Weekly Vulnerabilities Reports > January 31 to February 6, 2005
Overview
4 new vulnerabilities reported during this period, including 0 critical vulnerabilities and 3 high severity vulnerabilities. This weekly summary report vulnerabilities in 4 products from 4 vendors including HP, Squirrelmail, Ngircd, and Newspost. Vulnerabilities are notably categorized as .
- 4 reported vulnerabilities are remotely exploitables.
- 4 reported vulnerabilities are exploitable by an anonymous user.
- HP has the most reported vulnerabilities, with 1 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
0 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|
3 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2005-02-03 | CVE-2005-0226 | Ngircd | Remote Format String vulnerability in Ngircd 0.8.2 Format string vulnerability in the Log_Resolver function in log.c for ngIRCd 0.8.2 and earlier, when compiled with IDENT, logging to SYSLOG, and with DEBUG enabled, allows remote attackers to execute arbitrary code. | 7.5 |
2005-02-02 | CVE-2005-0152 | Squirrelmail | Unspecified vulnerability in Squirrelmail 1.2.6 PHP remote file inclusion vulnerability in Squirrelmail 1.2.6 allows remote attackers to execute arbitrary code via "URL manipulation." | 7.5 |
2005-02-01 | CVE-2005-0101 | Newspost | Remote Buffer Overflow vulnerability in Newspost Buffer overflow in the socket_getline function in Newspost 2.1.1 and earlier allows remote malicious NNTP servers to execute arbitrary code via a long string without a newline character. | 7.5 |
1 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2005-01-31 | CVE-2005-0224 | HP | Denial-Of-Service vulnerability in HP Virtualvault 4.5/4.6/4.7 Unknown vulnerability in HP-UX B.11.04 running Virtualvault 4.5 through 4.7, when running the TGA daemon, allows remote attackers to cause a denial of service via certain network traffic. | 5.0 |
0 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|