Weekly Vulnerabilities Reports > May 16 to 22, 2005

Overview

104 new vulnerabilities reported during this period, including 1 critical vulnerabilities and 41 high severity vulnerabilities. This weekly summary report vulnerabilities in 93 products from 73 vendors including Microsoft, Apple, Groove, Pico Server, and JGS XA. Vulnerabilities are notably categorized as "Resource Exhaustion", "Cross-site Scripting", and "Cross-Site Request Forgery (CSRF)".

  • 86 reported vulnerabilities are remotely exploitables.
  • 2 reported vulnerabilities have public exploit available.
  • 1 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 104 reported vulnerabilities are exploitable by an anonymous user.
  • Microsoft has the most reported vulnerabilities, with 4 reported vulnerabilities.
  • Pico Server has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

1 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2005-05-16 CVE-2005-1365 Pico Server Directory Traversal vulnerability in Pserv

Pico Server (pServ) 3.2 and earlier allows remote attackers to execute arbitrary commands via a URL with multiple leading "/" (slash) characters and ".." sequences.

10.0

41 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2005-05-20 CVE-2005-1687 Wordpress Unspecified vulnerability in Wordpress 1.5

SQL injection vulnerability in wp-trackback.php in Wordpress 1.5 and earlier allows remote attackers to execute arbitrary SQL commands via the tb_id parameter.

7.5
2005-05-20 CVE-2005-1681 Bugada Andrea Remote Security vulnerability in Php Advanced Transfer Manager 1.20/1.21

PHP remote file inclusion vulnerability in common.php in phpATM 1.21, and possibly earlier versions, allows remote attackers to execute arbitrary PHP code via a URL in the include_location parameter to index.php.

7.5
2005-05-20 CVE-2005-1680 D Link Security Bypass vulnerability in DSL-562T

D-Link DSL-502T, DSL-504T, DSL-562T, and DSL-G604T, when /cgi-bin/firmwarecfg is executed, allows remote attackers to bypass authentication (1) if their IP address already exists in /var/tmp/fw_ip or (2) if their request is the first, which causes /var/tmp/fw_ip to be created and contain their IP address.

7.5
2005-05-20 CVE-2005-1677 Groove Security Bypass vulnerability in Groove Workspace and Virtual Office

Unknown vulnerability in Groove Virtual Office before 3.1 build 2338, before 3.1a build 2364, and Groove Workspace before 2.5n build 1871 allows remote attackers to bypass restrictions on COM objects.

7.5
2005-05-19 CVE-2005-1673 Ubertec Unspecified vulnerability in Ubertec Help Center Live

Multiple SQL injection vulnerabilities in Help Center Live allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to index.php, (2) tid parameter to view.php, fid parameter to (3) download.php or (4) chat_download.php, (5) status parameter to icon.php, TICKET_tid parameter to (6) index.php or (7) view.php.

7.5
2005-05-19 CVE-2005-1455 Freeradius Buffer Overflow vulnerability in Freeradius 1.0.2

Buffer overflow in the sql_escape_func function in the SQL module for FreeRADIUS 1.0.2 and earlier allows remote attackers to cause a denial of service (crash).

7.5
2005-05-19 CVE-2005-1454 Freeradius SQL Injection vulnerability in Freeradius 1.0.2

SQL injection vulnerability in the radius_xlat function in the SQL module for FreeRADIUS 1.0.2 and earlier allows remote authenticated users to execute arbitrary SQL commands via (1) group_membership_query, (2) simul_count_query, or (3) simul_verify_query configuration entries.

7.5
2005-05-18 CVE-2005-1666 Orenosv Remote Buffer Overflow vulnerability in Orenosv HTTP/FTP Server FTP Commands

Multiple buffer overflows in Orenosv HTTP/FTP Server 0.8.1 allow remote authenticated users to cause a denial of service (server crash) and possibly execute arbitrary code via long arguments to FTP commands such as MKD, RMD, or DELE, which are processed by the (1) ftp_xlate_path, (2) ftp_is_canonical, or (3) os_fn_nativize functions, or (4) a long SSI command that is processed by the parse_cmd function in cgissi.exe.

7.5
2005-05-18 CVE-2005-1660 Htmljunction Information Disclosure vulnerability in EZGuestbook

HTMLJunction EZGuestbook stores the guestbook.mdb file under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as the administrative password.

7.5
2005-05-18 CVE-2005-1657 Mercur Directory Traversal vulnerability in Mercur Messaging 2005Sp2

Multiple directory traversal vulnerabilities in Mercur Messaging 2005 SP2 allow remote attackers to perform unauthorized file operations via the Folder.Id parameter to (1) deletefolder.ctml, (2) deletemessage.ctml, (3) origmessage.ctml, or (4) readmessage.ctml, the Message.Id parameter to editmessage.ctml, or the (5) Message.Command parameter to messages.ctml.

