Weekly Vulnerabilities Reports > January 31 to February 6, 2005

Overview

5 new vulnerabilities reported during this period, including 0 critical vulnerabilities and 4 high severity vulnerabilities. This weekly summary report vulnerabilities in 5 products from 5 vendors including HP, Postgresql, Squirrelmail, Ngircd, and Newspost. Vulnerabilities are notably categorized as .

  • 5 reported vulnerabilities are remotely exploitables.
  • 5 reported vulnerabilities are exploitable by an anonymous user.
  • HP has the most reported vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

0 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS

4 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2005-02-03 CVE-2005-0226 Ngircd Remote Format String vulnerability in Ngircd 0.8.2

Format string vulnerability in the Log_Resolver function in log.c for ngIRCd 0.8.2 and earlier, when compiled with IDENT, logging to SYSLOG, and with DEBUG enabled, allows remote attackers to execute arbitrary code.

7.5
2005-02-02 CVE-2005-0152 Squirrelmail Unspecified vulnerability in Squirrelmail 1.2.6

PHP remote file inclusion vulnerability in Squirrelmail 1.2.6 allows remote attackers to execute arbitrary code via "URL manipulation."

7.5
2005-02-01 CVE-2005-0245 Postgresql Remote vulnerability in PostgreSQL

Buffer overflow in gram.y for PostgreSQL 8.0.0 and earlier may allow attackers to execute arbitrary code via a large number of arguments to a refcursor function (gram.y), which leads to a heap-based buffer overflow, a different vulnerability than CVE-2005-0247.

7.5
2005-02-01 CVE-2005-0101 Newspost Remote Buffer Overflow vulnerability in Newspost

Buffer overflow in the socket_getline function in Newspost 2.1.1 and earlier allows remote malicious NNTP servers to execute arbitrary code via a long string without a newline character.

7.5

1 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2005-01-31 CVE-2005-0224 HP Denial-Of-Service vulnerability in HP Virtualvault 4.5/4.6/4.7

Unknown vulnerability in HP-UX B.11.04 running Virtualvault 4.5 through 4.7, when running the TGA daemon, allows remote attackers to cause a denial of service via certain network traffic.

5.0

0 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS