Weekly Vulnerabilities Reports > April 25 to May 1, 2005
Overview
34 new vulnerabilities reported during this period, including 4 critical vulnerabilities and 9 high severity vulnerabilities. This weekly summary report vulnerabilities in 58 products from 38 vendors including Redhat, Inserter CGI, Include CGI, Microsoft, and Debian. Vulnerabilities are notably categorized as "Open Redirect", and "SQL Injection".
- 28 reported vulnerabilities are remotely exploitables.
- 1 reported vulnerabilities have public exploit available.
- 1 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 34 reported vulnerabilities are exploitable by an anonymous user.
- Redhat has the most reported vulnerabilities, with 3 reported vulnerabilities.
- Mysql has the most reported critical vulnerabilities, with 2 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
4 Critical Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2005-04-27 | CVE-2005-0417 | IBM | Unspecified vulnerability in IBM DB2 Universal Database Unknown "high risk" vulnerability in DB2 Universal Database 8.1 and earlier has unknown impact and attack vectors. | 10.0 |
| 2005-04-26 | CVE-2005-1274 | Mysql | Remote Security vulnerability in MaxDB Stack-based buffer overflow in the getIfHeader function in the WebDAV functionality in MySQL MaxDB before 7.5.00.26 allows remote attackers to execute arbitrary code via an HTTP unlock request and a long "If" parameter. | 10.0 |
| 2005-04-25 | CVE-2005-1299 | Inserter CGI | The inserter.cgi script allows remote attackers to execute arbitrary commands via shell metacharacters in the argument. | 10.0 |
| 2005-04-25 | CVE-2005-0684 | Mysql | Remote Buffer Overflow vulnerability in MySQL MaxDB HTTP GET Request Multiple buffer overflows in the web tool for MySQL MaxDB before 7.5.00.26 allows remote attackers to execute arbitrary code via (1) an HTTP GET request with a long file parameter after a percent ("%") sign or (2) a long Lock-Token string to the WebDAV functionality, which is not properly handled by the getLockTokenHeader function in WDVHandler_CommonUtils.c. | 10.0 |
9 High Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2005-04-27 | CVE-2005-0419 | 3Com | Remote Security vulnerability in 3Com 3Cserver 1.1 Multiple heap-based buffer overflows in 3Com 3CServer allow remote authenticated users to execute arbitrary code via long FTP commands, as demonstrated using the STAT command. | 7.5 |
| 2005-04-27 | CVE-2005-0416 | Microsoft | Buffer Overflow vulnerability in Microsoft Windows User32.DLL ANI File Header Handling Stack-Based The Windows Animated Cursor (ANI) capability in Windows NT, Windows 2000 through SP4, Windows XP through SP1, and Windows 2003 allows remote attackers to execute arbitrary code via the AnimationHeaderBlock length field, which leads to a stack-based buffer overflow. | 7.5 |
| 2005-04-27 | CVE-2005-0414 | Mercuryboard | SQL-Injection vulnerability in Mercuryboard 1.1.1 SQL injection vulnerability in post.php for MercuryBoard 1.1.1 allows remote attackers to execute arbitrary SQL commands via a reply post action for index.php with (1) the t parameter or (2) the qu parameter. | 7.5 |
| 2005-04-27 | CVE-2005-0413 | Myphp Forum | SQL Injection vulnerability in Myphp Forum Myphp Forum 1.0/2.0/3.0 Multiple SQL injection vulnerabilities in MyPHP Forum 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the fid in forum.php, (2) the member parameter in member.php, (3) the email parameter in forgot.php, or (4) the nbuser or nbpass parameters in include.php. | 7.5 |
| 2005-04-27 | CVE-2005-0206 | Ascii Cstex Easy Software Products Gnome KDE Pdftohtml SGI Tetex Xpdf Debian Gentoo Mandrakesoft Redhat Suse Ubuntu | Integer Overflow vulnerability in Xpdf PDFTOPS The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original vulnerabilities. | 7.5 |
| 2005-04-27 | CVE-2004-1342 | CVS | Unspecified vulnerability in CVS CVS 1.12 and earlier on Debian GNU/Linux, when using the repouid patch, allows remote attackers to bypass authentication via the pserver access method. | 7.5 |
| 2005-04-25 | CVE-2005-1298 | Inserter CGI | Remote Security vulnerability in Inserter.Cgi The inserter.cgi script allows remote attackers to read arbitrary files via a full pathname in the argument. | 7.5 |
| 2005-04-25 | CVE-2005-1296 | Include CGI | Remote Security vulnerability in Include.Cgi include.cgi script allows remote attackers to execute arbitrary commands via shell metacharacters in the argument. | 7.5 |
| 2005-04-25 | CVE-2005-1295 | Include CGI | Remote Security vulnerability in Include.Cgi include.cgi script allows remote attackers to read arbitrary files via a full pathname in the argument. | 7.5 |
18 Medium Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2005-04-27 | CVE-2005-0412 | Spidean | Cross-Site Scripting vulnerability in Postwrap Cross-site scripting (XSS) vulnerability in Spidean PostWrap allows remote attackers to inject arbitrary HTML and web script via the page parameter. | 6.8 |
| 2005-04-27 | CVE-2005-0085 | Htdig Mandrakesoft Redhat Suse | Cross-Site Scripting vulnerability in Dig Config Parameter Cross-site scripting (XSS) vulnerability in ht://dig (htdig) before 3.1.6-r7 allows remote attackers to execute arbitrary web script or HTML via the config parameter, which is not properly sanitized before it is displayed in an error message. | 6.8 |
