Weekly Vulnerabilities Reports > May 23 to 29, 2005

Overview

83 new vulnerabilities reported during this period, including 5 critical vulnerabilities and 32 high severity vulnerabilities. This weekly summary report vulnerabilities in 77 products from 52 vendors including Oracle, BEA, Postnuke Software Foundation, GNU, and Ipswitch. Vulnerabilities are notably categorized as "Improper Input Validation", and "Numeric Errors".

  • 75 reported vulnerabilities are remotely exploitables.
  • 82 reported vulnerabilities are exploitable by an anonymous user.
  • Oracle has the most reported vulnerabilities, with 8 reported vulnerabilities.
  • Ipswitch has the most reported critical vulnerabilities, with 2 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

5 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2005-05-25 CVE-2005-1256 Ipswitch Multiple vulnerability in Ipswitch Imail, Imail Server and Ipswitch Collaboration Suite

Stack-based buffer overflow in the IMAP daemon (IMAPD32.EXE) in IMail 8.13 in Ipswitch Collaboration Suite (ICS), and other versions before IMail Server 8.2 Hotfix 2, allows remote authenticated users to execute arbitrary code via a STATUS command with a long mailbox name.

10.0
2005-05-25 CVE-2005-1255 Ipswitch Multiple vulnerability in Ipswitch Imail, Imail Server and Ipswitch Collaboration Suite

Multiple stack-based buffer overflows in the IMAP server in IMail 8.12 and 8.13 in Ipswitch Collaboration Suite (ICS), and other versions before IMail Server 8.2 Hotfix 2, allow remote attackers to execute arbitrary code via a LOGIN command with (1) a long username argument or (2) a long username argument that begins with a special character.

10.0
2005-05-24 CVE-2005-1740 NET Snmp Unspecified vulnerability in Net-Snmp

fixproc in Net-snmp 5.x before 5.2.1-r1 creates temporary files insecurely, which allows local users to modify the contents of those files to execute arbitrary commands, or overwrite arbitrary files via a symlink attack.

10.0
2005-05-24 CVE-2005-1738 Iron Bars Shell Local Format String vulnerability in Iron Bars Shell Iron Bars Shell 0.3A/0.3B/0.3C

Format string vulnerability in the logPrintBadfile function in delbadfiles.c Iron Bars SHell (ibsh) before 0.3d allows users to "access files outside the home directory" and possibly execute arbitrary code via certain inputs that are not properly handled in a syslog call.

10.0
2005-05-24 CVE-2005-1693 CA
Zonelabs
Remote Heap Overflow vulnerability in Computer Associates Vet Library

Integer overflow in Computer Associates Vet Antivirus library, as used by CA InoculateIT 6.0, eTrust Antivirus r6.0 through 7.1, eTrust Antivirus for the Gateway r7.0 and r7.1, eTrust Secure Content Manager, eTrust Intrusion Detection, BrightStor ARCserve Backup (BAB) r11.1, Vet Antivirus, Zonelabs ZoneAlarm Security Suite, and ZoneAlarm Antivirus, allows remote attackers to gain privileges via a compressed VBA directory with a project name length of -1, which leads to a heap-based buffer overflow.

10.0

32 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2005-05-29 CVE-2005-1804 NET Portal Dynamic System Unspecified vulnerability in NET Portal Dynamic System NET Portal Dynamic System 5.0

Multiple SQL injection vulnerabilities in Net Portal Dynamic System (NPDS) 5.0 allow remote attackers to execute arbitrary SQL commands via the (1) terme parameter in the glossaire module (glossaire.php) or (2) query parameter to links.php.

7.5
2005-05-29 CVE-2005-1789 India Software Solution Unspecified vulnerability in India Software Solution Shopping Cart

SQL injection vulnerability in SignIn.asp in India Software Solution shopping cart allows remote attackers to execute arbitrary SQL commands via the password.

7.5
2005-05-28 CVE-2005-1806 Peercast Unspecified vulnerability in Peercast

Format string vulnerability in PeerCast 0.1211 and earlier allows remote attackers to execute arbitrary code via format strings in the URL.

