Weekly Vulnerabilities Reports > February 21 to 27, 2005
Overview
24 new vulnerabilities reported during this period, including 2 critical vulnerabilities and 8 high severity vulnerabilities. This weekly summary report vulnerabilities in 34 products from 24 vendors including Cisco, E Merge, Mediawiki, HP, and Debian. Vulnerabilities are notably categorized as "Use of Hard-coded Credentials", and "Cross-site Scripting".
- 15 reported vulnerabilities are remotely exploitables.
- 1 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 24 reported vulnerabilities are exploitable by an anonymous user.
- Cisco has the most reported vulnerabilities, with 2 reported vulnerabilities.
- Argosoft has the most reported critical vulnerabilities, with 1 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
2 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2005-02-23 | CVE-2005-0520 | Argosoft | Unspecified vulnerability in Argosoft FTP Server ArGoSoft FTP Server before 1.4.2.8 allows remote attackers to read arbitrary files via shortcut (.LNK) files in the SITE COPY command, a different vulnerability than CVE-2005-0519. | 10.0 |
2005-02-21 | CVE-2005-0496 | Arkeia | Use of Hard-coded Credentials vulnerability in Arkeia Network Backup 5.0 Arkeia Network Backup Client 5.x contains hard-coded credentials that effectively serve as a back door, which allows remote attackers to access the file system and possibly execute arbitrary commands. | 9.8 |
8 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2005-02-25 | CVE-2005-0107 | Debian | Unspecified vulnerability in Debian Bsmtpd 2.3 bsmtpd 2.3 and earlier does not properly sanitize e-mail addresses, which allows remote attackers to execute arbitrary commands. | 7.5 |
2005-02-23 | CVE-2005-0516 | Twiki | Remote Security vulnerability in Imagegalleryplugin The ImageGalleryPlugin (ImageGalleryPlugin.pm) in Twiki allows remote attackers to execute arbitrary commands via certain commands that generate thumbnails. | 7.5 |
2005-02-22 | CVE-2005-0535 | Mediawiki Gentoo | Cross-site request forgery (CSRF) vulnerability in MediaWiki 1.3.x before 1.3.11 and 1.4 beta before 1.4 rc1 allows remote attackers to perform unauthorized actions as authenticated MediaWiki users. | 7.5 |
2005-02-21 | CVE-2005-0537 | Igeneric | SQL-Injection vulnerability in Igeneric Free Shopping Cart 1.2 Multiple SQL injection vulnerabilities in page.php for iGeneric (iG) Shop 1.2 may allow remote attackers to execute arbitrary SQL statements via the (1) cats, (2) l_price, or (3) u_price parameters. | 7.5 |
2005-02-21 | CVE-2005-0512 | Mambo | Remote Security vulnerability in Mambo PHP remote file inclusion vulnerability in Tar.php in Mambo 4.5.2 allows remote attackers to execute arbitrary PHP code by modifying the mosConfig_absolute_path parameter to reference a URL on a remote web server that contains the code, a different vulnerability than CVE-2004-1693. | 7.5 |
2005-02-21 | CVE-2005-0511 | Jelsoft | Unspecified vulnerability in Jelsoft Vbulletin misc.php for vBulletin 3.0.6 and earlier, when "Add Template Name in HTML Comments" is enabled, allows remote attackers to execute arbitrary PHP code via nested variables in the template parameter. | 7.5 |
2005-02-21 | CVE-2005-0494 | Thomson | Denial-Of-Service vulnerability in Thomson Cable Modem Tcw690 The RgSecurity form in the HTTP server for the Thomson TCW690 cable modem running firmware 2.1 and software ST42.03.0a does not properly validate the password before performing changes, which allows remote attackers on the LAN to gain access via a direct POST request. | 7.5 |
2005-02-21 | CVE-2005-0467 | Putty | Remote Security vulnerability in PUTTY Multiple integer overflows in the (1) sftp_pkt_getstring and (2) fxp_readdir_recv functions in the PSFTP and PSCP clients for PuTTY 0.56, and possibly earlier versions, allow remote malicious web sites to execute arbitrary code via SFTP responses that corrupt the heap after insufficient memory has been allocated. | 7.5 |
