Weekly Vulnerabilities Reports > April 25 to May 1, 2005

Overview

34 new vulnerabilities reported during this period, including 4 critical vulnerabilities and 9 high severity vulnerabilities. This weekly summary report vulnerabilities in 58 products from 38 vendors including Redhat, Inserter CGI, Include CGI, Microsoft, and Suse. Vulnerabilities are notably categorized as "Open Redirect", and "SQL Injection".

  • 28 reported vulnerabilities are remotely exploitables.
  • 1 reported vulnerabilities have public exploit available.
  • 1 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 34 reported vulnerabilities are exploitable by an anonymous user.
  • Redhat has the most reported vulnerabilities, with 3 reported vulnerabilities.
  • Mysql has the most reported critical vulnerabilities, with 2 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

4 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2005-04-27 CVE-2005-0417 IBM Unspecified vulnerability in IBM DB2 Universal Database

Unknown "high risk" vulnerability in DB2 Universal Database 8.1 and earlier has unknown impact and attack vectors.

10.0
2005-04-26 CVE-2005-1274 Mysql Remote Security vulnerability in MaxDB

Stack-based buffer overflow in the getIfHeader function in the WebDAV functionality in MySQL MaxDB before 7.5.00.26 allows remote attackers to execute arbitrary code via an HTTP unlock request and a long "If" parameter.

10.0
2005-04-25 CVE-2005-1299 Inserter CGI The inserter.cgi script allows remote attackers to execute arbitrary commands via shell metacharacters in the argument.
10.0
2005-04-25 CVE-2005-0684 Mysql Remote Buffer Overflow vulnerability in MySQL MaxDB HTTP GET Request

Multiple buffer overflows in the web tool for MySQL MaxDB before 7.5.00.26 allows remote attackers to execute arbitrary code via (1) an HTTP GET request with a long file parameter after a percent ("%") sign or (2) a long Lock-Token string to the WebDAV functionality, which is not properly handled by the getLockTokenHeader function in WDVHandler_CommonUtils.c.

10.0

9 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2005-04-27 CVE-2005-0419 3Com Remote Security vulnerability in 3Com 3Cserver 1.1

Multiple heap-based buffer overflows in 3Com 3CServer allow remote authenticated users to execute arbitrary code via long FTP commands, as demonstrated using the STAT command.

7.5
2005-04-27 CVE-2005-0416 Microsoft Buffer Overflow vulnerability in Microsoft Windows User32.DLL ANI File Header Handling Stack-Based

The Windows Animated Cursor (ANI) capability in Windows NT, Windows 2000 through SP4, Windows XP through SP1, and Windows 2003 allows remote attackers to execute arbitrary code via the AnimationHeaderBlock length field, which leads to a stack-based buffer overflow.

7.5
2005-04-27 CVE-2005-0414 Mercuryboard SQL-Injection vulnerability in Mercuryboard 1.1.1

SQL injection vulnerability in post.php for MercuryBoard 1.1.1 allows remote attackers to execute arbitrary SQL commands via a reply post action for index.php with (1) the t parameter or (2) the qu parameter.

7.5
2005-04-27 CVE-2005-0413 Myphp Forum SQL Injection vulnerability in Myphp Forum Myphp Forum 1.0/2.0/3.0

Multiple SQL injection vulnerabilities in MyPHP Forum 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the fid in forum.php, (2) the member parameter in member.php, (3) the email parameter in forgot.php, or (4) the nbuser or nbpass parameters in include.php.

7.5
2005-04-27 CVE-2005-0206 Ascii
Cstex
Easy Software Products
Gnome
KDE
Pdftohtml
SGI
Tetex
Xpdf
Debian
Gentoo
Mandrakesoft
Redhat
Suse
Ubuntu
Integer Overflow vulnerability in Xpdf PDFTOPS

The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original vulnerabilities.

7.5
2005-04-27 CVE-2004-1342 CVS Unspecified vulnerability in CVS

CVS 1.12 and earlier on Debian GNU/Linux, when using the repouid patch, allows remote attackers to bypass authentication via the pserver access method.

7.5
2005-04-25 CVE-2005-1298 Inserter CGI Remote Security vulnerability in Inserter.Cgi

The inserter.cgi script allows remote attackers to read arbitrary files via a full pathname in the argument.

7.5
2005-04-25 CVE-2005-1296 Include CGI Remote Security vulnerability in Include.Cgi

include.cgi script allows remote attackers to execute arbitrary commands via shell metacharacters in the argument.

7.5
2005-04-25 CVE-2005-1295 Include CGI Remote Security vulnerability in Include.Cgi

include.cgi script allows remote attackers to read arbitrary files via a full pathname in the argument.

7.5

18 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2005-04-27 CVE-2005-0412 Spidean Cross-Site Scripting vulnerability in Postwrap

Cross-site scripting (XSS) vulnerability in Spidean PostWrap allows remote attackers to inject arbitrary HTML and web script via the page parameter.

6.8
2005-04-27 CVE-2005-0085 Htdig
Mandrakesoft
Redhat
Suse
Cross-Site Scripting vulnerability in Dig Config Parameter

Cross-site scripting (XSS) vulnerability in ht://dig (htdig) before 3.1.6-r7 allows remote attackers to execute arbitrary web script or HTML via the config parameter, which is not properly sanitized before it is displayed in an error message.