7.5
2005-05-28 CVE-2005-1805 Online Solutions FOR Educators SQL Injection vulnerability in OS4E LOGIN.ASP

SQL injection vulnerability in login.asp in an unknown product by Online Solutions for Educators (OS4E) allows remote attackers to execute arbitrary SQL commands via the password.

7.5
2005-05-27 CVE-2005-1795 Clam Anti Virus Improper Input Validation vulnerability in Clam Anti-Virus Clamav

The filecopy function in misc.c in Clam AntiVirus (ClamAV) before 0.85, on Mac OS, allows remote attackers to execute arbitrary code via a virus in a filename that contains shell metacharacters, which are not properly handled when HFS permissions prevent the file from being deleted and ditto is invoked.

7.5
2005-05-27 CVE-2005-1787 Phpstat Improper Input Validation vulnerability in PHPstat

setup.php in phpStat 1.5 allows remote attackers to bypass authentication and gain administrator privileges by setting the $check variable.

7.5
2005-05-27 CVE-2005-1784 Hosting Controller Remote Security vulnerability in Hosting Controller 6.1.0 Hotfix 3.2

Hosting Controller 6.1 HotFix 2.0 and earlier allows remote attackers to steal passwords and gain privileges via a modified emailaddress parameter in an updateprofile action for UserProfile.asp.

7.5
2005-05-26 CVE-2005-1828 D Link Information Disclosure vulnerability in D-Link Dsl-504T V1.00B01T16.Eu.20040217

D-Link DSL-504T stores usernames and passwords in cleartext in the router configuration file, which allows remote attackers to obtain sensitive information.

7.5
2005-05-26 CVE-2005-1827 D Link Remote Authentication Bypass vulnerability in D-Link Dsl-504T V1.00B01T16.Eu.20040217

D-Link DSL-504T allows remote attackers to bypass authentication and gain privileges, such as upgrade firmware, restart the router or restore a saved configuration, via a direct request to firmwarecfg.

7.5
2005-05-26 CVE-2005-1523 GNU Remote Format String vulnerability in GNU Mailutils 0.5/0.6

Format string vulnerability in imap4d server in GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows remote attackers to execute arbitrary code via format string specifiers in the command tag for IMAP commands.

7.5
2005-05-26 CVE-2005-1521 GNU Remote Integer Overflow vulnerability in GNU Mailutils 0.5/0.6

Integer overflow in the fetch_io function of the imap4d server in GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows remote attackers to execute arbitrary code via a partial message request with a large value in the END parameter, which leads to a heap-based buffer overflow.

7.5
2005-05-26 CVE-2005-1520 GNU Buffer Overflow vulnerability in GNU Mailutils 0.5/0.6

Buffer overflow in the header_get_field_name function in header.c for GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows remote attackers to execute arbitrary code via a crafted e-mail.

7.5
2005-05-25 CVE-2005-1786 Funkyasp Unspecified vulnerability in Funkyasp AD System 1.1

SQL injection vulnerability in admin.asp in FunkyASP AD System 1.1 allows remote attackers to execute arbitrary SQL commands and gain privileges via the password parameter.

7.5
2005-05-25 CVE-2005-1750 Distinct WEB Creations SQL Injection vulnerability in Distinct web Creations Newsletterez 3.0

SQL injection vulnerability in login.asp in ezdwc NewsletterEz 3.0 allows remote attackers to execute arbitrary SQL commands via the password parameter.

7.5
2005-05-25 CVE-2005-1543 Novell Remote Pre-Authentication Buffer Overflow vulnerability in Novell ZENworks

Multiple stack-based and heap-based buffer overflows in Remote Management authentication (zenrem32.exe) on Novell ZENworks 6.5 Desktop and Server Management, ZENworks for Desktops 4.x, ZENworks for Servers 3.x, and Remote Management allows remote attackers to execute arbitrary code via (1) unspecified vectors, (2) type 1 authentication requests, and (3) type 2 authentication requests.

7.5
2005-05-24 CVE-2005-1744 BEA
Oracle
Remote vulnerability in BEA WebLogic Server and WebLogic Express

BEA WebLogic Server and WebLogic Express 7.0 through Service Pack 5 does not log out users when an application is redeployed, which allows those users to continue to access the application without having to log in again, which may be in violation of newly changed security constraints or role mappings.