7.5
2005-05-18 CVE-2005-1652 Woppoware Input Validation and Information Disclosure vulnerability in Woppoware Postmaster 4.2.2Build3.2.5

message.htm for Woppoware PostMaster 4.2.2 (build 3.2.5) allows remote attackers to bypass authentication by modifying the email parameter.

7.5
2005-05-18 CVE-2005-1651 Woppoware Input Validation and Information Disclosure vulnerability in Woppoware Postmaster 4.2.2Build3.2.5

Directory traversal vulnerability in message.htm for Woppoware PostMaster 4.2.2 (build 3.2.5) allows remote attackers to determine the existence of arbitrary files via a ..

7.5
2005-05-18 CVE-2005-1648 Gurgens Remote Security vulnerability in Gurgens Ultimate Forum 2.1

Gurgens (GASoft) Ultimate Forum 1.0 stores the db/Genid.dat database file under the web document root with insufficient access control, which allows remote attackers to obtain and decrypt usernames and passwords.

7.5
2005-05-18 CVE-2005-1647 Gurgens Remote Security vulnerability in Gurgens Guest Book 2.1

Gurgens (GASoft) Guest Book 2.1 stores the db/Genid.dat database file under the web document root with insufficient access control, which allows remote attackers to obtain and decrypt usernames and passwords.

7.5
2005-05-18 CVE-2005-1646 Fastream Denial-Of-Service vulnerability in Fastream Netfile FTP web Server 7.4.6

The default installation of Fastream NETFile FTP/Web Server 7.4.6, which supports FXP, does not require that the IP address in a PORT command be the same as the IP of the logged in user, which allows remote attackers to conduct FTP Bounce attacks to bypass firewall rules or cause a denial of service.

7.5
2005-05-17 CVE-2005-1642 Woltlab Unspecified vulnerability in Woltlab Burning Board 2.0

SQL injection vulnerability in the verify_email function in Woltlab Burning Board 2.x and earlier allows remote attackers to execute arbitrary SQL commands via the $email variable.

7.5
2005-05-17 CVE-2005-1640 THE Ignition Project Security Bypass vulnerability in ignitionServer

mod_channel.bas in The Ignition Project ignitionServer 0.3.0 to 0.3.6, and possibly earlier versions, does not properly verify whether a host has the owner privileges required to delete IRC channel access entries, which allows remote attackers to bypass intended restrictions.

7.5
2005-05-17 CVE-2005-1637 Npds Unspecified vulnerability in Npds 4.8/5.0

Multiple SQL injection vulnerabilities in NPDS 4.8 and 5.0 allow remote attackers to execute arbitrary SQL commands via the thold parameter to (1) comments.php or (2) pollcomments.php.

7.5
2005-05-17 CVE-2005-1633 JGS XA Unspecified vulnerability in Jgs-Xa Jgs-Portal

Multiple SQL injection vulnerabilities in JGS-XA JGS-Portal 3.0.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) anzahl_beitraege parameter to jgs_portal.php, 2) year parameter to (jgs_portal_statistik.php, 3) year parameter to (jgs_portal_beitraggraf.php, 4) tag parameter to (jgs_portal_viewsgraf.php, 5) year parameter to (jgs_portal_themengraf.php, 6) year parameter to (jgs_portal_mitgraf.php, 7) id parameter to jgs_portal_sponsor.php, or (8) the Accept-Language header to jgs_portal_log.php.

7.5
2005-05-17 CVE-2005-1630 Opentools Remote Security vulnerability in Attachment Mod

Unknown vulnerability in Attachment Mod before 2.3.13, related to a "serious issue with realnames," has unknown impact and attack vectors.

7.5
2005-05-17 CVE-2005-1629 Photopost SQL Injection vulnerability in All Enthusiast PhotoPost PHP Pro Member.PHP

SQL injection vulnerability in member.php for Photopost PHP Pro allows remote attackers to execute arbitrary SQL commands via the verifykey parameter.

7.5
2005-05-17 CVE-2005-1626 Pico Server Remote Buffer Overflow vulnerability in Pserv completedPath

Multiple buffer overflows in handlers.c for Pico Server (pServ) before 3.3 may allow attackers to execute arbitrary code.

7.5
2005-05-16 CVE-2005-1616 Ultimate PHP Board Information Disclosure vulnerability in Ultimate PHP Board

viewforum.php in Ultimate PHP Board (UPB) 1.8 through 1.9.6 allows remote attackers to obtain sensitive information via an invalid (1) id or possibly (2) postorder parameter, which reveals the path in an error message when a file can not be opened.

7.5
2005-05-16 CVE-2005-1615 Ultimate PHP Board SQL Injection vulnerability in Ultimate PHP Board ViewForum.PHP

viewforum.php in Ultimate PHP Board (UPB) 1.8 through 1.9.6 may allow remote attackers to read sensitive data via the postorder parameter, which is not properly handled by textdb.inc.php, possibly due to a SQL injection vulnerability.

7.5
2005-05-16 CVE-2005-1612 Openbb SQL Injection vulnerability in Openbb 1.0.8

SQL injection vulnerability in read.php in Open Bulletin Board (OpenBB) 1.0.8 allows remote attackers to execute arbitrary SQL commands via the TID parameter.

7.5
2005-05-16 CVE-2005-1609 SUN Unspecified vulnerability in SUN Storedge 6130 Arrays

Unknown vulnerability in Sun StorEdge 6130 Arrays (SE6130) with serial numbers between 0451AWF00G and 0513AWF00J allows local users and remote attackers to delete data.

7.5
2005-05-16 CVE-2005-1604 Bugada Andrea Unspecified vulnerability in Bugada Andrea PHP Advanced Transfer Manager 1.21

PHP Advanced Transfer Manager (phpATM) 1.21 allows remote attackers to upload arbitrary files via filenames containing multiple file extensions, as demonstrated using a filename ending in "php.ns", which allows execution of arbitrary PHP code.

7.5
2005-05-16 CVE-2005-1602 Net56 SQL Injection Authentication Bypass vulnerability in Net56 File Manager 1.0

SQL injection vulnerability in login.asp for Net56 Browser Based File Manager 1.0 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the password field.

7.5
2005-05-16 CVE-2005-1600 Libtomcrypt Unspecified vulnerability in Libtomcrypt 1.0/1.0.1/1.0.2

A "mathematical flaw" in the implementation of the El Gamal signature algorithm for LibTomCrypt 1.0 to 1.0.2 allows attackers to generate valid signatures without having the private key.

7.5
2005-05-16 CVE-2005-1598 Invision Power Services SQL Injection vulnerability in Invision Power Board Login.PHP

SQL injection vulnerability in Invision Power Board (IPB) 2.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via a crafted cookie password hash (pass_hash) that modifies the internal $pid variable.

7.5
2005-05-16 CVE-2005-1594 Codethat Input Validation vulnerability in Codethat Shoppingcart 1.3.1

SQL injection vulnerability in catalog.php for CodeThat ShoppingCart 1.3.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2005-05-16 CVE-2005-1592 Birdblog Remote Security vulnerability in BirdBlog

Multiple "javascript vulerabilities in BB code" in BirdBlog before 1.3.1 allow remote attackers to inject arbitrary Javascript.

7.5
2005-05-16 CVE-2005-1367 Pico Server Unspecified vulnerability in Pico Server Pico Server

Pico Server (pServ) 3.2 and earlier allows local users to read arbitrary files as the pServ user via a symlink to a file outside of the web document root.

7.5
2005-05-16 CVE-2005-1366 Pico Server Remote Source Code Disclosure vulnerability in PServ

Pico Server (pServ) 3.2 and earlier allows remote attackers to obtain the source code for CGI scripts via "dirname/../cgi-bin" in a URL.

7.5
2005-05-16 CVE-2005-1248 Apple Buffer Overflow vulnerability in Apple iTunes MPEG4 Parsing

Buffer overflow in Apple iTunes before 4.8 allows remote attackers to execute arbitrary code via a crafted MPEG4 file.

7.5
2005-05-16 CVE-2005-1193 Phpbb Group Unspecified vulnerability in PHPbb Group PHPbb

The bbencode_second_pass and make_clickable functions in bbcode.php for phpBB before 2.0.15, as used in viewtopic.php, privmsg.php, and other scripts, allow remote attackers to execute arbitrary script via a BBcode tag with a (1) javascript:, (2) applet:, (3) about:, (4) activex:, (5) chrome:, or (6) script: URI scheme, as demonstrated using the URL tag.

7.5
2005-05-19 CVE-2005-0392 Debian Local Privilege Escalation vulnerability in PPXP

ppxp does not drop root privileges before opening log files, which allows local users to execute arbitrary commands.

7.2
2005-05-17 CVE-2005-1632 Tavis Rudd Unspecified vulnerability in Tavis Rudd Cheetah 0.9.15/0.9.16

Cheetah 0.9.15 and 0.9.16 searches the /tmp directory for modules before using the paths in the PYTHONPATH variable, which allows local users to execute arbitrary code via a malicious module in /tmp/.

