Weekly Vulnerabilities Reports > May 23 to 29, 2005
Overview
76 new vulnerabilities reported during this period, including 6 critical vulnerabilities and 26 high severity vulnerabilities. This weekly summary report vulnerabilities in 77 products from 49 vendors including BEA, Oracle, GNU, Ipswitch, and Postnuke Software Foundation. Vulnerabilities are notably categorized as "Improper Input Validation", "Numeric Errors", "Incomplete Cleanup", and "Cleartext Storage of Sensitive Information".
- 68 reported vulnerabilities are remotely exploitables.
- 1 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 75 reported vulnerabilities are exploitable by an anonymous user.
- BEA has the most reported vulnerabilities, with 8 reported vulnerabilities.
- Ipswitch has the most reported critical vulnerabilities, with 2 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
6 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2005-05-25 | CVE-2005-1256 | Ipswitch | Multiple vulnerability in Ipswitch Imail, Imail Server and Ipswitch Collaboration Suite Stack-based buffer overflow in the IMAP daemon (IMAPD32.EXE) in IMail 8.13 in Ipswitch Collaboration Suite (ICS), and other versions before IMail Server 8.2 Hotfix 2, allows remote authenticated users to execute arbitrary code via a STATUS command with a long mailbox name. | 10.0 |
2005-05-25 | CVE-2005-1255 | Ipswitch | Multiple vulnerability in Ipswitch Imail, Imail Server and Ipswitch Collaboration Suite Multiple stack-based buffer overflows in the IMAP server in IMail 8.12 and 8.13 in Ipswitch Collaboration Suite (ICS), and other versions before IMail Server 8.2 Hotfix 2, allow remote attackers to execute arbitrary code via a LOGIN command with (1) a long username argument or (2) a long username argument that begins with a special character. | 10.0 |
2005-05-24 | CVE-2005-1740 | NET Snmp | Unspecified vulnerability in Net-Snmp fixproc in Net-snmp 5.x before 5.2.1-r1 creates temporary files insecurely, which allows local users to modify the contents of those files to execute arbitrary commands, or overwrite arbitrary files via a symlink attack. | 10.0 |
2005-05-24 | CVE-2005-1738 | Iron Bars Shell | Local Format String vulnerability in Iron Bars Shell Iron Bars Shell 0.3A/0.3B/0.3C Format string vulnerability in the logPrintBadfile function in delbadfiles.c Iron Bars SHell (ibsh) before 0.3d allows users to "access files outside the home directory" and possibly execute arbitrary code via certain inputs that are not properly handled in a syslog call. | 10.0 |
2005-05-24 | CVE-2005-1693 | Broadcom CA Zonelabs | Integer overflow in Computer Associates Vet Antivirus library, as used by CA InoculateIT 6.0, eTrust Antivirus r6.0 through 7.1, eTrust Antivirus for the Gateway r7.0 and r7.1, eTrust Secure Content Manager, eTrust Intrusion Detection, BrightStor ARCserve Backup (BAB) r11.1, Vet Antivirus, Zonelabs ZoneAlarm Security Suite, and ZoneAlarm Antivirus, allows remote attackers to gain privileges via a compressed VBA directory with a project name length of -1, which leads to a heap-based buffer overflow. | 10.0 |
2005-05-24 | CVE-2005-1744 | BEA | Incomplete Cleanup vulnerability in BEA Weblogic Server BEA WebLogic Server and WebLogic Express 7.0 through Service Pack 5 does not log out users when an application is redeployed, which allows those users to continue to access the application without having to log in again, which may be in violation of newly changed security constraints or role mappings. | 9.8 |
26 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2005-05-29 | CVE-2005-1804 | NET Portal Dynamic System | Unspecified vulnerability in NET Portal Dynamic System NET Portal Dynamic System 5.0 Multiple SQL injection vulnerabilities in Net Portal Dynamic System (NPDS) 5.0 allow remote attackers to execute arbitrary SQL commands via the (1) terme parameter in the glossaire module (glossaire.php) or (2) query parameter to links.php. | 7.5 |
2005-05-29 | CVE-2005-1789 | India Software Solution | Unspecified vulnerability in India Software Solution Shopping Cart SQL injection vulnerability in SignIn.asp in India Software Solution shopping cart allows remote attackers to execute arbitrary SQL commands via the password. | 7.5 |
2005-05-28 | CVE-2005-1806 | Peercast | Unspecified vulnerability in Peercast Format string vulnerability in PeerCast 0.1211 and earlier allows remote attackers to execute arbitrary code via format strings in the URL. | 7.5 |
2005-05-27 | CVE-2005-1795 | Clam Anti Virus | Improper Input Validation vulnerability in Clam Anti-Virus Clamav The filecopy function in misc.c in Clam AntiVirus (ClamAV) before 0.85, on Mac OS, allows remote attackers to execute arbitrary code via a virus in a filename that contains shell metacharacters, which are not properly handled when HFS permissions prevent the file from being deleted and ditto is invoked. | 7.5 |