7.5
2005-05-24 CVE-2005-1743 BEA
Oracle
Remote vulnerability in BEA WebLogic Server and WebLogic Express

BEA WebLogic Server and WebLogic Express 8.1 through Service Pack 3 and 7.0 through Service Pack 5 does not properly handle when a security provider throws an exception, which may cause WebLogic to use incorrect identity for the thread, or to fail to audit security exceptions.

7.5
2005-05-24 CVE-2005-1737 Electricmonk Denial-Of-Service vulnerability in Electricmonk Proms 0.11

Multiple unknown vulnerabilities in PROMS 0.11 allow "non-authorized users" to (1) view or modify the project member list or (2) modify the todos list.

7.5
2005-05-24 CVE-2005-1736 Electricmonk Remote Security vulnerability in Proms

PROMS 0.11 does not properly handle "certain combinations of rights," which gives more rights to users than intended.

7.5
2005-05-24 CVE-2005-1734 Electricmonk Unspecified vulnerability in Electricmonk Proms

Multiple SQL injection vulnerabilities in PROMS before 0.11 allow remote attackers to execute arbitrary SQL commands via unknown vectors.

7.5
2005-05-24 CVE-2005-1719 Alwil Unspecified vulnerability in Alwil Avast Antivirus

Unknown vulnerability in ALWIL avast! antivirus 4 (4.6.6230) and earlier, when running on Windows NT 4.0, does not properly detect certain viruses.

7.5
2005-05-24 CVE-2005-1712 SY9 Remote Security vulnerability in SY9 Serendipity 0.8

Unknown vulnerability in Serendipity 0.8, when used with multiple authors, allows unprivileged authors to upload arbitrary media files.

7.5
2005-05-24 CVE-2005-1711 Clam Anti Virus
Gibraltar
Squid
Gibraltar Firewall 2.2 and earlier, when using the ClamAV update to 0.81 for Squid, uses a defunct ClamAV method to scan memory for viruses, which does not return an error code and prevents viruses from being detected.
7.5
2005-05-24 CVE-2005-1709 Bluecoat HTML Injection vulnerability in Bluecoat Reporter 7.1.1

Unknown vulnerability in Blue Coat Reporter before 7.1.2 allows remote unauthenticated attackers to add a license.

7.5
2005-05-24 CVE-2005-1706 Mailscanner Security Bypass vulnerability in MailScanner

Unknown vulnerability in MailScanner 4.41.3 and earlier, related to "incomplete reporting of viruses in zip files," allows remote attackers to bypass virus detection.

7.5
2005-05-24 CVE-2005-1702 Black Cactus Remote Format String vulnerability in Black Cactus Warrior Kings and Warrior Kings Battles

Format string vulnerability in Warrior Kings: Battles 1.23 and earlier and Warrior Kings 1.3 and earlier allows remote attackers to execute arbitrary code via format string specifiers in a nickname.

7.5
2005-05-24 CVE-2005-1701 Portailphp SQL Injection vulnerability in Portailphp 1.3

SQL injection vulnerability in PortailPHP 1.3 allows remote attackers to execute arbitrary SQL commands via the id parameter to the (1) News, (2) File, (3) Liens, or (4) Faq modules.

7.5
2005-05-24 CVE-2005-1700 Postnuke Software Foundation Unspecified vulnerability in Postnuke Software Foundation Postnuke 0.760Rc3

SQL injection vulnerability in pnadmin.php in the Xanthia module in PostNuke 0.760-RC3 allows remote administrators to execute arbitrary SQL commands via the riga[0] parameter.

7.5
2005-05-24 CVE-2005-1694 Postnuke Software Foundation Unspecified vulnerability in Postnuke Software Foundation Postnuke 0.750

Multiple SQL injection vulnerabilities in Xanthia.php in the Xanthia module in PostNuke 0.750 allow remote attackers to execute arbitrary SQL commands via the (1) name or (2) module parameter.

7.5
2005-05-24 CVE-2005-1692 Xine Remote Hostname Format String vulnerability in GXINE

Format string vulnerability in gxine 0.4.1 through 0.4.4, and other versions down to 0.3, allows remote attackers to execute arbitrary code via a ram file with a URL whose hostname contains format string specifiers.

