Weekly Vulnerabilities Reports > January 17 to 23, 2005
Overview
17 new vulnerabilities reported during this period, including 0 critical vulnerabilities and 9 high severity vulnerabilities. This weekly summary report vulnerabilities in 19 products from 17 vendors including Redhat, Netgear, GNU, Yamt, and Linux. Vulnerabilities are notably categorized as and "Improper Input Validation".
- 13 reported vulnerabilities are remotely exploitables.
- 17 reported vulnerabilities are exploitable by an anonymous user.
- Redhat has the most reported vulnerabilities, with 2 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
0 Critical Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|
9 High Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2005-01-22 | CVE-2005-0566 | Kmint21 Software | Remote Buffer Overflow vulnerability in Golden FTP Server Buffer overflow in Golden FTP Server Pro (goldenftpd) 2.x allows remote attackers to execute arbitrary code via a long RNTO command. | 7.5 |
| 2005-01-21 | CVE-2004-1185 | GNU | Multiple vulnerability in GNU Enscript Enscript 1.6.3 does not sanitize filenames, which allows remote attackers or local users to execute arbitrary commands via crafted filenames. | 7.5 |
| 2005-01-20 | CVE-2005-1847 | Yamt | Remote Security vulnerability in YAMT Multiple buffer overflows in YaMT before 0.5_2 allow attackers to execute arbitrary code via the (1) rename or (2) sort options. | 7.5 |
| 2005-01-18 | CVE-2005-0297 | Oracle | Unspecified vulnerability in Oracle Database Server 10.2.1 SQL injection vulnerability in Oracle Database 9i and 10g allows remote attackers to execute arbitrary SQL commands and gain privileges. | 7.5 |
| 2005-01-18 | CVE-2005-0116 | Awstats | Improper Input Validation vulnerability in Awstats AWStats 6.1, and other versions before 6.3, allows remote attackers to execute arbitrary commands via shell metacharacters in the configdir parameter to aswtats.pl. | 7.5 |
| 2005-01-17 | CVE-2005-0292 | PHP Gift Registry | SQL Injection vulnerability in PHP Gift Registry PHPgiftreg 1.4 Multiple SQL injection vulnerabilities in index.php in PHP Gift Registry (phpGiftReg) 1.4.0, and possibly other versions before 1.5.0b1, allow remote attackers to execute arbitrary SQL commands via the (1) messageid, (2) shopper, (3) shopfor, or (4) itemid parameters. | 7.5 |
| 2005-01-17 | CVE-2005-0290 | Netgear | Multiple vulnerability in Netgear Fvs318 2.4 NETGEAR FVS318 running firmware 2.4, and possibly other versions, allows remote attackers to bypass the filters using hex encoded URLs, as demonstrated using a hex encoded file extension. | 7.5 |
| 2005-01-22 | CVE-2005-0193 | Isync | Local Command Line Argument Buffer Overflow vulnerability in Isync Mrouter 1.5 Buffer overflow in the (1) -v and (2) -a switches in mRouter in iSync 1.5 in Mac OS X 10.3.7 and earlier allows local users to execute arbitrary code. | 7.2 |
| 2005-01-21 | CVE-2004-1057 | Linux Redhat | Unspecified vulnerability in Linux Kernel Device Driver Virtual Memory Flags Multiple drivers in Linux kernel 2.4.19 and earlier do not properly mark memory with the VM_IO flag, which causes incorrect reference counts and may lead to a denial of service (kernel panic) when accessing freed kernel pages. | 7.2 |
8 Medium Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2005-01-19 | CVE-2005-0191 | Realnetworks | Remote Security vulnerability in RealPlayer Off-by-one buffer overflow in the processing of tags in Real Metadata Package (RMP) files in RealPlayer 10.5 (6.0.12.1040) and earlier could allow remote attackers to execute arbitrary code via a long tag. | 5.1 |
| 2005-01-20 | CVE-2005-1846 | Yamt | Directory Traversal vulnerability in Yamt 0.5.2 Multiple directory traversal vulnerabilities in YaMT before 0.5_2 allow attackers to overwrite arbitrary files via the (1) rename or (2) sort options. | 5.0 |
| 2005-01-20 | CVE-2005-0300 | Jsboard | Local File Include File Disclosure vulnerability in Jsboard 2.0.7/2.0.8/2.0.9 Directory traversal vulnerability in session.php in JSBoard 2.0.9 and earlier allows remote attackers to read arbitrary files via a .. | 5.0 |
| 2005-01-19 | CVE-2005-0186 | Cisco | Denial-Of-Service vulnerability in IOS Cisco IOS 12.1YD, 12.2T, 12.3 and 12.3T, when configured for the IOS Telephony Service (ITS), CallManager Express (CME) or Survivable Remote Site Telephony (SRST), allows remote attackers to cause a denial of service (device reboot) via a malformed packet to the SCCP port. | 5.0 |
| 2005-01-21 | CVE-2004-1184 | GNU SGI Redhat Suse | Multiple vulnerability in GNU Enscript The EPSF pipe support in enscript 1.6.3 allows remote attackers or local users to execute arbitrary commands via shell metacharacters. | 4.6 |
| 2005-01-17 | CVE-2005-0295 | Inca | Unspecified vulnerability in Inca Nprotect Gameguard npptnt2.sys in nProtect Gameguard provides unrestricted I/O to any process that calls it, which allows local users to gain privileges. | 4.6 |
| 2005-01-17 | CVE-2005-0291 | Netgear | Multiple vulnerability in Netgear Fvs318 2.4 Cross-site scripting (XSS) vulnerability in the log viewer in NETGEAR FVS318 running firmware 2.4, and possibly other versions, allows remote attackers to inject arbitrary web script or HTML via a blocked URL phrase. | 4.3 |
| 2005-01-17 | CVE-2005-0221 | Gallery Project | Cross-Site Scripting vulnerability in Gallery Project Gallery 2.0Alpha Cross-site scripting (XSS) vulnerability in login.php in Gallery 2.0 Alpha allows remote attackers to inject arbitrary web script or HTML via the g2_form[subject] field. | 4.3 |
0 Low Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|