7.2
2005-05-17 CVE-2005-1589 Linux Local Memory Corruption vulnerability in Multiple Linux Kernel IOCTL Handlers

The pkt_ioctl function in the pktcdvd block device ioctl handler (pktcdvd.c) in Linux kernel 2.6.12-rc4 and earlier calls the wrong function before passing an ioctl to the block device, which crosses security boundaries by making kernel address space accessible from user space and allows local users to cause a denial of service and possibly execute arbitrary code, a similar vulnerability to CVE-2005-1264.

7.2
2005-05-17 CVE-2005-1307 Adobe
Apple
Local Privilege Escalation vulnerability in Adobe Version Cue

The (1) stopserver.sh and (2) startserver.sh scripts in Adobe Version Cue on Mac OS X uses the current working directory to find and execute the productname.sh script, which allows local users to execute arbitrary code by copying and calling the scripts from a user-controlled directory.

7.2
2005-05-17 CVE-2005-1264 Linux Local Memory Corruption vulnerability in Multiple Linux Kernel IOCTL Handlers

Raw character devices (raw.c) in the Linux kernel 2.6.x call the wrong function before passing an ioctl to the block device, which crosses security boundaries by making kernel address space accessible from user space, a similar vulnerability to CVE-2005-1589.

7.2

52 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2005-05-20 CVE-2005-1676 Groove Unspecified vulnerability in Groove Workspace and Virtual Office

Multiple cross-site scripting (XSS) vulnerabilities in Groove Mobile Workspace in Groove Virtual Office before 3.1 build 2338, before 3.1a build 2364, and Groove Workspace before 2.5n build 1871 allow remote attackers to inject arbitrary web script or HTML via the (1) picture columns embedded within SharePoint lists or (2) drop-down menus in a SharePoint list.

6.8
2005-05-18 CVE-2005-1653 Woppoware Input Validation and Information Disclosure vulnerability in Woppoware Postmaster 4.2.2Build3.2.5

Cross-site scripting (XSS) vulnerability in message.htm for Woppoware PostMaster 4.2.2 (build 3.2.5) allows remote attackers to inject arbitrary web script or HTML via the email parameter.

6.8
2005-05-18 CVE-2005-1644 1Two HTML Injection vulnerability in 1Two Livre D OR 1.0

Cross-site scripting (XSS) vulnerability in guestbook.php for 1Two Livre d'Or 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) livreornom, (2) livreoremail, or (3) livreormessage parameters.

6.8
2005-05-16 CVE-2005-1614 Ultimate PHP Board Cross-Site Scripting vulnerability in Ultimate PHP Board

Cross-site scripting (XSS) vulnerability in viewforum.php in Ultimate PHP Board (UPB) 1.8 through 1.9.6 allows remote attackers to inject arbitrary web script or HTML via the postorder parameter.

6.8
2005-05-16 CVE-2005-1613 Openbb Cross-Site Scripting vulnerability in Openbb 1.0.8

Cross-site scripting (XSS) vulnerability in member.php in Open Bulletin Board (OpenBB) 1.0.8 allows remote attackers to inject arbitrary web script or HTML via the reverse parameter in a list action.

6.8
2005-05-16 CVE-2005-1611 WEB Crossing INC Cross-Site Scripting vulnerability in web Crossing INC web Crossing 5.X

Cross-site scripting (XSS) vulnerability in WebX in Web Crossing 5.x allows remote attackers to inject arbitrary web script or HTML via a URL with an "@" followed by the desired script.

6.8
2005-05-16 CVE-2005-1610 TRU Zone Cross-Site Scripting vulnerability in NukeET Base64 Codigo Variable

Cross-site scripting (XSS) vulnerability in security.php for Tru-Zone NukeET 3.0 and 3.1 allows remote attackers to inject arbitrary web script or HTML via a base64 encoded Codigo parameter.

6.8
2005-05-16 CVE-2005-1607 Remote Cart Unspecified vulnerability in Remote Cart Remote Cart

Cross-site scripting (XSS) vulnerability in shop.cgi in Remote Cart allows remote attackers to inject arbitrary web script or HTML via the (1) merchant or (2) demo parameters.

6.8
2005-05-16 CVE-2005-1605 Positive Software HTML Injection vulnerability in Positive Software Corporation SiteStudio

Cross-site scripting (XSS) vulnerability in the guestbook for SiteStudio 1.6 allows remote attackers to inject arbitrary web script or HTML via the name field to (1) psoft.guestbook.GuestBookServ in Standalone Site Studio or (2) E-Guest_sign.pl in Integrated Site Studio with H-Sphere.