7.5
2005-05-25 CVE-2005-1151 Debian Unspecified vulnerability in Debian Qpopper 4.0.4/4.0.5

qpopper 4.0.5 and earlier does not properly drop privileges before processing certain user-supplied files, which allows local users to overwrite or create arbitrary files as root.

7.2
2005-05-24 CVE-2005-1705 GNU Unspecified vulnerability in GNU GDB

gdb before 6.3 searches the current working directory to load the .gdbinit configuration file, which allows local users to execute arbitrary commands as the user running gdb.

7.2

40 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2005-05-24 CVE-2005-1747 BEA
Oracle
Remote vulnerability in BEA WebLogic Server and WebLogic Express

Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Server and Express 8.1 through Service Pack 4, and 7.0 through Service Pack 6, allow remote attackers to inject arbitrary web script or HTML, and possibly gain administrative privileges, via the (1) j_username or (2) j_password parameters in the login page (LoginForm.jsp), (3) parameters to the error page in the Administration Console, (4) unknown vectors in the Server Console while the administrator has an active session to obtain the ADMINCONSOLESESSION cookie, or (5) an alternate vector in the Server Console that does not require an active session but also leaks the username and password.

6.8
2005-05-26 CVE-2005-1797 Openssl Unspecified vulnerability in Openssl

The design of Advanced Encryption Standard (AES), aka Rijndael, allows remote attackers to recover AES keys via timing attacks on S-box lookups, which are difficult to perform in constant time in AES implementations.

5.1
2005-05-29 CVE-2005-1830 Compuware Denial-Of-Service vulnerability in Compuware Softice Driverstudio 3.1/3.2

The DbgMsg.sys driver in Compuware SoftICE DriverStudio 3.1 and 3.2 allows remote attackers to cause a denial of service (application crash) via an invalid Debug Message pointer.

5.0
2005-05-29 CVE-2005-1798 Serverscheck Directory Traversal vulnerability in Monitoring Software 5.10.0/5.9.0

Directory traversal vulnerability in ServersCheck Monitoring Software 5.9.0 to 5.10.0 allows remote attackers to read arbitrary files via ..

5.0
2005-05-28 CVE-2005-1829 Microsoft Unspecified vulnerability in Microsoft IE

Microsoft Internet Explorer 6 SP2 allows remote attackers to cause a denial of service (infinite loop and application crash) via two embedded files that call each other.

5.0
2005-05-28 CVE-2005-1807 Phpmailer Remote Denial of Service vulnerability in PHPMailer Data() Function

The Data function in class.smtp.php in PHPMailer 1.7.2 and earlier allows remote attackers to cause a denial of service (infinite loop leading to memory and CPU consumption) via a long header field.

5.0
2005-05-27 CVE-2005-1802 Nortel Products Remote Denial of Service vulnerability in Nortel Networks

Nortel VPN Router (aka Contivity) allows remote attackers to cause a denial of service (crash) via an IPsec IKE packet with a malformed ISAKMP header.

5.0
2005-05-26 CVE-2005-1522 GNU Remote Denial of Service vulnerability in GNU Mailutils 0.5/0.6

The imap4d server for GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows authenticated remote users to cause a denial of service (CPU consumption) via a large range value in the FETCH command.

5.0
2005-05-26 CVE-2005-1408 Apple Unspecified vulnerability in Apple Keynote 2.0.0/2.0.1

Apple Keynote 2.0 and 2.0.1 allows remote attackers to read arbitrary files via the keynote: URI handler in a crafted Keynote presentation.

5.0
2005-05-26 CVE-2005-0150 Mozilla Unspecified vulnerability in Mozilla Firefox

Firefox before 1.0 allows the user to store a (1) javascript: or (2) data: URLs as a Livefeed bookmark, then executes it in the security context of the currently loaded page when the user later accesses the bookmark, which could allow remote attackers to execute arbitrary code.

5.0
2005-05-25 CVE-2005-1254 Ipswitch Multiple vulnerability in Ipswitch IMail Server

Stack-based buffer overflow in the IMAP server for Ipswitch IMail 8.12 and 8.13, and other versions before IMail Server 8.2 Hotfix 2, allows remote authenticated users to cause a denial of service (crash) via a SELECT command with a large argument.

