Weekly Vulnerabilities Reports > February 14 to 20, 2005
Overview
23 new vulnerabilities reported during this period, including 2 critical vulnerabilities and 2 high severity vulnerabilities. This weekly summary report vulnerabilities in 21 products from 18 vendors including Citrusdb, Yahoo, Francisco Burzi, Linux, and Microsoft. Vulnerabilities are notably categorized as "Use of Password Hash With Insufficient Computational Effort", and "Improper Cross-boundary Removal of Sensitive Data".
- 18 reported vulnerabilities are remotely exploitables.
- 22 reported vulnerabilities are exploitable by an anonymous user.
- Citrusdb has the most reported vulnerabilities, with 4 reported vulnerabilities.
- Argosoft has the most reported critical vulnerabilities, with 1 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
2 Critical Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2005-02-18 | CVE-2005-0519 | Argosoft | Unspecified vulnerability in Argosoft FTP Server ArGoSoft FTP Server before 1.4.2.7 allows remote attackers to read arbitrary files by uploading a ZIP file containing a shortcut (.LNK) file, using SITE UNZIP to extract the .LNK file onto the server, then accessing the file, a different vulnerability than CVE-2005-0520. | 10.0 |
| 2005-02-14 | CVE-2005-0408 | Citrusdb | Use of Password Hash With Insufficient Computational Effort vulnerability in Citrusdb 0.3.6 CitrusDB 0.3.6 and earlier generates easily predictable MD5 hashes of the user name for the id_hash cookie, which allows remote attackers to bypass authentication and gain privileges by calculating the MD5 checksum of the user name combined with the "boogaadeeboo" string, which is hard-coded in the $hidden_hash variable. | 9.8 |
2 High Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2005-02-19 | CVE-2005-0513 | Pmachine | Remote File Include vulnerability in Pmachine PRO 2.4 PHP remote file inclusion vulnerability in mail_autocheck.php in the Email This Entry add-on for pMachine Pro 2.4, and possibly other versions including pMachine Free, allows remote attackers to execute arbitrary PHP code by directly requesting mail_autocheck.php and modifying the pm_path parameter to reference a URL on a remote web server that contains the code, a different vulnerability than CVE-2003-1086. | 7.5 |
| 2005-02-14 | CVE-2005-0411 | Citrusdb | Unspecified vulnerability in Citrusdb Directory traversal vulnerability in index.php for CitrusDB 0.3.6 and earlier allows remote attackers and local users to include arbitrary PHP files via .. | 7.5 |
18 Medium Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2005-02-14 | CVE-2005-0409 | Citrusdb | Unspecified vulnerability in Citrusdb CitrusDB 0.3.6 and earlier does not verify authorization for the (1) importcc.php and (2) uploadcc.php, which allows remote attackers to upload credit card data and obtain sensitive information such as the pathnames for temporary files that store credit card data, and facilitates the exploitation of other vulnerabilities. | 6.4 |
| 2005-02-14 | CVE-2005-0406 | Image Processing Project | Improper Cross-boundary Removal of Sensitive Data vulnerability in Image Processing Project Image Processing A design flaw in image processing software that modifies JPEG images might not modify the original EXIF thumbnail, which could lead to an information leak of potentially sensitive visual information that had been removed from the main JPEG image. | 5.5 |
| 2005-02-20 | CVE-2005-0499 | Gigafast Ethernet | Denial-Of-Service vulnerability in Gigafast Router Gigafast router (aka CompUSA router) with the DNS proxy option enabled allows remote attackers to cause a denial of service via malformed DNS queries. | 5.0 |
| 2005-02-18 | CVE-2005-0502 | Xinkaa WEB Station | Directory Traversal vulnerability in Xinkaa web Station Xinkaa web Station 1.0.3 Directory traversal vulnerability in Xinkaa 1.0.3 and earlier allows remote attackers to read arbitrary files via (1) ../ and (2) ..\ characters in an HTTP request. | 5.0 |
| 2005-02-17 | CVE-2005-0243 | Yahoo | Unspecified vulnerability in Yahoo Messenger Yahoo! Messenger 6.0.0.1750, and possibly other versions before 6.0.0.1921, does not properly display long filenames in file dialog boxes, which could allow remote attackers to trick users into downloading and executing programs via file names containing a large number of spaces and multiple file extensions. | 5.0 |