6.8
2005-05-16 CVE-2005-1593 Codethat Input Validation vulnerability in Codethat Shoppingcart 1.3.1

Cross-site scripting (XSS) vulnerability in catalog.php for CodeThat ShoppingCart 1.3.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter.

6.8
2005-05-19 CVE-2005-1674 Helpcenterlive Cross-Site Request Forgery (CSRF) vulnerability in Helpcenterlive Help Center Live

Cross-Site Request Forgery (CSRF) vulnerability in Help Center Live allows remote attackers to perform actions as the administrator via a link or IMG tag to view.php.

6.5
2005-05-18 CVE-2005-1664 Microsoft Unspecified vulnerability in Microsoft Asp.Net 1.0/1.1

The __VIEWSTATE functionality in Microsoft ASP.NET 1.x allows remote attackers to conduct replay attacks to (1) apply a ViewState generated from one view to a different view, (2) reuse ViewState information after the application's state has changed, or (3) use the ViewState to conduct attacks or expose content to third parties.

6.4
2005-05-20 CVE-2005-1679 Timo Rossi Remote Buffer Overflow vulnerability in Picasm Error Generation

Stack-based buffer overflow in the error directive in picasm 1.12b and earlier allows attackers to execute arbitrary code via a long error message.

5.1
2005-05-19 CVE-2005-1934 ROB Flynn Denial of Service vulnerability in Gaim MSN Protocol Malformed Message

Gaim before 1.3.1 allows remote attackers to cause a denial of service (crash) via a malformed MSN message that leads to a memory allocation of a large size, possibly due to an integer signedness error.

5.0
2005-05-19 CVE-2005-1260 Bzip
Canonical
Debian
Apple
Resource Exhaustion vulnerability in multiple products

bzip2 allows remote attackers to cause a denial of service (hard drive consumption) via a crafted bzip2 file that causes an infinite loop (a.k.a "decompression bomb").

5.0
2005-05-18 CVE-2005-1667 Datatrac Remote Denial of Service vulnerability in Datatrac Activity Console 1.1

DataTrac Activity Console 1.1 allows remote attackers to cause a denial of service via a long HTTP GET request.

5.0
2005-05-18 CVE-2005-1665 Microsoft Denial-Of-Service vulnerability in ASP.Net 1.0/1.1

The __VIEWSTATE functionality in Microsoft ASP.NET 1.x, when not cryptographically signed, allows remote attackers to cause a denial of service (CPU consumption) via deeply nested markup.

5.0
2005-05-18 CVE-2005-1663 Jeuce Directory Traversal And Denial Of Service vulnerability in Jeuce Personal web Server 2.13

Jeuce Personal Web Server 2.13 allows remote attackers to cause a denial of service (server crash) via a GET request beginning with "://".

5.0
2005-05-18 CVE-2005-1662 Jeuce Directory Traversal And Denial Of Service vulnerability in Jeuce Personal Web Server

Directory traversal vulnerability in Jeuce Personal Web Server 2.13 allows remote attackers to read arbitrary files via a ..

5.0
2005-05-18 CVE-2005-1661 Jeuce Denial-Of-Service vulnerability in Jeuce Personal web Server 2.13

Jeuce Personal Webserver 2.13 allows remote attackers to cause a denial of service (server crash) via a long GET request, possibly triggering a buffer overflow.

5.0
2005-05-18 CVE-2005-1658 Myserver Directory Traversal vulnerability in Myserver 0.8

Directory traversal vulnerability in filemanager.cpp in MyServer 0.8 allows remote attackers to list the parent directory of the web root via a URL with a "..." (triple dot).

5.0
2005-05-18 CVE-2005-1656 Mercur Remote Security vulnerability in Mercur Messaging 2005Sp2

Mercur Messaging 2005 SP2 allows remote attackers to read the source code of .ctml files via a URL with a trailing hex-encoded space ("%20").

5.0
2005-05-18 CVE-2005-1655 AOL Remote Denial Of Service vulnerability in AOL Instant Messenger Smiley Icon Location

AOL Instant Messenger 5.5.x and earlier allows remote attackers to cause a denial of service (client crash) via an invalid smiley icon location in the sml parameter of a font tag.

5.0
2005-05-18 CVE-2005-1649 Microsoft Denial of Service vulnerability in Microsoft Windows 2003 Server and Windows XP

The IPv6 support in Windows XP SP2, 2003 Server SP1, and Longhorn, with Windows Firewall turned off, allows remote attackers to cause a denial of service (CPU consumption) via a TCP packet with the SYN flag set and the same destination and source address and port, a variant of CVE-2005-0688 and a reoccurrence of the "Land" vulnerability (CVE-1999-0016).

