbitrary code in the client via a long HOME environment variable in the (1) load_cfg and (2) save_cfg functions; possibly allow remote attackers to execute arbitrary code via long strings to (3) the send_message function; and, in the server, via (4) the parse_command_line function. | 7.2 |
69 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2004-11-23 | CVE-2004-0359 | Invision Power Services | Cross-Site Scripting vulnerability in Invision Power Board Cross-site scripting (XSS) vulnerability in index.php for Invision Power Board 1.3 final allows remote attackers to execute arbitrary script as other users via the (1) c, (2) f, (3) showtopic, (4) showuser, or (5) username parameters. | 6.8 |
2004-11-23 | CVE-2004-0358 | Virtuasystems | Module Cross-Site Scripting vulnerability in VirtuaSystems VirtuaNews Cross-site scripting (XSS) vulnerability in VirtuaNews Admin Panel Pro 1.0.3 allows remote attackers to execute arbitrary script as other users via (1) the mainnews parameter in admin.php, (2) the expand parameter in admin.php, (3) the id parameter in admin.php, (4) the catid parameter in admin.php, or (5) an unnamed parameter during the newslogo_upload action in admin.php. | 6.8 |
2004-11-23 | CVE-2004-0339 | Phpbb Group | Cross-Site Scripting vulnerability in PHPBB Cross-site scripting (XSS) vulnerability in ViewTopic.php in phpBB, possibly 2.0.6c and earlier, allows remote attackers to execute arbitrary script or HTML as other users via the postorder parameter. | 6.8 |
2004-11-23 | CVE-2004-0337 | Software602 | Cross-Site Scripting vulnerability in Software602 602Pro LAN Suite Web Mail Cross-site scripting (XSS) vulnerability in LAN SUITE Web Mail 602Pro allows remote attackers to execute arbitrary script or HTML as other users via a URL to index.html, followed by a / (slash) and the desired script. | 6.8 |
2004-11-23 | CVE-2004-0319 | Ezboard | HTML Injection vulnerability in Ezboard 7.3U Cross-site scripting (XSS) vulnerability in the font tag in ezBoard 7.3u allows remote attackers to execute arbitrary script as other users, as demonstrated using the background:url in a (1) font color or (2) font face argument. | 6.8 |
2004-11-23 | CVE-2004-0310 | Livejournal | HTML Injection vulnerability in LiveJournal Cross-site scripting (XSS) vulnerability in LiveJournal 1.0 and 1.1 allows remote attackers to execute Javascript as other users via the stylesheet, which does not strip the semicolon or parentheses, as demonstrated using a background:url. | 6.8 |
2004-11-23 | CVE-2004-0305 | Webcortex | Cross-Site Scripting vulnerability in Webcortex Webstores 2000 6.0 Cross-site scripting (XSS) vulnerability in error.asp in WebCortex WebStores 2000 6.0 allows remote attackers to execute arbitrary script as other users and steal session IDs via the Message_id parameter. | 6.8 |
2004-11-23 | CVE-2004-0301 | Ecommerce Corporation Online | Multiple vulnerability in Ecommerce Corporation Online Store KIT 3.0Lite/3.0Pro/3.0Standard Cross-site scripting (XSS) vulnerability in more.php for Online Store Kit 3.0 allows remote attackers to inject arbitrary HTML via the id parameter. | 6.8 |
2004-11-23 | CVE-2004-0271 | Maxwebportal | Input Validation vulnerability in Maxwebportal 1.30/1.31 Multiple cross-site scripting vulnerabilities (XSS) in MaxWebPortal allow remote attackers to execute arbitrary web script as other users via (1) the sub_name parameter of dl_showall.asp, (2) the SendTo parameter in Personal Messages, (3) the HTTP_REFERER for down.asp, or (4) the image name of an Avatar in the register form. | 6.8 |