5.0
2005-05-25 CVE-2005-1252 Ipswitch Multiple vulnerability in Ipswitch IMail Server

Directory traversal vulnerability in the Web Calendaring server in Ipswitch Imail 8.13, and other versions before IMail Server 8.2 Hotfix 2, allows remote attackers to read arbitrary files via "..\" (dot dot backslash) sequences in the query string argument in a GET request to a non-existent .jsp file.

5.0
2005-05-25 CVE-2005-1249 Ipswitch Multiple vulnerability in Ipswitch IMail Server

The IMAP daemon (IMAPD32.EXE) in Ipswitch Collaboration Suite (ICS) allows remote attackers to cause a denial of service (CPU consumption) via an LSUB command with a large number of null characters, which causes an infinite loop.

5.0
2005-05-24 CVE-2005-1749 BEA
Oracle
Remote vulnerability in BEA WebLogic Server and WebLogic Express

Buffer overflow in BEA WebLogic Server and WebLogic Express 6.1 Service Pack 4 allows remote attackers to cause a denial of service (CPU consumption from thread looping).

5.0
2005-05-24 CVE-2005-1748 BEA
Oracle
Remote vulnerability in BEA WebLogic Server and WebLogic Express

The embedded LDAP server in BEA WebLogic Server and Express 8.1 through Service Pack 4, and 7.0 through Service Pack 5, allows remote anonymous binds, which may allow remote attackers to view user entries or cause a denial of service.

5.0
2005-05-24 CVE-2005-1746 BEA
Oracle
Remote vulnerability in BEA WebLogic Server and WebLogic Express

The cluster cookie parsing code in BEA WebLogic Server 7.0 through Service Pack 5 attempts to contact any host or port specified in a cookie, even when it is not in the cluster, which allows remote attackers to cause a denial of service (cluster slowdown) via modified cookies.

5.0
2005-05-24 CVE-2005-1742 BEA
Oracle
Remote vulnerability in BEA WebLogic Server and WebLogic Express

BEA WebLogic Server and WebLogic Express 8.1 SP2 and SP3 allows users with the Monitor security role to "shrink or reset JDBC connection pools."

5.0
2005-05-24 CVE-2005-1741 Gearbox Software Denial of Service vulnerability in Gearbox Software Halo Combat Evolved 1.6

Gearbox Software Halo: Combat Evolved 1.6 allows remote attackers to cause a denial of service (infinite loop) via malformed data.

5.0
2005-05-24 CVE-2005-1739 Graphicsmagick
Imagemagick
Denial Of Service vulnerability in ImageMagick And GraphicsMagick XWD Decoder

The XWD Decoder in ImageMagick before 6.2.2.3, and GraphicsMagick before 1.1.6-r1, allows remote attackers to cause a denial of service (infinite loop) via an image with a zero color mask.

5.0
2005-05-24 CVE-2005-1733 Metro Marketing Remote Security vulnerability in Cookie Cart

Cookie Cart stores the password file under the web document root with insufficient access control, which allows remote attackers to obtain usernames and encrypted passwords via a direct request to passwd.txt.

5.0
2005-05-24 CVE-2005-1732 Metro Marketing Remote Security vulnerability in Cookie Cart

Cookie Cart allows remote attackers to read the Order Notification list via the testmycgi and path parameters to testmy.cgi.

5.0
2005-05-24 CVE-2005-1718 LS Games Denial-Of-Service vulnerability in LS Games WAR Times 1.03

Buffer overflow in LS Games War Times 1.03 and earlier allows remote attackers to cause a denial of service (server crash) via a long nickname.

5.0
2005-05-24 CVE-2005-1717 Zyxel Remote Denial of Service vulnerability in Zyxel Prestige 650R-31 3.40Ko.1

ZyXEL Prestige 650R-31 router running ZyNOS FW v3.40(KO.1) allows remote attackers to cause a denial of service (CPU consumption and network loss) via crafted fragmented IP packets.

5.0
2005-05-24 CVE-2005-1716 EJ3 Information Disclosure vulnerability in Topo 2.2/2.2.178

TOPo 2.2 (2.2.178) stores data files in the data directory under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as client IP addresses.

5.0
2005-05-24 CVE-2005-1703 Black Cactus Remote Denial Of Service vulnerability in Black Cactus Warrior Kings Battles 1.23

Warrior Kings: Battles 1.23 and earlier allows remote attackers to cause a denial of service (server crash) via a partial join packet that triggers a NULL pointer dereference.