5.0
2005-05-18 CVE-2005-1645 Keyvan1 Unspecified vulnerability in Keyvan1 Imagegallery

Keyvan1 ImageGallery stores the image.mdb database under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information.

5.0
2005-05-17 CVE-2005-1643 Jorg Ruppel Denial-Of-Service vulnerability in Zoidcom

The ZCom_BitStream::Deserialize function in Zoidcom 1.0 beta 4 and earlier allows remote attackers to cause a denial of service via a crafted UDP packet with a large size value, which causes a memory allocation error or an out-of-bounds read.

5.0
2005-05-17 CVE-2005-1635 JGS XA Remote Security vulnerability in Jgs-Portal

JGS-XA JGS-Portal 3.0.2 and earlier allows remote attackers to obtain the full server path via direct requests to (1) jgs_portal_ref.php, (2) jgs_portal_land.php, (3) jgs_portal_log.php, (4) jgs_portal_global_sponsor.php, (5) jgs_portal_global.php, (6) jgs_portal_system.php, (7) jgs_portal_views.php; or multiple files in the jgs_portal_include directory, including (8) jgs_portal_boardmenue.php, (9) jgs_portal_forenliste.php, (10) jgs_portal_geburtstag.php, (11) jgs_portal_guckloch.php, (12) jgs_portal_kalender.php, (13) jgs_portal_letztethemen.php, (14) jgs_portal_links.php, (15) jgs_portal_neustemember.php, (16) jgs_portal_newsboard.php, (17) jgs_portal_online.php, (18) jgs_portal_pn.php, (19) jgs_portal_portalmenue.php, (20) jgs_portal_styles.php, (21) jgs_portal_suchen.php, (22) jgs_portal_team.php, (23) jgs_portal_topforen.php, (24) jgs_portal_topposter.php, (25) jgs_portal_umfrage.php, (26) jgs_portal_useravatar.php, (27) jgs_portal_waronline.php, (28) jgs_portal_woonline.php, or (29) jgs_portal_zufallsavatar.php.

5.0
2005-05-17 CVE-2005-1631 Booby Unspecified vulnerability in Booby

booby.php in Booby 1.0.0 and earlier allows remote attackers to view private bookmarks by guessing item IDs.

5.0
2005-05-16 CVE-2005-1621 Postnuke Software Foundation Directory Traversal vulnerability in Postnuke

Directory traversal vulnerability in the pnModFunc function in pnMod.php for PostNuke 0.750 through 0.760rc4 allows remote attackers to read arbitrary files via a ..

5.0
2005-05-16 CVE-2005-1618 Yahoo Remote Denial Of Service vulnerability in Yahoo Messenger 5.5/5.6/6.0

The YMSGR URL handler in Yahoo! Messenger 5.x through 6.0 allows remote attackers to cause a denial of service (disconnect) via a room login or a room join request packet with a third : (colon) and an & (ampersand), which causes Messenger to send a corrupted packet to the server, which triggers a disconnect from the server.

5.0
2005-05-16 CVE-2005-1608 Spidean Multiple Unspecified vulnerability in AutoTheme PostNuke Module

Multiple unknown vulnerabilities in the Blocks module in Spidean AutoTheme 1.7 and AT-Lite for PostNuke have unknown impact.

5.0
2005-05-16 CVE-2005-1603 Niteenterprises Remote File Manager Denial of Service vulnerability in Niteenterprises Remote File Manager 1.0

NiteEnterprises Remote File Manager 1.0 allows remote attackers to cause a denial of service (crash) via a crafted string to TCP port 7080.

5.0
2005-05-16 CVE-2005-1601 MRO Software Unspecified vulnerability in MRO Software Maximo Self Service 4.0/5.0

MRO Maximo Self Service 4 and 5 stores certain information under the web document root using file extensions that are not processed by Tomcat, which allows remote attackers to obtain sensitive information via a direct request for the file, such as MXServer.properties.

5.0
2005-05-16 CVE-2005-1595 Codethat Input Validation vulnerability in Codethat Shoppingcart 1.3.1

CodeThat ShoppingCart 1.3.1 stores config.ini under the web root, which allows remote attackers to obtain sensitive information via a direct request.

5.0
2005-05-16 CVE-2005-1591 SUN Denial-Of-Service vulnerability in Solaris

Unknown vulnerability in NIS+ on Solaris 7, 8, and 9 allows remote attackers to cause a denial of service (rpc.nisd disabled and NIS+ unavailable) via unknown vectors.

5.0
2005-05-20 CVE-2005-1675 Groove Information Disclosure vulnerability in Groove Workspace and Virtual Office

Groove Virtual Office before 3.1 build 2338, before 3.1a build 2364, and Groove Workspace before 2.5n build 1871 installs the client installation directories with insecure EVERYBODY permissions, which allows local users to gain sensitive information.