2004-11-23 | CVE-2004-0265 | Francisco Burzi | Cross-Site Scripting vulnerability in PHP-Nuke 'News' Module Cross-site scripting (XSS) vulnerability in modules.php for Php-Nuke 6.x-7.1.0 allows remote attackers to execute arbitrary script as other users via URL-encoded (1) title or (2) fname parameters in the News or Reviews modules. | 6.8 |
2004-11-23 | CVE-2004-0254 | Crosscom Olicom | Cross-Site Scripting vulnerability in Crosscom Olicom Discuz 2.0/3.0 Cross-site scripting (XSS) vulnerability in Discuz! Board 2.x and 3.x allows remote attackers to execute arbitrary script as other users via an img tag. | 6.8 |
2004-11-23 | CVE-2004-0251 | Rxgoogle CGI | Cross-Site Scripting vulnerability in Rxgoogle.Cgi 1.0 Cross-site scripting (XSS) vulnerability in rxgoogle.cgi allows remote attackers to execute arbitrary script as other users via the query parameter. | 6.8 |
2004-11-23 | CVE-2004-0248 | Phpx | Multiple vulnerability in PHPx 3.2.3 Cross-site scripting vulnerability (XSS) in PHPX 3.2.3 allows remote attackers to execute arbitrary script as other users by injecting arbitrary HTML or script into (1) keywords argument of main.inc.php, (2) body argument of help.inc.php, or (3) the subject field in Personal Messages and Forum. | 6.8 |
2004-11-23 | CVE-2004-0344 | Yabb | Input Validation vulnerability in Yabb 1.5.5/1.5.5B Directory traversal vulnerability in ModifyMessage.php in YaBB SE 1.5.4 through 1.5.5b allows remote attackers to delete arbitrary files via a .. | 6.4 |
2004-11-23 | CVE-2004-0312 | Linksys | Unspecified vulnerability in Linksys Wap55Ag 1.0.7 Linksys WAP55AG 1.07 allows remote attackers with access to an SNMP read only community string to gain access to read/write communtiy strings via a query for OID 1.3.6.1.4.1.3955.2.1.13.1.2. | 6.4 |
2004-11-23 | CVE-2004-0269 | Francisco Burzi | SQL Injection vulnerability in PHPNuke Category Parameter SQL injection vulnerability in PHP-Nuke 6.9 and earlier, and possibly 7.x, allows remote attackers to inject arbitrary SQL code and gain sensitive information via (1) the category variable in the Search module or (2) the admin variable in the Web_Links module. | 6.4 |
2004-11-23 | CVE-2004-0347 | Netscreen | Cross-Site Scripting vulnerability in NetScreen SA 5000 Series delhomepage.cgi Cross-site scripting (XSS) vulnerability in delhomepage.cgi in NetScreen-SA 5000 Series running firmware 3.3 Patch 1 (build 4797) allows remote authenticated users to execute arbitrary script as other users via the row parameter. | 6.0 |
2004-11-23 | CVE-2004-0342 | Wftpd PRO Server Project | Off-by-one Error vulnerability in Wftpd PRO Server Project Wftpd PRO Server 3.21 WFTPD Pro Server 3.21 Release 1, with the XeroxDocutech option enabled, allows local users to cause a denial of service (crash) via a (1) MKD or (2) XMKD command that causes an absolute path of 260 characters to be used, which overwrites a cookie with a null character, possibly due to an off-by-one error. | 5.5 |
2004-11-23 | CVE-2004-0744 | Apple | Unspecified vulnerability in Apple mac OS X and mac OS X Server The TCP/IP Networking component in Mac OS X before 10.3.5 allows remote attackers to cause a denial of service (memory and resource consumption) via a "Rose Attack" that involves sending a subset of small IP fragments that do not form a complete, larger packet. | 5.0 |