5.0
2005-05-24 CVE-2005-1698 Postnuke Software Foundation Information Disclosure vulnerability in Postnuke Software Foundation Postnuke 0.750/0.760Rc3

PostNuke 0.750 and 0.760RC3 allows remote attackers to obtain sensitive information via a direct request to (1) theme.php or (2) Xanthia.php in the Xanthia module, (3) user.php, (4) thelang.php, (5) text.php, (6) html.php, (7) menu.php, (8) finclude.php, or (9) button.php in the pnblocks directory in the Blocks module, (10) config.php in the NS-Multisites (aka Multisites) module, or (11) xmlrpc.php, which reveals the path in an error message.

5.0
2005-05-24 CVE-2005-1697 Postnuke Software Foundation Information Disclosure vulnerability in Postnuke Software Foundation Postnuke 0.750/0.760Rc2/0.760Rc3

The RSS module in PostNuke 0.750 and 0.760RC2 and RC3 allows remote attackers to obtain sensitive information via a direct request to simple_smarty.php, which reveals the path in an error message.

5.0
2005-05-24 CVE-2005-1745 BEA
Oracle
Remote vulnerability in BEA WebLogic Server and WebLogic Express

The UserLogin control in BEA WebLogic Portal 8.1 through Service Pack 3 prints the password to standard output when an incorrect login attempt is made, which could make it easier for attackers to guess the correct password.

4.6
2005-05-24 CVE-2005-1708 Bluecoat Remote Privilege Escalation vulnerability in Bluecoat Reporter 7.1.1

templates.admin.users.user_form_processing in Blue Coat Reporter before 7.1.2 allows authenticated users to gain administrator privileges via an HTTP POST that sets volatile.user.administrator to true.

4.6
2005-05-24 CVE-2005-1707 Gentoo Unspecified vulnerability in Gentoo Linux Webapp-Config 1.10

The fn_show_postinst function in Gentoo webapp-config before 1.10-r14 allows local users to overwrite arbitrary files via a symlink attack on the postinst.txt temporary file.

4.6
2005-05-24 CVE-2005-1704 GNU Numeric Errors vulnerability in GNU GDB

Integer overflow in the Binary File Descriptor (BFD) library for gdb before 6.3, binutils, elfutils, and possibly other packages, allows user-assisted attackers to execute arbitrary code via a crafted object file that specifies a large number of section headers, leading to a heap-based buffer overflow.

4.6
2005-05-29 CVE-2005-1803 NET Portal Dynamic System Unspecified vulnerability in NET Portal Dynamic System NET Portal Dynamic System 5.0

Multiple cross-site scripting (XSS) vulnerabilities in Net Portal Dynamic System (NPDS) 5.0 allow remote attackers to inject arbitrary web script or HTML via the language parameter to (1) admin.php, or (2) powerpack_f.php, (3) the sitename parameter to sdv_infos.php, (4) the categories parameter to faq.php, (5) the lettre parameter to the glossaire module, (6) the title parameter to reviews.php, or (7) the image_subject parameter to reply.php.

4.3
2005-05-28 CVE-2005-1800 Clam Anti Virus Cross-Site Scripting vulnerability in JAWS Glossary

Cross-site scripting (XSS) vulnerability in Jaws Glossary gadget 0.4 to 0.5.1 allows remote attackers to inject arbitrary web script or HTML via the term parameter in a view or ViewTerm action to index.php.

4.3
2005-05-26 CVE-2005-1782 W M R Simpson Cross-Site Scripting vulnerability in W.M.R. Simpson Bookreview 1.0

Multiple cross-site scripting (XSS) vulnerabilities in BookReview beta 1.0 allow remote attackers to inject arbitrary web script or HTML via the node parameter to (1) add_review.htm, (2) suggest_review.htm, (3) suggest_category.htm, (4) add_booklist.htm, or (5) add_url.htm, the isbn parameter to (6) add_review.htm, (7) add_contents.htm, (8) add_classification.htm, the (9) chapters parameter to the add_contents page in index.php (aka add_contents.htm), (10) the user parameter to contact.htm, or (11) the submit[string] parameter to search.htm.

