Weekly Vulnerabilities Reports > March 7 to 13, 2005
Overview
34 new vulnerabilities reported during this period, including 0 critical vulnerabilities and 11 high severity vulnerabilities. This weekly summary report vulnerabilities in 53 products from 34 vendors including Linux, Hosting Controller, PHP Arena, Abuse, and Redhat. Vulnerabilities are notably categorized as and "Code Injection".
- 26 reported vulnerabilities are remotely exploitables.
- 34 reported vulnerabilities are exploitable by an anonymous user.
- Linux has the most reported vulnerabilities, with 2 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
0 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|
11 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2005-03-10 | CVE-2005-0774 | Photopost | Remote vulnerability in Photopost PHP PRO 5.0Rc3 SQL injection vulnerability in member.php and possibly other scripts in PhotoPost PHP 5.0 RC3 allows remote attackers to execute arbitrary SQL commands via the uid parameter. | 7.5 |
2005-03-10 | CVE-2005-0748 | Webinsta | Code Injection vulnerability in Webinsta Mailing Manager 1.3D PHP remote file inclusion vulnerability in initdb.php for WEBInsta Mailing list manager 1.3d allows remote attackers to execute arbitrary PHP code by modifying the absolute_path parameter to reference a URL on a remote web server that contains the code. | 7.5 |
2005-03-08 | CVE-2005-0725 | WF Sections | SQL-Injection vulnerability in Wf-Sections 1.07 SQL injection vulnerability in the getAllbyArticle function in wfsfiles.php for WF-Sections (wfsections) 1.07 allows remote attackers to execute arbitrary SQL commands via the articleid parameter to article.php. | 7.5 |
2005-03-08 | CVE-2005-0720 | Mcnews | Code Injection vulnerability in Mcnews 1.3 PHP remote file inclusion vulnerability in admin/header.php in PHP mcNews 1.3 allows remote attackers to execute arbitrary PHP code by modifying the skinfile parameter to reference a URL on a remote web server that contains the code. | 7.5 |
2005-03-08 | CVE-2005-0696 | Argosoft | Remote Buffer Overrun vulnerability in Argosoft FTP Server 1.4.2.29/1.4.2.8/1.4.3.5 Buffer overflow in ArGoSoft FTP Server 1.4.2.8 allows remote authenticated users to execute arbitrary code via a long DELE command. | 7.5 |
2005-03-08 | CVE-2005-0685 | Outstart | Access Validation vulnerability in Outstart Participate Enterprise 3 Multiple access validation errors in OutStart Participate Enterprise (PE) allow remote attackers to (1) browse arbitrary directory trees by modifying the rootFolder parameter to displaynavigator.jsp, (2) rename arbitrary directory objects by modifying the selectedObject parameter to renamepopup.jsp, (3) delete arbitrary directory objects by modifying the selectedObjectsCSV parameter to displaydeletenavigator.jsp, and conduct other unauthorized activities via the (4) showDeleteView, (5) showWebFolderView, (6) showLibraryView, (7) showMyLibraryView, (8) singleSelectObject, (9) processRadioSelection, (10) processCheckboxSelection, (11) singleSelectObject, (12) addToSelectedObjects, or (13) removeFromSelectedObjects commands. | 7.5 |
2005-03-07 | CVE-2005-0697 | BRT | SQL-Injection vulnerability in BRT Copperexport 0.1/0.2 SQL injection vulnerability in the process_picture function xp_publish.php in CopperExport 0.2.1 allows remote attackers to execute arbitrary SQL commands, possibly via the (1) title, (2) caption, or (3) keywords parameters. | 7.5 |
2005-03-07 | CVE-2005-0693 | Jowood Productions | Remote Buffer Overflow vulnerability in JoWood Chaser 1.0/1.50 Buffer overflow in JoWood Chaser 1.50 and earlier allows remote attackers to cause a denial of service (client or server crash) and execute arbitrary code via a long nickname. | 7.5 |
2005-03-07 | CVE-2005-0689 | Jimmy | Remote Command Execution vulnerability in The Includer 1.0/1.1 includer.cgi in The Includer allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the URL or (2) the template parameter. | 7.5 |