2004-11-23 | CVE-2004-0743 | Apple | Unspecified vulnerability in Apple mac OS X and mac OS X Server Safari in Mac OS X before 10.3.5, after sending form data using the POST method, may re-send the data to a GET method URL if that URL is redirected after the POST data and the user uses the forward or backward buttons, which may cause an information leak. | 5.0 |
2004-11-23 | CVE-2004-0599 | Greg Roelofs | Remote vulnerability in LibPNG Graphics Library Multiple integer overflows in the (1) png_read_png in pngread.c or (2) png_handle_sPLT functions in pngrutil.c or (3) progressive display image reading capability in libpng 1.2.5 and earlier allow remote attackers to cause a denial of service (application crash) via a malformed PNG image. | 5.0 |
2004-11-23 | CVE-2004-0598 | Greg Roelofs | Remote vulnerability in LibPNG Graphics Library The png_handle_iCCP function in libpng 1.2.5 and earlier allows remote attackers to cause a denial of service (application crash) via a certain PNG image that triggers a null dereference. | 5.0 |
2004-11-23 | CVE-2004-0361 | Apple | Denial Of Service vulnerability in Apple Safari Large JavaScript Array Handling The Javascript engine in Safari 1.2 and earlier allows remote attackers to cause a denial of service (segmentation fault) by creating a new Array object with a large size value, then writing into that array. | 5.0 |
2004-11-23 | CVE-2004-0355 | Invision Power Services | Path Disclosure vulnerability in Invision Power Services Invision Board 1.3 Invision Power Board 1.3 Final allows remote attackers to gain sensitive information by selecting a file for "Personal Photo" that is not an image file, which displays the installation path in an error message. | 5.0 |
2004-11-23 | CVE-2004-0352 | Cisco | Denial Of Service vulnerability in Cisco Content Service Switch Management Port UDP Cisco 11000 Series Content Services Switches (CSS) running WebNS 5.0(x) before 05.0(04.07)S, and 6.10(x) before 06.10(02.05)S allow remote attackers to cause a denial of service (device reset) via a malformed packet to UDP port 5002. | 5.0 |
2004-11-23 | CVE-2004-0349 | Gweb | Directory Traversal vulnerability in Gweb Http Server 0.5/0.6 Directory traversal vulnerability in GWeb HTTP Server 0.6 allows remote attackers to view arbitrary files via a .. | 5.0 |
2004-11-23 | CVE-2004-0336 | Software602 | Path Disclosure vulnerability in Software602 602Pro LAN Suite Web Mail Installation LAN SUITE Web Mail 602Pro allows remote attackers to gain sensitive information via the mail login form, which contains the path to the mail directory. | 5.0 |
2004-11-23 | CVE-2004-0335 | Software602 | Remote Security vulnerability in 602Pro Lan Suite LAN SUITE Web Mail 602Pro, when configured to use the "Directory browsing" feature, allows remote attackers to obtain a directory listing via an HTTP request to (1) index.html, (2) cgi-bin/, or (3) users/. | 5.0 |
2004-11-23 | CVE-2004-0334 | Innomedia | Security Bypass vulnerability in Innomedia Videophone Au75200Xvi04010X InnoMedia VideoPhone allows remote attackers to bypass Basic Authorization via an HTTP request to (1) videophone_admindetail.asp, (2) videophone_syscfg.asp, (3) videophone_upgrade.asp, or (4) videophone_sysctrl.asp that contains a trailing / (slash). | 5.0 |
2004-11-23 | CVE-2004-0331 | Dell | Heap Overflow vulnerability in Dell OpenManage Web Server POST Request Heap-based buffer overflow in Dell OpenManage Web Server 3.4.0 allows remote attackers to cause a denial of service (crash) via a HTTP POST with a long application variable. | 5.0 |
