Weekly Vulnerabilities Reports > February 21 to 27, 2005

Overview

25 new vulnerabilities reported during this period, including 1 critical vulnerabilities and 9 high severity vulnerabilities. This weekly summary report vulnerabilities in 35 products from 25 vendors including Cisco, E Merge, Debian, Linux, and Mediawiki. Vulnerabilities are notably categorized as and "Cross-site Scripting".

  • 15 reported vulnerabilities are remotely exploitables.
  • 1 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 25 reported vulnerabilities are exploitable by an anonymous user.
  • Cisco has the most reported vulnerabilities, with 2 reported vulnerabilities.
  • Argosoft has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

1 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2005-02-23 CVE-2005-0520 Argosoft Unspecified vulnerability in Argosoft FTP Server

ArGoSoft FTP Server before 1.4.2.8 allows remote attackers to read arbitrary files via shortcut (.LNK) files in the SITE COPY command, a different vulnerability than CVE-2005-0519.

10.0

9 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2005-02-25 CVE-2005-0107 Debian Unspecified vulnerability in Debian Bsmtpd 2.3

bsmtpd 2.3 and earlier does not properly sanitize e-mail addresses, which allows remote attackers to execute arbitrary commands.

7.5
2005-02-23 CVE-2005-0516 Twiki Remote Security vulnerability in Imagegalleryplugin

The ImageGalleryPlugin (ImageGalleryPlugin.pm) in Twiki allows remote attackers to execute arbitrary commands via certain commands that generate thumbnails.

7.5
2005-02-22 CVE-2005-0535 Mediawiki
Gentoo
Cross-site request forgery (CSRF) vulnerability in MediaWiki 1.3.x before 1.3.11 and 1.4 beta before 1.4 rc1 allows remote attackers to perform unauthorized actions as authenticated MediaWiki users.
7.5
2005-02-21 CVE-2005-0537 Igeneric SQL-Injection vulnerability in Igeneric Free Shopping Cart 1.2

Multiple SQL injection vulnerabilities in page.php for iGeneric (iG) Shop 1.2 may allow remote attackers to execute arbitrary SQL statements via the (1) cats, (2) l_price, or (3) u_price parameters.

7.5
2005-02-21 CVE-2005-0512 Mambo Remote Security vulnerability in Mambo

PHP remote file inclusion vulnerability in Tar.php in Mambo 4.5.2 allows remote attackers to execute arbitrary PHP code by modifying the mosConfig_absolute_path parameter to reference a URL on a remote web server that contains the code, a different vulnerability than CVE-2004-1693.

7.5
2005-02-21 CVE-2005-0511 Jelsoft Unspecified vulnerability in Jelsoft Vbulletin

misc.php for vBulletin 3.0.6 and earlier, when "Add Template Name in HTML Comments" is enabled, allows remote attackers to execute arbitrary PHP code via nested variables in the template parameter.

7.5
2005-02-21 CVE-2005-0496 Knox Software Remote Security vulnerability in Arkeia

Arkeia Network Backup Client 5.x contains hard-coded credentials that effectively serve as a back door, which allows remote attackers to access the file system and possibly execute arbitrary commands.

7.5
2005-02-21 CVE-2005-0494 Thomson Denial-Of-Service vulnerability in Thomson Cable Modem Tcw690

The RgSecurity form in the HTTP server for the Thomson TCW690 cable modem running firmware 2.1 and software ST42.03.0a does not properly validate the password before performing changes, which allows remote attackers on the LAN to gain access via a direct POST request.

7.5
2005-02-21 CVE-2005-0467 Putty Remote Security vulnerability in PUTTY

Multiple integer overflows in the (1) sftp_pkt_getstring and (2) fxp_readdir_recv functions in the PSFTP and PSCP clients for PuTTY 0.56, and possibly earlier versions, allow remote malicious web sites to execute arbitrary code via SFTP responses that corrupt the heap after insufficient memory has been allocated.

7.5

8 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2005-02-22 CVE-2005-0160 E Merge Remote Buffer Overflow vulnerability in E-Merge Unace 1.2B

Multiple buffer overflows in unace 1.2b allow attackers to execute arbitrary code via (1) 2 overflows in ACE archives, (2) a long command line argument, or (3) certain "Ready for next volume" messages.