| 2005-02-16 | CVE-2005-0453 | Lighttpd | Remote Security vulnerability in Lighttpd 1.3.7 The buffer_urldecode function in Lighttpd 1.3.7 and earlier does not properly handle control characters, which allows remote attackers to obtain the source code for CGI and FastCGI scripts via a URL with a %00 (null) character after the file extension. | 5.0 |
| 2005-02-15 | CVE-2005-0447 | SUN | Remote Denial Of Service vulnerability in Sun Solaris ARP Handling Solaris 7, 8, and 9 allows remote attackers to cause a denial of service (hang) via a flood of certain ARP packets. | 5.0 |
| 2005-02-15 | CVE-2005-0433 | Francisco Burzi | Cross-Site Scripting vulnerability in PHP-Nuke Php-Nuke 7.5 allows remote attackers to determine the full path of the web server via invalid or missing arguments to (1) db.php, (2) mainfile.php, (3) Downloads/index.php, or (4) Web_Links/index.php, which lists the path in a PHP error message. | 5.0 |
| 2005-02-15 | CVE-2005-0176 | Linux | Multiple vulnerability in Linux Kernel 2.6.9 The shmctl function in Linux 2.6.9 and earlier allows local users to unlock the memory of other processes, which could cause sensitive memory to be swapped to disk, which could allow it to be read by other users once it has been released. | 5.0 |
| 2005-02-15 | CVE-2005-0149 | Mozilla | Unspecified vulnerability in Mozilla and Thunderbird Thunderbird 0.6 through 0.9 and Mozilla 1.7 through 1.7.3 does not obey the network.cookie.disableCookieForMailNews preference, which could allow remote attackers to bypass the user's intended privacy and security policy by using cookies in e-mail messages. | 5.0 |
| 2005-02-14 | CVE-2005-0410 | Citrusdb | Unspecified vulnerability in Citrusdb SQL injection vulnerability in importcc.php for CitrusDB 0.3.6 and earlier allows remote attackers to inject data via the fields of a CSV file. | 5.0 |
| 2005-02-18 | CVE-2005-0242 | Yahoo | Unspecified vulnerability in Yahoo Messenger The Audio Setup Wizard (asw.dll) in Yahoo! Messenger 6.0.0.1750, and possibly other versions, allows attackers to arbitrary code by placing a malicious ping.exe program into the Messenger program directory, which is installed with weak default permissions. | 4.6 |
| 2005-02-16 | CVE-2005-0105 | Typespeed | Unspecified vulnerability in Typespeed 0.4.1 Unknown vulnerability in typespeed 0.4.1 and earlier allows local users to gain privileges. | 4.6 |
| 2005-02-14 | CVE-2005-0444 | Vmware | Local Security vulnerability in Workstation VMware before 4.5.2.8848-r5 searches for gdk-pixbuf shared libraries using a path that includes the rrdharan world-writable temporary directory, which allows local users to execute arbitrary code. | 4.6 |
| 2005-02-19 | CVE-2005-0495 | Zeroboard | Cross-Site Scripting vulnerability in Zeroboard Cross-site scripting (XSS) vulnerability in ZeroBoard allows remote attackers to inject arbitrary web script or HTML via the (1) sn1, (2) year, or (3) page parameter to zboard.php or (4) filename to view_image.php. | 4.3 |
| 2005-02-17 | CVE-2005-0462 | Mercuryboard | Cross-Site Scripting vulnerability in Mercuryboard 1.0/1.1/1.1.1 Cross-site scripting (XSS) vulnerability in MercuryBoard 1.0.x and 1.1.x allows remote attackers to inject arbitrary HTML and web script via the f parameter. | 4.3 |
| 2005-02-16 | CVE-2005-0452 | Microsoft | Cross-Site Scripting vulnerability in Microsoft ASP.NET Unicode Character Conversion Multiple cross-site scripting (XSS) vulnerabilities in Microsoft ASP.NET (.Net) 1.0 and 1.1 to SP1 allow remote attackers to inject arbitrary HTML or web script via Unicode representations for ASCII fullwidth characters that are converted to normal ASCII characters, including ">" and "<". | 4.3 |
| 2005-02-15 | CVE-2005-0434 | Francisco Burzi | Cross-Site Scripting vulnerability in PHP-Nuke Multiple cross-site scripting (XSS) vulnerabilities in Php-Nuke 7.5 allow remote attackers to inject arbitrary HTML or web script via (1) the newdownloadshowdays parameter in a NewDownloads operation or (2) the newlinkshowdays parameter in a NewLinks operation. | 4.3 |
1 Low Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2005-02-19 | CVE-2005-0092 | Redhat | Multiple vulnerability in Red Hat Enterprise Linux Kernel Unknown vulnerability in the Red Hat Enterprise Linux 4 kernel 4GB/4GB split patch, when running on x86 with the hugemem kernel, allows local users to cause a denial of service (crash). | 2.1 |