2004-11-23 | CVE-2004-0329 | Freechat | Remote Denial Of Service vulnerability in Freechat 0.1.1A/1.1.1A FreeChat 1.1.1a allows remote attackers to cause a denial of service (crash) via certain unexpected strings, as demonstrated using "aaaaa". | 5.0 |
2004-11-23 | CVE-2004-0327 | Skintech | Unspecified vulnerability in Skintech PHPnewsmanager 1.36 Directory traversal vulnerability in functions.php in PhpNewsManager 1.46 allows remote attackers to retrieve arbitrary files via .. | 5.0 |
2004-11-23 | CVE-2004-0321 | Singularity Software | Unspecified vulnerability in Singularity Software Team Factor 1.25/1.25M Team Factor 1.25 and earlier allows remote attackers to cause a denial of service (crash) via a packet that uses a negative number to specify the size of the data block that follows, which causes Team Factor to read unallocated memory. | 5.0 |
2004-11-23 | CVE-2004-0316 | Avirt | Buffer Overrun vulnerability in Avirt Soho 4.3 Buffer overflow in Avirt Soho 4.3 allows remote attackers to cause a denial of service (crash) via (1) a large GET request to port 1080 or (2) a large GET request of % characters to port 8080. | 5.0 |
2004-11-23 | CVE-2004-0307 | Cisco | Unspecified vulnerability in Cisco Optical Networking Systems Software Cisco ONS 15327 before 4.1(3), ONS 15454 before 4.6(1), and ONS 15454 SD before 4.1(3) allows remote attackers to cause a denial of service (reset) by not sending the ACK portion of the TCP three-way handshake and sending an invalid response instead. | 5.0 |
2004-11-23 | CVE-2004-0306 | Cisco | Unspecified vulnerability in Cisco Optical Networking Systems Software Cisco ONS 15327 before 4.1(3), ONS 15454 before 4.6(1), ONS 15454 SD before 4.1(3), and Cisco ONS 15600 before 1.3(0) enable TFTP service on UDP port 69 by default, which allows remote attackers to GET or PUT ONS system files on the current active TCC in the /flash0 or /flash1 directories. | 5.0 |
2004-11-23 | CVE-2004-0303 | Fools Workshop | Remote File Disclosure vulnerability in Owl's Workshop OWLS 1.0 allows remote attackers to retrieve arbitrary files via absolute pathnames in (1) the file parameter in /glossaries/index.php, (2) the filename parameter in /readings/index.php, or (3) the filename parameter in /multiplechoice/resultsignore.php, as demonstrated using /etc/passwd. | 5.0 |
2004-11-23 | CVE-2004-0302 | Fools Workshop | Remote File Disclosure vulnerability in Fools Workshop Owls Workshop 1.0 Directory traversal vulnerability in OWLS 1.0 allows remote attackers to read arbitrary files via a .. | 5.0 |
2004-11-23 | CVE-2004-0298 | Aclogic | Remote Resource Exhaustion vulnerability in Aclogic Cesarftp 0.99E CesarFTP 0.99e allows remote attackers to cause a denial of service (CPU consumption) via a long RETR parameter. | 5.0 |
2004-11-23 | CVE-2004-0296 | Transsoft | Denial of Service vulnerability in Transsoft Broker FTP Server 6.1.0.0 TsFtpSrv.exe in Broker FTP 6.1.0.0 allows remote attackers to cause a TsFtpSrv.exe to exit with an exception by opening and immediately closing a connection. | 5.0 |
2004-11-23 | CVE-2004-0295 | Transsoft | Denial of Service vulnerability in Transsoft Broker FTP Server 6.1.0.0 TsFtpSrv.exe in Broker FTP 6.1.0.0 allows remote attackers to cause a denial of service (CPU consumption) via an open idle connection. | 5.0 |
2004-11-23 | CVE-2004-0293 | Shopcartcgi | Remote File Disclosure vulnerability in Shopcartcgi 2.3 Directory traversal vulnerability in ShopCartCGI 2.3 allows remote attackers to retrieve arbitrary files via a .. | 5.0 |