4.6
2005-05-19 CVE-2005-1670 Extremenetworks Local Security vulnerability in ExtremeWare XOS

Unknown vulnerability in Extreme BlackDiamond 10808 and 8800 switches running ExtremeWare XOS 11.1 before 11.1.3.3, 11.0 before 11.0.2.4, and 10.x allows remote authenticated users to execute arbitrary commands.

4.6
2005-05-18 CVE-2005-0134 SCO Unspecified vulnerability in SCO Unixware 7.1.1/7.1.3/7.1.4

The X server in SCO UnixWare 7.1.1, 7.1.3, and 7.1.4 does not properly create socket directories in /tmp, which could allow attackers to hijack local sockets.

4.6
2005-05-17 CVE-2005-1636 Mysql
Oracle
mysql_install_db in MySQL 4.1.x before 4.1.12 and 5.x up to 5.0.4 creates the mysql_install_db.X file with a predictable filename and insecure permissions, which allows local users to execute arbitrary SQL commands by modifying the file's contents.
4.6
2005-05-16 CVE-2005-1606 Positive Software Unspecified vulnerability in Positive Software H-Sphere Winbox 2.4.2Patch4/2.4.3Rc1

H-Sphere Winbox 2.4.2 and 2.4.3 RC1 stores sensitive information such as username and password in plaintext in world-readable log files, which allows local users to gain privileges.

4.6
2005-05-16 CVE-2005-1590 Altiris Local Security vulnerability in Deployment Solution

The Altiris Client Service for Windows (ACLIENT.EXE) 6.0.88 allows local users to disable password protection and access the administrative interface by finding and showing the "Altiris Client Service" hidden window, disabling the password protection, disabling the "Hide client tray icon box" option, then opening the AClient tray icon and using the View Log File option, a different vulnerability than CVE-2004-2070.

4.6
2005-05-20 CVE-2005-1684 Episodex Unspecified vulnerability in Episodex Guestbook

Cross-site scripting (XSS) vulnerability in default.asp for episodex guestbook allows remote attackers to inject arbitrary web script or HTML via the Name field and other fields.

4.3
2005-05-19 CVE-2005-1672 Ubertec Unspecified vulnerability in Ubertec Help Center Live

Multiple cross-site scripting (XSS) vulnerabilities in Help Center Live allow remote attackers to inject arbitrary web script or HTML via the (1) find parameter to index.php, (2) name or (3) message field of a chat request, or (4) the message body when opening a trouble ticket.

4.3
2005-05-19 CVE-2005-0040 Dotnetnuke HTML Injection vulnerability in DotNetNuke User Registration Information

Multiple cross-site scripting (XSS) vulnerabilities in DotNetNuke before 3.0.12 allow remote attackers to inject arbitrary web script or HTML via the (1) register a new user page, (2) User-Agent, or (3) Username, which is not properly quoted before sending to the error log.

4.3
2005-05-18 CVE-2005-1659 Myserver Cross-site scripting (XSS) vulnerability in filemanager.cpp in MyServer 0.8 allows remote attackers to inject arbitrary Javascript via a URL with a "..." (triple dot) followed by an onmouseover event.
4.3
2005-05-17 CVE-2005-1638 Pixel Apes Group Unspecified vulnerability in Pixel-Apes Group Safehtml

The _writeAttrs function in SafeHTML before 1.3.2 does not properly handle quotes in attribute values, which could allow remote attackers to exploit cross-site scripting (XSS) vulnerabilities in applications that rely on SafeHTML for protection.

4.3
2005-05-17 CVE-2005-1634 JGS XA Unspecified vulnerability in Jgs-Xa Jgs-Portal

Multiple cross-site scripting (XSS) vulnerabilities in JGS-XA JGS-Portal 3.0.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) anzahl_beitraege parameter to jgs_portal.php, (2) year parameter to jgs_portal_statistik.php, (3) year parameter to jgs_portal_beitraggraf.php, (4) tag parameter to jgs_portal_viewsgraf.php, (5) year parameter to jgs_portal_themengraf.php, (6) year parameter to jgs_portal_mitgraf.php, (7) id parameter to jgs_portal_sponsor.php, or (8) the Accept-Language header to jgs_portal_log.php.

4.3
2005-05-16 CVE-2005-1622 Metalinks Unspecified vulnerability in Metalinks Metacart E-Shop

Cross-site scripting (XSS) vulnerability in productsByCategory.asp in MetaCart e-Shop allows remote attackers to inject arbitrary web script or HTML via the strCatalog_NAME parameter.