6.8
2005-04-25 CVE-2005-1317 Horde Cross-Site Scripting vulnerability in Chora 1.2/1.2.2

Cross-site scripting (XSS) vulnerability in Horde Chora module before 1.2.3 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title.

6.8
2005-04-25 CVE-2005-1300 Inserter CGI Cross-Site Scripting vulnerability in Inserter.Cgi

Cross-site scripting (XSS) vulnerability in the inserter.cgi script allows remote attackers to inject arbitrary web script or HTML via the argument.

6.8
2005-04-25 CVE-2005-1297 Include CGI Cross-Site Scripting vulnerability in Include.Cgi

Cross-site scripting (XSS) vulnerability in the include.cgi script allows remote attackers to inject arbitrary web script or HTML via the argument.

6.8
2005-04-27 CVE-2005-0420 Microsoft Open Redirect vulnerability in Microsoft Exchange Server 2003

Microsoft Outlook Web Access (OWA), when used with Exchange, allows remote attackers to redirect users to arbitrary URLs for login via a link to the owalogon.asp application.

5.8
2005-04-29 CVE-2005-1063 Kerio Unspecified vulnerability in Kerio products

The administration protocol for Kerio WinRoute Firewall 6.x up to 6.0.10, Personal Firewall 4.x up to 4.1.2, and MailServer up to 6.0.8 allows remote attackers to cause a denial of service (CPU consumption) via certain attacks that force the product to "compute unexpected conditions" and "perform cryptographic operations."

5.0
2005-04-27 CVE-2005-0424 Aspjar Remote vulnerability in Aspjar Guestbook 1.0

Unknown vulnerability in the delete.asp program in certain versions of ASPjar Guestbook allows remote attackers to delete messages.

5.0
2005-04-27 CVE-2005-0423 Aspjar Remote vulnerability in Aspjar Guestbook 1.0

SQL injection vulnerability in login.asp in ASPjar Guestbook allows remote attackers to execute arbitrary SQL commands via the password field.

5.0
2005-04-27 CVE-2005-0415 Ulrik Petersen Denial-Of-Service vulnerability in Emdros Database Engine

Multiple memory leaks in the MQL parser in Emdros before 1.1.22 allow remote attackers to cause a denial of service (memory consumption) via malformed MQL statements.

5.0
2005-04-27 CVE-2005-0229 Citrusdb Remote Information Disclosure vulnerability in CitrusDB Credit Card Data

CitrusDB 0.3.5 and earlier stores the newfile.txt temporary data file under the web root, which allows remote attackers to steal credit card information via a direct request to newfile.txt.

5.0
2005-04-27 CVE-2004-1488 GNU Remote vulnerability in GNU WGet

wget 1.8.x and 1.9.x does not filter or quote control characters when displaying HTTP responses to the terminal, which may allow remote malicious web servers to inject terminal escape sequences and execute arbitrary code.

5.0
2005-04-27 CVE-2004-1487 GNU Remote vulnerability in GNU WGet

wget 1.8.x and 1.9.x allows a remote malicious web server to overwrite certain files via a redirection URL containing a ".." that resolves to the IP address of the malicious server, which bypasses wget's filtering for ".." sequences.

5.0
2005-04-26 CVE-2005-1281 Ethereal Group Denial Of Service vulnerability in Ethereal RSVP Decoding Routines

Ethereal 0.10.10 and earlier allows remote attackers to cause a denial of service (infinite loop) via a crafted RSVP packet of length 4.

5.0
2005-04-25 CVE-2005-1275 Graphicsmagick
Imagemagick
Remote Buffer Overflow vulnerability in ImageMagick PNM Image Decoding

Heap-based buffer overflow in the ReadPNMImage function in pnm.c for ImageMagick 6.2.1 and earlier allows remote attackers to cause a denial of service (application crash) via a PNM file with a small colors value.

5.0
2005-04-27 CVE-2005-0159 Debian Insecure Temporary File Creation vulnerability in Debian Toolchain-Source

The tpkg-* scripts in the toolchain-source 3.0.4 package on Debian GNU/Linux 3.0 allow local users to overwrite arbitrary files via a symlink attack on temporary files.

4.6
2005-04-27 CVE-2005-0087 Alsa
Redhat
The alsa-lib package in Red Hat Linux 4 disables stack protection for the libasound.so library, which makes it easier for attackers to execute arbitrary code if there are other vulnerabilities in the library.
4.6
2005-04-27 CVE-2005-0019 Yongguang Zhang Local Arbitrary Command Execution vulnerability in Yongguang Zhang Hztty 2.0

Unknown vulnerability in hztty 2.0 and earlier allows local users to execute arbitrary commands.

4.6

3 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2005-04-27 CVE-2005-0422 Delphiturk Local Security vulnerability in Codebank

DelphiTurk CodeBank (aka KodBank) 3.1 and earlier stores usernames and passwords in the Codebank registry key, which allows local users to gain privileges.

2.1
2005-04-27 CVE-2005-0421 Delphiturk Local Security vulnerability in Delphiturk FTP 1.0

DelphiTurk FTP 1.0 stores usernames and passwords in the profile.dat file, which allows local users to gain privileges.

2.1
2005-04-26 CVE-2005-1270 Gentoo Local Insecure Temporary File Creation vulnerability in Rootkit Hunter

The (1) check_update.sh and (2) rkhunter script in Rootkit Hunter before 1.2.3-r1 create temporary files with predictable file names, which allows local users to overwrite arbitrary files via a symlink attack.

2.1