2005-03-07 | CVE-2005-0686 | Mlterm | Remote Security vulnerability in mlterm Integer overflow in mlterm 2.5.0 through 2.9.1, with gdk-pixbuf support enabled, allows remote attackers to execute arbitrary code via a large image file that is used as a background. | 7.5 |
2005-03-07 | CVE-2005-0680 | Stadtaus | PHP remote file inclusion vulnerability in download_center_lite.inc.php for Download Center Lite 1.6 allows remote attackers to execute arbitrary PHP code by modifying the script_root parameter to reference a URL on a remote web server that contains the code. | 7.5 |
17 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2005-03-07 | CVE-2005-0667 | Sylpheed Sylpheed Claws Altlinux Gentoo Redhat | Buffer overflow in Sylpheed before 1.0.3 and other versions before 1.9.5 allows remote attackers to execute arbitrary code via an e-mail message with certain headers containing non-ASCII characters that are not properly handled when the user replies to the message. | 5.1 |
2005-03-12 | CVE-2005-0780 | PHP Arena | Unspecified vulnerability in PHP Arena Pafiledb paFileDB 3.1 and earlier allows remote attackers to obtain sensitive information via a direct request to (1) auth.php, (2) login.php, (3) category.php, (4) file.php, (5) team.php, (6) license.php, (7) custom.php, (8) admins.php, or (9) backupdb.php, which reveal the path in a PHP error message. | 5.0 |
2005-03-10 | CVE-2005-0731 | PY Software | Denial-Of-Service vulnerability in PY Software Active Webcam 5.5 PY Software Active Webcam WebServer (webcam.exe) 5.5 allows remote attackers to cause a denial of service (CPU consumption) via a direct request to Filelist.html. | 5.0 |
2005-03-08 | CVE-2005-0747 | Applyyourself | Information Disclosure vulnerability in I-Class ApplyYourself i-Class allows remote attackers to obtain sensitive information about their own applications by reusing the hidden ID field, as demonstrated using the id parameter to ApplicantDecision.asp. | 5.0 |
2005-03-07 | CVE-2005-0722 | Experience2 | Remote Security vulnerability in Experience2 eXPerience2 allows remote attackers to obtain the full path for the web root via a direct request to modules.php without any parameters, which leaks the path in a PHP error message. | 5.0 |
2005-03-07 | CVE-2005-0703 | Xerox | Remote Security vulnerability in WorkCentre 40 Color Xerox MicroServer Web Server for various WorkCentre products including M35/M45/M55 2.028.11.000 through 2.97.20.032 and 4.84.16.000 through 4.97.20.032, Pro 35/45/55 3.028.11.000 through 3.97.20.032, Pro 65/75/90 1.001.00.060 through 1.001.02.084, and others, has an "unauthenticated account," which allows remote attackers to modify system configuration, a different vulnerability than CVE-2005-1179. | 5.0 |
2005-03-07 | CVE-2005-0702 | Phpmyfaq | SQL-Injection vulnerability in phpMyFAQ SQL injection vulnerability in phpMyFAQ 1.4 and 1.5 allows remote attackers to add FAQ records to the database via the username field in forum messages. | 5.0 |
2005-03-07 | CVE-2005-0701 | Oracle | Unspecified vulnerability in Oracle Database Server Directory traversal vulnerability in Oracle Database Server 8i and 9i allows remote attackers to read or rename arbitrary files via "\\.\\.." (modified dot dot backslash) sequences to UTL_FILE functions such as (1) UTL_FILE.FOPEN or (2) UTL_FILE.frename. | 5.0 |
2005-03-07 | CVE-2005-0700 | Aztek Forum | Unspecified vulnerability in Aztek Forum Aztek Forum 4.0 The export_index action in myadmin.php for Aztek Forum 4.0 allows remote attackers to obtain database files, possibly by setting the ATK_ADMIN cookie. | 5.0 |
2005-03-07 | CVE-2005-0695 | Hosting Controller | Remote Security vulnerability in Hosting Controller The password recovery feature (forgotpassword.asp) in Hosting Controller 6.1 Hotfix 1.7 and earlier allows remote attackers to determine the owner's e-mail address by providing a portion of the domain name to the "login ID" field. | 5.0 |