4.3
2005-05-16 CVE-2005-1620 Soren Boysen Unspecified vulnerability in Soren Boysen Skull-Splitter Guestbook 1.0/2.0/2.2

Cross-site scripting (XSS) vulnerability in Skull-Splitter Guestbook 1.0, 2.0 and 2.2 allows remote attackers to inject arbitrary web script or HTML via the (1) title or (2) content of a message.

4.3
2005-05-16 CVE-2005-1619 Phpheaven Cross-Site Scripting vulnerability in PHPheaven PHPmychat 0.14.5

Multiple cross-site scripting (XSS) vulnerabilities in (1) start_page.css.php3 (aka start-page.css.php3) or (2) style.css.php3 in PHPMyChat 0.14.5 allow remote attackers to inject arbitrary web script or HTML commands via the FontName parameter.

4.3
2005-05-16 CVE-2005-1599 Kryloff Technologies HTML Injection vulnerability in Kryloff Technologies Subject Search Server 1.1

Cross-site scripting (XSS) vulnerability in Kryloff Technologies Subject Search Server (SSServer) 1.1 allows remote attackers to inject arbitrary web script or HTML via the "Search For" field.

4.3
2005-05-16 CVE-2005-1597 Invision Power Services Cross-Site Scripting vulnerability in Invision Power Board Topics.PHP Highlite Parameter

Cross-site scripting (XSS) vulnerability in (1) search.php and (2) topics.php for Invision Power Board (IPB) 2.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the highlite parameter.

4.3

10 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2005-05-20 CVE-2005-1686 Gnome Unspecified vulnerability in Gnome Gedit 2.10.2

Format string vulnerability in gedit 2.10.2 may allow attackers to cause a denial of service (application crash) via a bin file with format string specifiers in the filename.

2.6
2005-05-20 CVE-2005-1683 Microsoft Buffer Overflow vulnerability in Microsoft Word MCW File Handler

Buffer overflow in winword.exe 10.2627.6714 and earlier in Microsoft Word for the Macintosh, before SP3 for Word 2002, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted mcw file.

2.6
2005-05-20 CVE-2005-1678 Groove Remote Security vulnerability in Groove Workspace and Virtual Office

Groove Virtual Office before 3.1 build 2338, before 3.1a build 2364, and Groove Workspace before 2.5n build 1871 does not properly display file extensions on attached or embedded files in a compound document, which may allow remote attackers to trick users into executing malicious code.

2.6
2005-05-19 CVE-2005-1671 Yahoo Information Disclosure vulnerability in Messenger

The Logfile feature in Yahoo! Messenger 5.x through 6.0 can be activated by a YMSGR: URL and writes all output to a single ypager.log file, even when there are multiple users, and does not properly warn later users that the feature has been enabled, which allows local users to obtain sensitive information from other users.

2.1
2005-05-19 CVE-2005-1472 Apple Unspecified vulnerability in Apple mac OS X 10.4.1

Certain system calls in Apple Mac OS X 10.4.1 do not properly enforce the permissions of certain directories without the POSIX read bit set, but with the execute bits set for group or other, which allows local users to list files in otherwise restricted directories.

2.1
2005-05-18 CVE-2005-0757 Redhat Denial Of Service vulnerability in Linux Kernel 64 Bit EXT3 Filesystem Extended Attribute

The xattr file system code, as backported in Red Hat Enterprise Linux 3 on 64-bit systems, does not properly handle certain offsets, which allows local users to cause a denial of service (system crash) via certain actions on an ext3 file system with extended attributes enabled.

2.1
2005-05-18 CVE-2005-0515 Webroot Software Local Insecure File Creation vulnerability in Webroot Software MY Firewall Plus 5.0

Smc.exe in My Firewall Plus 5.0 build 1117, and possibly other versions, does not drop privileges before launching the Log Viewer export functionality, which allows local users to corrupt arbitrary files by saving log files.

2.1
2005-05-17 CVE-2005-1641 THE Ignition Project Unspecified vulnerability in the Ignition Project Ignitionserver

mod_channel in The Ignition Project ignitionServer 0.3.0 to 0.3.6, and possibly earlier versions, does not allow protected operators to access channels that have been locked out by a key, which allows IRC users to cause a denial of service.

2.1
2005-05-17 CVE-2005-1627 Viewglob Local Security vulnerability in Viewglob

Unknown vulnerability in Viewglob before 2.0.1, related to "a potential security issue with the Viewglob display and ssh X forwarding," has unknown impact.

2.1
2005-05-16 CVE-2005-1617 Willings Information Disclosure vulnerability in Webcam Lite

Willings WebCam and WebCam Lite 2.8 and earlier stores the password in memory in plaintext, which allows local users to gain sensitive information.

2.1