8 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2005-02-22 | CVE-2005-0160 | E Merge | Remote Buffer Overflow vulnerability in E-Merge Unace 1.2B Multiple buffer overflows in unace 1.2b allow attackers to execute arbitrary code via (1) 2 overflows in ACE archives, (2) a long command line argument, or (3) certain "Ready for next volume" messages. | 5.1 |
2005-02-24 | CVE-2005-0600 | Cisco | Remote vulnerability in Cisco Application and Content Networking System Cisco devices running Application and Content Networking System (ACNS) 5.0, 5.1 before 5.1.13.7, or 5.2 before 5.2.3.9 allow remote attackers to cause a denial of service (bandwidth consumption) via "crafted IP packets" that are continuously forwarded. | 5.0 |
2005-02-24 | CVE-2005-0598 | Cisco | Remote vulnerability in Cisco Application and Content Networking System The RealServer RealSubscriber on Cisco devices running Application and Content Networking System (ACNS) 5.1 allow remote attackers to cause a denial of service (CPU consumption) via malformed packets. | 5.0 |
2005-02-25 | CVE-2005-0579 | Freenx | Local Security vulnerability in FreeNX nxagent in FreeNX before 0.2.8 does not properly handle when the XAUTHORITY environment variable is not set, which allows local users to access the X server without X authentication. | 4.6 |
2005-02-24 | CVE-2005-0547 | HP | Restricted File Access vulnerability in HP-UX FTP Server Unknown vulnerability in ftpd on HP-UX B.11.00, B.11.04, B.11.11, B.11.22, and B.11.23 allows remote authenticated users to gain "unauthorized access to files." | 4.6 |
2005-02-21 | CVE-2005-0503 | UIM Mandrakesoft | uim before 0.4.5.1 trusts certain environment variables when libUIM is used in setuid or setgid applications, which allows local users to gain privileges. | 4.6 |
2005-02-24 | CVE-2005-0543 | Phpmyadmin | Cross-Site Scripting vulnerability in PHPmyadmin Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.6.1 allows remote attackers to inject arbitrary HTML and web script via (1) the strServer, cfg[BgcolorOne], or strServerChoice parameters in select_server.lib.php, (2) the bg_color or row_no parameters in display_tbl_links.lib.php, the left_font_family parameter in theme_left.css.php, or the right_font_family parameter in theme_right.css.php. | 4.3 |
2005-02-22 | CVE-2005-0514 | Verity | Unspecified vulnerability in Verity Ultraseek 5.3.3 Cross-site scripting (XSS) vulnerability in Verity Ultraseek before 5.3.3 allows remote attackers to inject arbitrary HTML and web script via search parameters. | 4.3 |
6 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2005-02-25 | CVE-2005-0580 | Krzysztof Dabrowski | Local Security vulnerability in Cmd5Checkpw 0.20/0.21/0.22 cmd5checkpw, when running setuid, does not properly drop privileges before calling the execvp function, which allows local users to read the poppasswd file. | 2.1 |
2005-02-23 | CVE-2005-0521 | Sendlink | SendLink 1.5 stores sensitive information, possibly including passwords, in plaintext in the data.eat file, which allows local users to gain privileges. | 2.1 |
2005-02-23 | CVE-2005-0518 | Exeem | Information Disclosure vulnerability in Exeem 0.21 eXeem 0.21 stores sensitive information such as passwords in plaintext in the Exeem registry key, which allows local users to gain privileges via the proxy_user and proxy_password values. | 2.1 |
2005-02-23 | CVE-2005-0517 | Peerftp 5 | Unspecified vulnerability in Peerftp 5 Peerftp 5 PeerFTP_5 stores sensitive information such as passwords in plaintext in the PeerFTP.ini files, which allows local users to gain privileges. | 2.1 |
2005-02-23 | CVE-2004-0481 | SUN | Unspecified vulnerability in SUN Solaris and Sunos The logging feature in kcms_configure in the KCMS package on Solaris 8 and 9, and possibly other versions, allows local users to corrupt arbitrary files via a symlink attack on the KCS_ClogFile file. | 2.1 |
2005-02-22 | CVE-2005-0161 | E Merge | Remote Directory Traversal vulnerability in E-Merge Unace 1.2B Multiple directory traversal vulnerabilities in unace 1.2b allow attackers to overwrite arbitrary files via an ACE archive containing (1) ../ sequences or (2) absolute pathnames. | 2.1 |