2005-03-07 | CVE-2005-0694 | Hosting Controller | Information Disclosure vulnerability in Hosting Controller Hosting Controller 6.1 Hotfix 1.7 and earlier stores log files under the web root, which allows remote attackers to obtain sensitive information via a direct request to HCDiskQuotaService.csv. | 5.0 |
2005-03-09 | CVE-2005-0745 | Utstarcom | Local Security vulnerability in Ian-02Ex Voip Ata UTStarcom iAN-02EX VoIP Analog Terminal Adaptor (ATA) allows local users to bypass ATA access restrictions by dialing "*#26845#" and causing a device reset. | 4.6 |
2005-03-08 | CVE-2005-0098 | Abuse | Unspecified vulnerability in Abuse Abuse-Sdl Multiple buffer overflows in the SDL port of abuse (abuse-SDL) before 2.00 allow local users to execute arbitrary code via the command line. | 4.6 |
2005-03-07 | CVE-2005-0698 | Jason Hines | Remote File Include vulnerability in Jason Hines PHPWebLog PHP remote file inclusion vulnerability in PHPWebLog 0.5.3 and earlier allows remote attackers to execute arbitrary PHP code by modifying the (1) G_PATH parameter to init.inc.php or the (2) PATH parameter to index.php to reference a URL on a remote web server that contains the code. | 4.6 |
2005-03-08 | CVE-2005-0741 | Yabb | Remote UsersRecentPosts Cross-Site Scripting vulnerability in Yabb 2.0Rc1 Cross-site scripting (XSS) vulnerability in YaBB.pl for YaBB 2.0 RC1 allows remote attackers to inject arbitrary web script or HTML via the username parameter in a usersrecentposts action. | 4.3 |
2005-03-08 | CVE-2005-0723 | PHP Arena | Cross-Site Scripting vulnerability in PHP Arena Pafiledb 3.1 Cross-site scripting (XSS) vulnerability in the jumpmenu function in functions.php for paFileDB 3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the URL parameters, which is not properly cleansed in the $pageurl variable, as demonstrated using pafiledb.php. | 4.3 |
2005-03-07 | CVE-2005-0548 | SUN | Unspecified vulnerability in SUN Solaris Answerbook2 Cross-site scripting (XSS) vulnerability in Solaris AnswerBook2 Documentation 1.4.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the Search function. | 4.3 |
6 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2005-03-07 | CVE-2005-0180 | Linux | Integer Overflow vulnerability in Linux Kernel SCSI IOCTL Multiple integer signedness errors in the sg_scsi_ioctl function in scsi_ioctl.c for Linux 2.6.x allow local users to read or modify kernel memory via negative integers in arguments to the scsi ioctl, which bypass a maximum length check before calling the copy_from_user and copy_to_user functions. | 3.6 |
2005-03-08 | CVE-2005-0626 | Squid | Information Disclosure vulnerability in Squid 2.5.Stable5/2.5.Stable6/2.5.Stable7 Race condition in Squid 2.5.STABLE7 to 2.5.STABLE9, when using the Netscape Set-Cookie recommendations for handling cookies in caches, may cause Set-Cookie headers to be sent to other users, which allows attackers to steal the related cookies. | 2.6 |
2005-03-09 | CVE-2005-0719 | HP | Denial Of Service vulnerability in HP Tru64 Message Queue Local Unknown vulnerability in the systems message queue in HP Tru64 Unix 4.0F PK8 through 5.1B-2/PK4 allows local users to cause a denial of service (process crash) for processes such as nfsstat, pfstat, arp, ogated, rarpd, route, sendmail, srconfig, strsetup, trpt, netstat, and xntpd. | 2.1 |
2005-03-08 | CVE-2005-0099 | Abuse | Unspecified vulnerability in Abuse Abuse-Sdl The SDL port of abuse (abuse-SDL) before 2.00 does not properly drop privileges before creating certain files, which allows local users to create or overwrite arbitrary files. | 2.1 |
2005-03-07 | CVE-2005-0690 | Gene6 | Remote Default Install Code Execution vulnerability in Gene6 FTP Server Gene6 FTP Server does not properly restrict access to the control console, which allows local users to modify the server configuration and gain privileges, as demonstrated by defining a SITE command. | 2.1 |
2005-03-07 | CVE-2005-0179 | Linux | Unspecified vulnerability in Linux Kernel Linux kernel 2.4.x and 2.6.x allows local users to cause a denial of service (CPU and memory consumption) and bypass RLIM_MEMLOCK limits via the mlockall call. | 2.1 |