4.3
2005-05-24 CVE-2005-1735 Electricmonk Unspecified vulnerability in Electricmonk Proms

Multiple cross-site scripting (XSS) vulnerabilities in PROMS before 0.11 allow remote attackers to inject arbitrary web script or HTML via unknown vectors.

4.3
2005-05-24 CVE-2005-1715 EJ3 Index.PHP Cross-Site Scripting vulnerability in EJ3 Topo 2.2/2.2.178

Cross-site scripting (XSS) vulnerability in index.php for TOPo 2.2 (2.2.178) allows remote attackers to inject arbitrary web script or HTML via the (1) m, (2) s, (3) ID, or (4) t parameters, or the (5) field name, (6) Your Web field, or (7) email field in the comments section.

4.3
2005-05-24 CVE-2005-1714 Netwin Unspecified vulnerability in Netwin Surgemail 3.0C2

Cross-site scripting (XSS) vulnerability in NetWin SurgeMail 3.0c2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

4.3
2005-05-24 CVE-2005-1713 S9Y Unspecified vulnerability in S9Y Serendipity 0.8

Multiple cross-site scripting (XSS) vulnerabilities in Serendipity 0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) templatedropdown and (2) shoutbox plugins.

4.3
2005-05-24 CVE-2005-1710 Bluecoat Unspecified vulnerability in Bluecoat Reporter 7.1.1

Multiple cross-site scripting (XSS) vulnerabilities in Blue Coat Reporter before 7.1.2 allow remote attackers to inject arbitrary web script or HTML via (1) the username in an Add User window or (2) the license key (volatile.license_to_add parameter) in the Licensing page.

4.3
2005-05-24 CVE-2005-1699 Postnuke Software Foundation Directory Traversal vulnerability in Postnuke Software Foundation Postnuke 0.760Rc3

Directory traversal vulnerability in pnadminapi.php in the Xanthia module in PostNuke 0.760-RC3 allows remote administrators to read arbitrary files via a ..

4.0

6 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2005-05-25 CVE-2005-1751 Shtool Unspecified vulnerability in Shtool

Race condition in shtool 2.0.1 and earlier allows local users to create or modify arbitrary files via a symlink attack on the .shtool.$$ temporary file, a different vulnerability than CVE-2005-1759.

3.7
2005-05-28 CVE-2005-1791 Microsoft Denial of Service vulnerability in Microsoft IE 6.0

Microsoft Internet Explorer 6 SP2 (6.0.2900.2180) crashes when the user attempts to add a URI to the restricted zone, in which the full domain name of the URI begins with numeric sequences similar to an IP address.

2.6
2005-05-26 CVE-2005-1801 Nokia Remote Denial of Service vulnerability in Nokia 9500 vCard Viewer

The vCard viewer in Nokia 9500 allows attackers to cause a denial of service (crash) via a vCard with a long Name field, which causes the crash when the user views it.

2.6
2005-05-24 CVE-2005-1696 Postnuke Software Foundation Unspecified vulnerability in Postnuke Software Foundation Postnuke 0.750/0.760Rc3

Multiple cross-site scripting (XSS) vulnerabilities in PostNuke 0.750 and 0.760RC3 allow remote attackers to inject arbitrary web script or HTML via the (1) skin or (2) paletteid parameter to demo.php in the Xanthia module, or (3) the serverName parameter to config.php in the Multisites (aka NS-Multisites) module.

2.6
2005-05-24 CVE-2005-1695 Postnuke Software Foundation Unspecified vulnerability in Postnuke Software Foundation Postnuke 0.750/0.760Rc2/0.760Rc3

Multiple cross-site scripting (XSS) vulnerabilities in the RSS module in PostNuke 0.750 and 0.760RC2 and RC3 allow remote attackers to inject arbitrary web script or HTML via the (1) rss_url parameter to magpie_slashbox.php, or the url parameter to (2) magpie_simple.php or (3) magpie_debug.php.

2.6
2005-05-25 CVE-2005-1152 Debian Unspecified vulnerability in Debian Qpopper 4.0.4/4.0.5

popauth.c in qpopper 4.0.5 and earlier does not properly set the umask, which may cause qpopper to create files with group or world-writable permissions.

2.1