Weekly Vulnerabilities Reports > January 17 to 23, 2005

Overview

18 new vulnerabilities reported during this period, including 0 critical vulnerabilities and 9 high severity vulnerabilities. This weekly summary report vulnerabilities in 21 products from 18 vendors including Redhat, GNU, Netgear, Yamt, and Oracle. Vulnerabilities are notably categorized as and "Improper Input Validation".

  • 14 reported vulnerabilities are remotely exploitables.
  • 18 reported vulnerabilities are exploitable by an anonymous user.
  • Redhat has the most reported vulnerabilities, with 2 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

0 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS

9 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2005-01-22 CVE-2005-0566 Kmint21 Software Remote Buffer Overflow vulnerability in Golden FTP Server

Buffer overflow in Golden FTP Server Pro (goldenftpd) 2.x allows remote attackers to execute arbitrary code via a long RNTO command.

7.5
2005-01-21 CVE-2004-1185 GNU Multiple vulnerability in GNU Enscript

Enscript 1.6.3 does not sanitize filenames, which allows remote attackers or local users to execute arbitrary commands via crafted filenames.

7.5
2005-01-20 CVE-2005-1847 Yamt Remote Security vulnerability in YAMT

Multiple buffer overflows in YaMT before 0.5_2 allow attackers to execute arbitrary code via the (1) rename or (2) sort options.

7.5
2005-01-18 CVE-2005-0297 Oracle Unspecified vulnerability in Oracle Database Server 10.2.1

SQL injection vulnerability in Oracle Database 9i and 10g allows remote attackers to execute arbitrary SQL commands and gain privileges.

7.5
2005-01-18 CVE-2005-0116 Awstats Improper Input Validation vulnerability in Awstats

AWStats 6.1, and other versions before 6.3, allows remote attackers to execute arbitrary commands via shell metacharacters in the configdir parameter to aswtats.pl.

7.5
2005-01-17 CVE-2005-0292 PHP Gift Registry SQL Injection vulnerability in PHP Gift Registry PHPgiftreg 1.4

Multiple SQL injection vulnerabilities in index.php in PHP Gift Registry (phpGiftReg) 1.4.0, and possibly other versions before 1.5.0b1, allow remote attackers to execute arbitrary SQL commands via the (1) messageid, (2) shopper, (3) shopfor, or (4) itemid parameters.

7.5
2005-01-17 CVE-2005-0290 Netgear Multiple vulnerability in Netgear Fvs318 2.4

NETGEAR FVS318 running firmware 2.4, and possibly other versions, allows remote attackers to bypass the filters using hex encoded URLs, as demonstrated using a hex encoded file extension.

7.5
2005-01-22 CVE-2005-0193 Isync Local Command Line Argument Buffer Overflow vulnerability in Isync Mrouter 1.5

Buffer overflow in the (1) -v and (2) -a switches in mRouter in iSync 1.5 in Mac OS X 10.3.7 and earlier allows local users to execute arbitrary code.

7.2
2005-01-21 CVE-2004-1057 Linux
Redhat
Unspecified vulnerability in Linux Kernel Device Driver Virtual Memory Flags

Multiple drivers in Linux kernel 2.4.19 and earlier do not properly mark memory with the VM_IO flag, which causes incorrect reference counts and may lead to a denial of service (kernel panic) when accessing freed kernel pages.

7.2

9 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2005-01-19 CVE-2005-0191 Realnetworks Remote Security vulnerability in RealPlayer

Off-by-one buffer overflow in the processing of tags in Real Metadata Package (RMP) files in RealPlayer 10.5 (6.0.12.1040) and earlier could allow remote attackers to execute arbitrary code via a long tag.

5.1
2005-01-20 CVE-2005-1846 Yamt Directory Traversal vulnerability in Yamt 0.5.2

Multiple directory traversal vulnerabilities in YaMT before 0.5_2 allow attackers to overwrite arbitrary files via the (1) rename or (2) sort options.

5.0
2005-01-20 CVE-2005-0300 Jsboard Local File Include File Disclosure vulnerability in Jsboard 2.0.7/2.0.8/2.0.9

Directory traversal vulnerability in session.php in JSBoard 2.0.9 and earlier allows remote attackers to read arbitrary files via a ..

5.0
2005-01-19 CVE-2005-0186 Cisco Denial-Of-Service vulnerability in IOS

Cisco IOS 12.1YD, 12.2T, 12.3 and 12.3T, when configured for the IOS Telephony Service (ITS), CallManager Express (CME) or Survivable Remote Site Telephony (SRST), allows remote attackers to cause a denial of service (device reboot) via a malformed packet to the SCCP port.

5.0
2005-01-17 CVE-2005-0296 Novell Remote Authentication Bypass vulnerability in Novell GroupWise WebAccess

** DISPUTED ** NOTE: this issue has been disputed by the vendor.

5.0
2005-01-21 CVE-2004-1184 GNU
SGI
Redhat
Suse
Multiple vulnerability in GNU Enscript

The EPSF pipe support in enscript 1.6.3 allows remote attackers or local users to execute arbitrary commands via shell metacharacters.

4.6
2005-01-17 CVE-2005-0295 Inca Unspecified vulnerability in Inca Nprotect Gameguard

npptnt2.sys in nProtect Gameguard provides unrestricted I/O to any process that calls it, which allows local users to gain privileges.

4.6
2005-01-17 CVE-2005-0291 Netgear Multiple vulnerability in Netgear Fvs318 2.4

Cross-site scripting (XSS) vulnerability in the log viewer in NETGEAR FVS318 running firmware 2.4, and possibly other versions, allows remote attackers to inject arbitrary web script or HTML via a blocked URL phrase.

4.3
2005-01-17 CVE-2005-0221 Gallery Project Cross-Site Scripting vulnerability in Gallery Project Gallery 2.0Alpha

Cross-site scripting (XSS) vulnerability in login.php in Gallery 2.0 Alpha allows remote attackers to inject arbitrary web script or HTML via the g2_form[subject] field.

4.3

0 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS