Weekly Vulnerabilities Reports > March 14 to 20, 2005
Overview
29 new vulnerabilities reported during this period, including 0 critical vulnerabilities and 6 high severity vulnerabilities. This weekly summary report vulnerabilities in 34 products from 30 vendors including Redhat, Suse, Zpanel, Linux, and Novell. Vulnerabilities are notably categorized as "Information Exposure", and "Improper Restriction of Operations within the Bounds of a Memory Buffer".
- 24 reported vulnerabilities are remotely exploitables.
- 29 reported vulnerabilities are exploitable by an anonymous user.
- Redhat has the most reported vulnerabilities, with 4 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
0 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|
6 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2005-03-15 | CVE-2005-0798 | Novell | Remote Security vulnerability in Novell Ichain 2.2/2.2.113/2.3 Novell iChain Mini FTP Server 2.3, and possibly earlier versions, does not limit the number of incorrect logins, which makes it easier for remote attackers to conduct brute force login attacks. | 7.5 |
2005-03-15 | CVE-2005-0793 | Zpanel | SQL Injection and File Include vulnerability in ZPanel PHP remote file inclusion vulnerability in zpanel.php in ZPanel allows remote attackers to (1) execute arbitrary PHP code in ZPanel 2.0 or (2) include local files in ZPanel 2.5 beta 10 and earlier by modifying the page parameter. | 7.5 |
2005-03-15 | CVE-2005-0792 | Zpanel | SQL Injection and File Include vulnerability in ZPanel SQL injection vulnerability in ZPanel 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) uname parameter to index.php or (2) page parameter to zpanel.php. | 7.5 |
2005-03-14 | CVE-2005-0786 | Simpgb | SQL Injection vulnerability in Simpgb 1.0 SQL injection vulnerability in gb_new.inc in SimpGB allows remote attackers to execute arbitrary SQL commands via the quote parameter to guestbook.php. | 7.5 |
2005-03-14 | CVE-2005-0505 | Stackworks Enterprises | Remote Security vulnerability in Information Resource Manager Unknown vulnerability in Information Resource Manager (IRM) before 1.5.2.1 allows remote attackers to have "potentially serious" impact, related to LDAP logins. | 7.5 |
2005-03-16 | CVE-2005-0352 | Woodstone | Local Privilege Escalation vulnerability in Woodstone Servers Alive 4.1/5.0 Servers Alive 4.1 and 5.0, when running as a service, does not drop SYSTEM privileges before loading local manual under the help menu, which allows local users to gain privileges. | 7.2 |
22 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2005-03-15 | CVE-2005-0767 | Linux | Unspecified vulnerability in Linux Kernel 2.6.8.1 Race condition in the Radeon DRI driver for Linux kernel 2.6.8.1 allows local users with DRI privileges to execute arbitrary code as root. | 6.9 |
2005-03-15 | CVE-2005-0794 | Zpanel | Denial-Of-Service vulnerability in ZPanel ZPanel 2.0 and 2.5 beta 10 does not remove or protect installation scripts after they have been used, which allows remote attackers to reinstall the software and possibly cause a denial of service via a direct request to install.php. | 6.4 |
2005-03-14 | CVE-2005-0259 | Phpbb Group | Unspecified vulnerability in PHPbb Group PHPbb phpBB 2.0.11, and possibly other versions, with remote avatars and avatar uploading enabled, allows local users to read arbitrary files by providing both a local and remote location for an avatar, then modifying the "Upload Avatar from a URL:" field to reference the target file. | 6.4 |
2005-03-15 | CVE-2005-0799 | Oracle | Denial-Of-Service vulnerability in Oracle Mysql 4.1.9 MySQL 4.1.9, and possibly earlier versions, allows remote attackers with certain privileges to cause a denial of service (application crash) via a use command followed by an MS-DOS device name such as (1) LPT1 or (2) PRN. | 5.0 |
2005-03-15 | CVE-2005-0797 | Novell | Remote Information Disclosure vulnerability in Novell iChain Mini FTP Server Novell iChain Mini FTP Server 2.3 displays different error messages if a user exists or not, which allows remote attackers to obtain sensitive information and facilitates brute force attacks. | 5.0 |
2005-03-15 | CVE-2005-0384 | Redhat Suse Trustix Ubuntu | Remote Denial Of Service vulnerability in Linux Kernel PPP Driver Unknown vulnerability in the PPP driver for the Linux kernel 2.6.8.1 allows remote attackers to cause a denial of service (kernel crash) via a pppd client. | 5.0 |
2005-03-14 | CVE-2005-0795 | Hola | Unspecified vulnerability in Hola Holacms HolaCMS 1.4.9 does not restrict file access to the holaDB/votes directory, which allows remote attackers to overwrite arbitrary files via a modified vote_filename parameter. | 5.0 |
2005-03-14 | CVE-2005-0790 | Phpadsnew | Information Disclosure vulnerability in PHPadsnew 2.0.4Pr1 phpAdsNew 2.0.4 allows remote attackers to obtain sensitive information via a direct request to (1) lib-xmlrpcs.inc.php, (2) maintenance-activation.php, (3) maintenance-cleantables.php, (4) maintenance-autotargeting.php, (5) maintenance-reports.php, (6) phpads.php, (7) remotehtmlview.php, (8) click.php, (9) adcontent.php, which reveal the path in a PHP error message. | 5.0 |
2005-03-14 | CVE-2005-0789 | Limewire | Unspecified vulnerability in Limewire 3.9.6/4.6.0 Directory traversal vulnerability in LimeWire 3.9.6 through 4.6.0 allows remote attackers to read arbitrary files via a .. | 5.0 |
2005-03-14 | CVE-2005-0788 | Limewire | Unspecified vulnerability in Limewire 4.1.2/4.5.6 LimeWire 4.1.2 through 4.5.6 allows remote attackers to read arbitrary files by specifying the full pathname in a Gnutella GET request. | 5.0 |
2005-03-14 | CVE-2005-0507 | GD Software | Directory Traversal vulnerability in GD Software SD Server 4.0.70 Directory traversal vulnerability in SD Server 4.0.70 and earlier allows remote attackers to read arbitrary files via .. | 5.0 |
2005-03-14 | CVE-2005-0506 | Avaya | Remote Security vulnerability in Avaya IP Office Phone Manager and IP Soft Phone The Avaya IP Office Phone Manager, and other products such as the IP Softphone, stores sensitive data in cleartext in a registry key, which allows local and possibly remote users to steal usernames and passwords and impersonate other users via keys such as Avaya\IP400\Generic. | 5.0 |
2005-03-14 | CVE-2005-0473 | ROB Flynn Mandrakesoft Redhat | Remote Denial of Service vulnerability in Gaim The HTML parsing functions in Gaim before 1.1.3 allow remote attackers to cause a denial of service (application crash) via malformed HTML that causes "an invalid memory access," a different vulnerability than CVE-2005-0208. | 5.0 |
2005-03-14 | CVE-2005-0472 | ROB Flynn Mandrakesoft Redhat | Remote Denial of Service vulnerability in Gaim Gaim before 1.1.3 allows remote attackers to cause a denial of service (infinite loop) via malformed SNAC packets from (1) AIM or (2) ICQ. | 5.0 |
2005-03-14 | CVE-2005-0471 | SUN | Remote Security vulnerability in SUN JDK and JRE Sun Java JRE 1.1.x through 1.4.x writes temporary files with long filenames that become predictable on a file system that uses 8.3 style short names, which allows remote attackers to write arbitrary files to known locations and facilitates the exploitation of vulnerabilities in applications that rely on unpredictable file names. | 5.0 |
2005-03-14 | CVE-2005-0470 | WPA Supplicant Gentoo Suse | Buffer overflow in wpa_supplicant before 0.2.7 allows remote attackers to cause a denial of service (segmentation fault) via invalid EAPOL-Key packet data. | 5.0 |
2005-03-14 | CVE-2005-0398 | Ipsec Tools Kame SGI Altlinux Redhat Suse | Denial of Service vulnerability in KAME Racoon Malformed ISAKMP Packet Headers The KAME racoon daemon in ipsec-tools before 0.5 allows remote attackers to cause a denial of service (crash) via malformed ISAKMP packets. | 5.0 |
2005-03-14 | CVE-2005-0258 | Phpbb Group | Unspecified vulnerability in PHPbb Group PHPbb Directory traversal vulnerability in (1) usercp_register.php and (2) usercp_avatar.php for phpBB 2.0.11, and possibly other versions, with gallery avatars enabled, allows remote attackers to delete (unlink) arbitrary files via "/../" sequences in the avatarselect parameter. | 5.0 |
2005-03-14 | CVE-2005-0508 | Apache | Unknown vulnerability in Squiggle for Batik before 1.5.1 allows attackers to bypass certain access controls via certain features of the Rhino scripting engine due to a "script security issue." | 4.6 |
2005-03-14 | CVE-2005-0504 | Linux | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Linux Kernel Buffer overflow in the MoxaDriverIoctl function for the moxa serial driver (moxa.c) in Linux 2.2.x, 2.4.x, and 2.6.x before 2.6.22 allows local users to execute arbitrary code via a certain modified length value. | 4.6 |
2005-03-14 | CVE-2005-0791 | Phpadsnew | Cross-Site Scripting vulnerability in PHPAdsNew AdFrame.PHP Cross-site scripting (XSS) vulnerability in adframe.php in phpAdsNew 2.0.4-pr1, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the refresh parameter. | 4.3 |
2005-03-14 | CVE-2005-0509 | Microsoft Mono | Cross-Site Scripting vulnerability in .NET Framework Multiple cross-site scripting (XSS) vulnerabilities in the Mono 1.0.5 implementation of ASP.NET (.Net) allow remote attackers to inject arbitrary HTML or web script via Unicode representations for ASCII fullwidth characters that are converted to normal ASCII characters, including ">" and "<". | 4.3 |
1 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2005-03-14 | CVE-2005-0510 | Fallback Reboot | Denial-Of-Service vulnerability in fallback-reboot The daemon for fallback-reboot before 0.995 allows attackers to cause a denial of service (daemon exit), possibly related to verbose debug messages when the daemon is not on a tty. | 2.1 |