2004-11-23 | CVE-2004-0291 | Yabb | SQL Injection vulnerability in YABB SE Quote Parameter SQL injection vulnerability in post.php for YaBB SE 1.5.4 and 1.5.5 allows remote attackers to obtain hashed passwords via the quote parameter. | 5.0 |
2004-11-23 | CVE-2004-0287 | Xlight FTP Server | Remote Send File Request Denial Of Service vulnerability in Xlight FTP Server Xlight FTP Server 1.52 Xlight FTP server 1.52 allows remote authenticated users to cause a denial of service (crash) via a RETR command with a long argument containing a large number of / (slash) characters, possibly triggering a buffer overflow. | 5.0 |
2004-11-23 | CVE-2004-0284 | Microsoft | Unspecified vulnerability in Microsoft IE, Internet Explorer and Outlook Microsoft Internet Explorer 6.0, Outlook 2002, and Outlook 2003 allow remote attackers to cause a denial of service (CPU consumption), if "Do not save encrypted pages to disk" is disabled, via a web site or HTML e-mail that contains two null characters (%00) after the host name. | 5.0 |
2004-11-23 | CVE-2004-0282 | Crob | Remote Denial Of Service vulnerability in Crob FTP Server 3.5.2 Crob FTP daemon 3.5.2 allows remote attackers to cause a denial of service (crash) by repeatedly connecting to and disconnecting from the server. | 5.0 |
2004-11-23 | CVE-2004-0281 | Caucho | Unspecified vulnerability in Caucho Resin 2.1.12 Caucho Technology Resin 2.1.12 allows remote attackers to gain sensitive information and view the contents of the /WEB-INF/ directory via an HTTP request for "WEB-INF..", which is equivalent to "WEB-INF" in Windows. | 5.0 |
2004-11-23 | CVE-2004-0280 | Caucho Technology | Unspecified vulnerability in Caucho Technology Resin 2.1.12 Caucho Technology Resin 2.1.12 allows remote attackers to view JSP source via an HTTP request to a .jsp file that ends in a "%20" (encoded space character), e.g. | 5.0 |
2004-11-23 | CVE-2004-0278 | Ratbag | Denial of Service vulnerability in Ratbag Game Engine Ratbag game engine, as used in products such as Dirt Track Racing, Leadfoot, and World of Outlaws Spring Cars, allows remote attackers to cause a denial of service (CPU consumption) via a TCP packet that specifies the length of data to read and then sends a second TCP packet that contains less data than specified, which causes Ratbag to repeatedly check the socket for more data. | 5.0 |
2004-11-23 | CVE-2004-0276 | Monkey Project | Improper Input Validation vulnerability in Monkey-Project Monkey The get_real_string function in Monkey HTTP Daemon (monkeyd) 0.8.1 and earlier allows remote attackers to cause a denial of service (crash) via an HTTP request with a sequence of "%" characters and a missing Host field. | 5.0 |
2004-11-23 | CVE-2004-0275 | Bosdev | SQL Injection vulnerability in Bosdev Bosdates 3.0/3.1/3.2 SQL injection vulnerability in calendar_download.php in BosDates 3.2 and earlier allows remote attackers to obtain sensitive information and gain access via the calendar parameter. | 5.0 |
2004-11-23 | CVE-2004-0270 | Clam Anti Virus | Denial Of Service vulnerability in Clam Anti-Virus Clamav 0.65 libclamav in Clam AntiVirus 0.65 allows remote attackers to cause a denial of service (crash) via a uuencoded e-mail message with an invalid line length (e.g., a lowercase character), which causes an assert error in clamd that terminates the calling program. | 5.0 |
2004-11-23 | CVE-2004-0268 | Evolutionx | Remote Buffer Overflow vulnerability in EvolutionX Multiple buffer overflows in EvolutionX 3921 and 3935 allow remote attackers to cause a denial of service (hang) via (1) a long cd command to the FTP server, or (2) a long dir command to the telnet server. | 5.0 |