5.1
2005-02-24 CVE-2005-0600 Cisco Remote vulnerability in Cisco Application and Content Networking System

Cisco devices running Application and Content Networking System (ACNS) 5.0, 5.1 before 5.1.13.7, or 5.2 before 5.2.3.9 allow remote attackers to cause a denial of service (bandwidth consumption) via "crafted IP packets" that are continuously forwarded.

5.0
2005-02-24 CVE-2005-0598 Cisco Remote vulnerability in Cisco Application and Content Networking System

The RealServer RealSubscriber on Cisco devices running Application and Content Networking System (ACNS) 5.1 allow remote attackers to cause a denial of service (CPU consumption) via malformed packets.

5.0
2005-02-25 CVE-2005-0579 Freenx Local Security vulnerability in FreeNX

nxagent in FreeNX before 0.2.8 does not properly handle when the XAUTHORITY environment variable is not set, which allows local users to access the X server without X authentication.

4.6
2005-02-24 CVE-2005-0547 HP Restricted File Access vulnerability in HP-UX FTP Server

Unknown vulnerability in ftpd on HP-UX B.11.00, B.11.04, B.11.11, B.11.22, and B.11.23 allows remote authenticated users to gain "unauthorized access to files."

4.6
2005-02-21 CVE-2005-0503 UIM
Mandrakesoft
uim before 0.4.5.1 trusts certain environment variables when libUIM is used in setuid or setgid applications, which allows local users to gain privileges.
4.6
2005-02-24 CVE-2005-0543 Phpmyadmin Cross-Site Scripting vulnerability in PHPmyadmin

Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.6.1 allows remote attackers to inject arbitrary HTML and web script via (1) the strServer, cfg[BgcolorOne], or strServerChoice parameters in select_server.lib.php, (2) the bg_color or row_no parameters in display_tbl_links.lib.php, the left_font_family parameter in theme_left.css.php, or the right_font_family parameter in theme_right.css.php.

4.3
2005-02-22 CVE-2005-0514 Verity Unspecified vulnerability in Verity Ultraseek 5.3.3

Cross-site scripting (XSS) vulnerability in Verity Ultraseek before 5.3.3 allows remote attackers to inject arbitrary HTML and web script via search parameters.

4.3

7 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2005-02-25 CVE-2005-0580 Krzysztof Dabrowski Local Security vulnerability in Cmd5Checkpw 0.20/0.21/0.22

cmd5checkpw, when running setuid, does not properly drop privileges before calling the execvp function, which allows local users to read the poppasswd file.

2.1
2005-02-23 CVE-2005-0521 Sendlink SendLink 1.5 stores sensitive information, possibly including passwords, in plaintext in the data.eat file, which allows local users to gain privileges.
2.1
2005-02-23 CVE-2005-0518 Exeem Information Disclosure vulnerability in Exeem 0.21

eXeem 0.21 stores sensitive information such as passwords in plaintext in the Exeem registry key, which allows local users to gain privileges via the proxy_user and proxy_password values.

2.1
2005-02-23 CVE-2005-0517 Peerftp 5 Unspecified vulnerability in Peerftp 5 Peerftp 5

PeerFTP_5 stores sensitive information such as passwords in plaintext in the PeerFTP.ini files, which allows local users to gain privileges.

2.1
2005-02-23 CVE-2004-0481 SUN Unspecified vulnerability in SUN Solaris and Sunos

The logging feature in kcms_configure in the KCMS package on Solaris 8 and 9, and possibly other versions, allows local users to corrupt arbitrary files via a symlink attack on the KCS_ClogFile file.

2.1
2005-02-22 CVE-2005-0161 E Merge Remote Directory Traversal vulnerability in E-Merge Unace 1.2B

Multiple directory traversal vulnerabilities in unace 1.2b allow attackers to overwrite arbitrary files via an ACE archive containing (1) ../ sequences or (2) absolute pathnames.

2.1
2005-02-22 CVE-2005-0937 Linux Unspecified vulnerability in Linux Kernel

Some futex functions in futex.c for Linux kernel 2.6.x perform get_user calls while holding the mmap_sem semaphore, which could allow local users to cause a deadlock condition in do_page_fault by triggering get_user faults while another thread is executing mmap or other functions.

1.2