Weekly Vulnerabilities Reports > February 14 to 20, 2005
Overview
2 new vulnerabilities reported during this period, including 1 critical vulnerabilities and 0 high severity vulnerabilities. This weekly summary report vulnerabilities in 2 products from 2 vendors including Image Processing Project, and Citrusdb. Vulnerabilities are notably categorized as "Use of Password Hash With Insufficient Computational Effort", and "Improper Cross-boundary Removal of Sensitive Data".
- 1 reported vulnerabilities are remotely exploitables.
- 1 reported vulnerabilities are exploitable by an anonymous user.
- Image Processing Project has the most reported vulnerabilities, with 1 reported vulnerabilities.
- Citrusdb has the most reported critical vulnerabilities, with 1 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
1 Critical Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2005-02-14 | CVE-2005-0408 | Citrusdb | Use of Password Hash With Insufficient Computational Effort vulnerability in Citrusdb 0.3.6 CitrusDB 0.3.6 and earlier generates easily predictable MD5 hashes of the user name for the id_hash cookie, which allows remote attackers to bypass authentication and gain privileges by calculating the MD5 checksum of the user name combined with the "boogaadeeboo" string, which is hard-coded in the $hidden_hash variable. | 9.8 |
0 High Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|
1 Medium Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2005-02-14 | CVE-2005-0406 | Image Processing Project | Improper Cross-boundary Removal of Sensitive Data vulnerability in Image Processing Project Image Processing A design flaw in image processing software that modifies JPEG images might not modify the original EXIF thumbnail, which could lead to an information leak of potentially sensitive visual information that had been removed from the main JPEG image. | 5.5 |
0 Low Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|