2004-11-23 | CVE-2004-0266 | Francisco Burzi | SQL Injection vulnerability in PHP-Nuke Public Message SQL injection vulnerability in the "public message" capability (public_message) for Php-Nuke 6.x to 7.1.0 allows remote attackers to obtain the administrator password via the c_mid parameter. | 5.0 |
2004-11-23 | CVE-2004-0264 | JIM Rees Shaun2K2 | Remote Denial of Service vulnerability in Shaun2k2 Palmhttpd Server palmhttpd for PalmOS allows remote attackers to cause a denial of service (crash) by establishing two simultaneous HTTP connections, which exceeds the PalmOS accept queue. | 5.0 |
2004-11-23 | CVE-2004-0263 | Apache IBM | PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information. | 5.0 |
2004-11-23 | CVE-2004-0260 | Cactusoft | Remote Arbitrary File Deletion Backdoor vulnerability in Cactusoft Cactushop Lite 5.0 The AddToMailingList function in CactuSoft CactuShop 5.0 Lite contains a backdoor that allows remote attackers to delete arbitrary files via an email address that starts with |||. | 5.0 |
2004-11-23 | CVE-2004-0257 | Netbsd Openbsd | Remote Denial Of Service vulnerability in BSD ICMPV6 Handling Routines OpenBSD 3.4 and NetBSD 1.6 and 1.6.1 allow remote attackers to cause a denial of service (crash) by sending an IPv6 packet with a small MTU to a listening port and then issuing a TCP connect to that port. | 5.0 |
2004-11-23 | CVE-2004-0255 | Xlight FTP Server | Remote Denial Of Service vulnerability in XLight FTP Server Long Directory Request Xlight 1.52, with log to screen enabled, allows remote attackers to cause a denial of service by requesting a long directory consisting of . | 5.0 |
2004-11-23 | CVE-2004-0252 | Typsoft | Remote Denial Of Service vulnerability in Typsoft FTP Server 1.1 TYPSoft FTP Server 1.10 allows remote attackers to cause a denial of service (CPU consumption) via an empty USER name. | 5.0 |
2004-11-23 | CVE-2004-0247 | Cauldron | Remote Denial Of Service vulnerability in Cauldron Chaser Client and Chaser Server The client and server of Chaser 1.50 and earlier allow remote attackers to cause a denial of service (crash via exception) via a UDP packet with a length field that is greater than the actual data length, which causes Chaser to read unexpected memory. | 5.0 |
2004-11-23 | CVE-2004-0245 | WEB Crossing INC | Remote Denial Of Service vulnerability in Web Crossing Web Server Component Web Crossing 4.x and 5.x allows remote attackers to cause a denial of service (crash) by sending a HTTP POST request with a large or negative Content-Length, which causes an integer divide-by-zero. | 5.0 |
2004-11-23 | CVE-2004-0242 | Qualiteam | Remote Information Disclosure vulnerability in Qualiteam X-Cart X-Cart 3.4.3 allows remote attackers to gain sensitive information via a mode parameter with (1) phpinfo command or (2) perlinfo command. | 5.0 |
2004-11-23 | CVE-2004-0240 | Qualiteam | Directory Traversal vulnerability in X-Cart Directory traversal vulnerability in X-Cart 3.4.3 allows remote attackers to view arbitrary files via a .. | 5.0 |
2004-11-23 | CVE-2004-0237 | Aprox Portal | Directory traversal vulnerability in index.php in Aprox PHP Portal allows remote attackers to read arbitrary files via a full pathname in the show parameter. | 5.0 |
2004-11-23 | CVE-2004-0081 | Cisco Symantec HP Avaya Freebsd Openbsd Redhat SCO Apple 4D Checkpoint Lite Neoteris Novell Openssl SGI Stonesoft Vmware Bluecoat Securecomputing Dell Tarantella SUN | OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool. | 5.0 |
2004-11-23 | CVE-2004-0244 | Cisco | Improper Input Validation vulnerability in Cisco IOS 12.1E/12.2Sy/12.2Za Cisco 6000, 6500, and 7600 series systems with Multilayer Switch Feature Card 2 (MSFC2) and a FlexWAN or OSM module allow local users to cause a denial of service (hang or reset) by sending a layer 2 frame packet that encapsulates a layer 3 packet, but has inconsistent length values with that packet. | 4.7 |
2004-11-23 | CVE-2004-0314 | Freewebs | Cross-Site Scripting vulnerability in Webzedit Cross-site scripting (XSS) vulnerability in done.jsp in WebzEdit 1.9 and earlier allows remote attackers to execute arbitrary script as other users via the message parameter. | 4.3 |
2004-11-23 | CVE-2004-0203 | Microsoft | Cross-Site Scripting vulnerability in Microsoft Exchange Server 5.5 Cross-site scripting (XSS) vulnerability in Outlook Web Access for Exchange Server 5.5 Service Pack 4 allows remote attackers to insert arbitrary script and spoof content in HTML email or web caches via an HTML redirect query. | 4.3 |
9 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2004-11-23 | CVE-2004-0415 | Linux Redhat Trustix | Linux kernel does not properly convert 64-bit file offset pointers to 32 bits, which allows local users to access portions of kernel memory. | 2.1 |
2004-11-23 | CVE-2004-0351 | Spidersales | Multiple vulnerability in Spidersales 2.0 Spider Sales shopping cart stores the private key in the same database and table as the public key, which allows local users with access to the database to decrypt data. | 2.1 |
2004-11-23 | CVE-2004-0350 | Spidersales | Multiple vulnerability in Spidersales 2.0 SpiderSales shopping cart does not enforce a minimum length for the private key, which can make it easier for local users to obtain the private key by factoring. | 2.1 |
2004-11-23 | CVE-2004-0341 | Texas Imperial Software | Unspecified vulnerability in Texas Imperial Software Wftpd WFTPD Pro Server 3.21 Release 1 allocates memory for a command until a 0Ah byte (newline) is sent, which allows local users to cause a denial of service (CPU consumption) by continuing to send a long command that does not contain a newline. | 2.1 |
2004-11-23 | CVE-2004-0320 | Ncipher | Unspecified vulnerability in Ncipher Nshield Unknown vulnerability in nCipher Hardware Security Modules (HSM) 1.67.x through 1.99.x allows local users to access secrets stored in the module's run-time memory via certain sequences of commands. | 2.1 |
2004-11-23 | CVE-2004-0299 | Smallftpd | Remote Denial Of Service vulnerability in Smallftpd 1.0.3 Buffer overflow in smallftpd 0.99 allows local users to cause a denial of service (crash) via an FTP request with a large number of "/" (slash) characters. | 2.1 |
2004-11-23 | CVE-2004-0289 | Paul L Daniels | Local Buffer Overflow vulnerability in Paul L Daniels Signaturedb 0.1.1 Buffer overflow in sdbscan in SignatureDB 0.1.1 allows local users to cause a denial of service (segmentation fault) via a database file that contains a large key parameter. | 2.1 |
2004-11-23 | CVE-2004-0283 | Mailmgr | Unspecified vulnerability in Mailmgr 1.2.3 Mailmgr 1.2.3 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/mailmgr.unsort, (2) /tmp/mailmgr.tmp, or (3) /tmp/mailmgr.sort. | 2.1 |
2004-11-23 | CVE-2004-0256 | GNU | Local Insecure Temporary Directory Creation vulnerability in GNU LibTool GNU libtool before 1.5.2, during compile time, allows local users to overwrite arbitrary files via a symlink attack on libtool directories in /tmp. | 2.1 |