| 2005-04-25 | CVE-2005-1317 | Horde | Cross-Site Scripting vulnerability in Chora 1.2/1.2.2 Cross-site scripting (XSS) vulnerability in Horde Chora module before 1.2.3 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title. | 6.8 |
| 2005-04-25 | CVE-2005-1300 | Inserter CGI | Cross-Site Scripting vulnerability in Inserter.Cgi Cross-site scripting (XSS) vulnerability in the inserter.cgi script allows remote attackers to inject arbitrary web script or HTML via the argument. | 6.8 |
| 2005-04-25 | CVE-2005-1297 | Include CGI | Cross-Site Scripting vulnerability in Include.Cgi Cross-site scripting (XSS) vulnerability in the include.cgi script allows remote attackers to inject arbitrary web script or HTML via the argument. | 6.8 |
| 2005-04-27 | CVE-2005-0420 | Microsoft | Open Redirect vulnerability in Microsoft Exchange Server 2003 Microsoft Outlook Web Access (OWA), when used with Exchange, allows remote attackers to redirect users to arbitrary URLs for login via a link to the owalogon.asp application. | 5.8 |
| 2005-04-29 | CVE-2005-1063 | Kerio | Unspecified vulnerability in Kerio products The administration protocol for Kerio WinRoute Firewall 6.x up to 6.0.10, Personal Firewall 4.x up to 4.1.2, and MailServer up to 6.0.8 allows remote attackers to cause a denial of service (CPU consumption) via certain attacks that force the product to "compute unexpected conditions" and "perform cryptographic operations." | 5.0 |
| 2005-04-27 | CVE-2005-0424 | Aspjar | Remote vulnerability in Aspjar Guestbook 1.0 Unknown vulnerability in the delete.asp program in certain versions of ASPjar Guestbook allows remote attackers to delete messages. | 5.0 |
| 2005-04-27 | CVE-2005-0423 | Aspjar | Remote vulnerability in Aspjar Guestbook 1.0 SQL injection vulnerability in login.asp in ASPjar Guestbook allows remote attackers to execute arbitrary SQL commands via the password field. | 5.0 |
| 2005-04-27 | CVE-2005-0415 | Ulrik Petersen | Denial-Of-Service vulnerability in Emdros Database Engine Multiple memory leaks in the MQL parser in Emdros before 1.1.22 allow remote attackers to cause a denial of service (memory consumption) via malformed MQL statements. | 5.0 |
| 2005-04-27 | CVE-2005-0229 | Citrusdb | Remote Information Disclosure vulnerability in CitrusDB Credit Card Data CitrusDB 0.3.5 and earlier stores the newfile.txt temporary data file under the web root, which allows remote attackers to steal credit card information via a direct request to newfile.txt. | 5.0 |
| 2005-04-27 | CVE-2004-1488 | GNU | Remote vulnerability in GNU WGet wget 1.8.x and 1.9.x does not filter or quote control characters when displaying HTTP responses to the terminal, which may allow remote malicious web servers to inject terminal escape sequences and execute arbitrary code. | 5.0 |
| 2005-04-27 | CVE-2004-1487 | GNU | Remote vulnerability in GNU WGet wget 1.8.x and 1.9.x allows a remote malicious web server to overwrite certain files via a redirection URL containing a ".." that resolves to the IP address of the malicious server, which bypasses wget's filtering for ".." sequences. | 5.0 |
| 2005-04-26 | CVE-2005-1281 | Ethereal Group | Denial Of Service vulnerability in Ethereal RSVP Decoding Routines Ethereal 0.10.10 and earlier allows remote attackers to cause a denial of service (infinite loop) via a crafted RSVP packet of length 4. | 5.0 |
| 2005-04-25 | CVE-2005-1275 | Graphicsmagick Imagemagick | Remote Buffer Overflow vulnerability in ImageMagick PNM Image Decoding Heap-based buffer overflow in the ReadPNMImage function in pnm.c for ImageMagick 6.2.1 and earlier allows remote attackers to cause a denial of service (application crash) via a PNM file with a small colors value. | 5.0 |
| 2005-04-27 | CVE-2005-0159 | Debian | Insecure Temporary File Creation vulnerability in Debian Toolchain-Source The tpkg-* scripts in the toolchain-source 3.0.4 package on Debian GNU/Linux 3.0 allow local users to overwrite arbitrary files via a symlink attack on temporary files. | 4.6 |
| 2005-04-27 | CVE-2005-0087 | Alsa Redhat | The alsa-lib package in Red Hat Linux 4 disables stack protection for the libasound.so library, which makes it easier for attackers to execute arbitrary code if there are other vulnerabilities in the library. | 4.6 |
| 2005-04-27 | CVE-2005-0019 | Yongguang Zhang | Local Arbitrary Command Execution vulnerability in Yongguang Zhang Hztty 2.0 Unknown vulnerability in hztty 2.0 and earlier allows local users to execute arbitrary commands. | 4.6 |
3 Low Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2005-04-27 | CVE-2005-0422 | Delphiturk | Local Security vulnerability in Codebank DelphiTurk CodeBank (aka KodBank) 3.1 and earlier stores usernames and passwords in the Codebank registry key, which allows local users to gain privileges. | 2.1 |
| 2005-04-27 | CVE-2005-0421 | Delphiturk | Local Security vulnerability in Delphiturk FTP 1.0 DelphiTurk FTP 1.0 stores usernames and passwords in the profile.dat file, which allows local users to gain privileges. | 2.1 |
| 2005-04-26 | CVE-2005-1270 | Gentoo | Local Insecure Temporary File Creation vulnerability in Rootkit Hunter The (1) check_update.sh and (2) rkhunter script in Rootkit Hunter before 1.2.3-r1 create temporary files with predictable file names, which allows local users to overwrite arbitrary files via a symlink attack. | 2.1 |