2005-05-27 | CVE-2005-1787 | Phpstat | Improper Input Validation vulnerability in PHPstat setup.php in phpStat 1.5 allows remote attackers to bypass authentication and gain administrator privileges by setting the $check variable. | 7.5 |
2005-05-27 | CVE-2005-1784 | Hosting Controller | Remote Security vulnerability in Hosting Controller 6.1.0 Hotfix 3.2 Hosting Controller 6.1 HotFix 2.0 and earlier allows remote attackers to steal passwords and gain privileges via a modified emailaddress parameter in an updateprofile action for UserProfile.asp. | 7.5 |
2005-05-26 | CVE-2005-1828 | Dlink | Cleartext Storage of Sensitive Information vulnerability in Dlink Dsl-504T Firmware D-Link DSL-504T stores usernames and passwords in cleartext in the router configuration file, which allows remote attackers to obtain sensitive information. | 7.5 |
2005-05-26 | CVE-2005-1523 | GNU | Remote Format String vulnerability in GNU Mailutils 0.5/0.6 Format string vulnerability in imap4d server in GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows remote attackers to execute arbitrary code via format string specifiers in the command tag for IMAP commands. | 7.5 |
2005-05-26 | CVE-2005-1521 | GNU | Remote Integer Overflow vulnerability in GNU Mailutils 0.5/0.6 Integer overflow in the fetch_io function of the imap4d server in GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows remote attackers to execute arbitrary code via a partial message request with a large value in the END parameter, which leads to a heap-based buffer overflow. | 7.5 |
2005-05-26 | CVE-2005-1520 | GNU | Buffer Overflow vulnerability in GNU Mailutils 0.5/0.6 Buffer overflow in the header_get_field_name function in header.c for GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows remote attackers to execute arbitrary code via a crafted e-mail. | 7.5 |
2005-05-25 | CVE-2005-1543 | Novell | Remote Pre-Authentication Buffer Overflow vulnerability in Novell ZENworks Multiple stack-based and heap-based buffer overflows in Remote Management authentication (zenrem32.exe) on Novell ZENworks 6.5 Desktop and Server Management, ZENworks for Desktops 4.x, ZENworks for Servers 3.x, and Remote Management allows remote attackers to execute arbitrary code via (1) unspecified vectors, (2) type 1 authentication requests, and (3) type 2 authentication requests. | 7.5 |
2005-05-24 | CVE-2005-1743 | BEA Oracle | Remote vulnerability in BEA WebLogic Server and WebLogic Express BEA WebLogic Server and WebLogic Express 8.1 through Service Pack 3 and 7.0 through Service Pack 5 does not properly handle when a security provider throws an exception, which may cause WebLogic to use incorrect identity for the thread, or to fail to audit security exceptions. | 7.5 |
2005-05-24 | CVE-2005-1737 | Electricmonk | Denial-Of-Service vulnerability in Electricmonk Proms 0.11 Multiple unknown vulnerabilities in PROMS 0.11 allow "non-authorized users" to (1) view or modify the project member list or (2) modify the todos list. | 7.5 |
2005-05-24 | CVE-2005-1736 | Electricmonk | Remote Security vulnerability in Proms PROMS 0.11 does not properly handle "certain combinations of rights," which gives more rights to users than intended. | 7.5 |
2005-05-24 | CVE-2005-1734 | Electricmonk | Unspecified vulnerability in Electricmonk Proms Multiple SQL injection vulnerabilities in PROMS before 0.11 allow remote attackers to execute arbitrary SQL commands via unknown vectors. | 7.5 |
2005-05-24 | CVE-2005-1719 | Alwil | Unspecified vulnerability in Alwil Avast Antivirus Unknown vulnerability in ALWIL avast! antivirus 4 (4.6.6230) and earlier, when running on Windows NT 4.0, does not properly detect certain viruses. | 7.5 |
2005-05-24 | CVE-2005-1712 | SY9 | Remote Security vulnerability in SY9 Serendipity 0.8 Unknown vulnerability in Serendipity 0.8, when used with multiple authors, allows unprivileged authors to upload arbitrary media files. | 7.5 |
2005-05-24 | CVE-2005-1711 | Clam Anti Virus Gibraltar Squid | Gibraltar Firewall 2.2 and earlier, when using the ClamAV update to 0.81 for Squid, uses a defunct ClamAV method to scan memory for viruses, which does not return an error code and prevents viruses from being detected. | 7.5 |
2005-05-24 | CVE-2005-1709 | Bluecoat | HTML Injection vulnerability in Bluecoat Reporter 7.1.1 Unknown vulnerability in Blue Coat Reporter before 7.1.2 allows remote unauthenticated attackers to add a license. | 7.5 |
2005-05-24 | CVE-2005-1706 | Mailscanner | Security Bypass vulnerability in MailScanner Unknown vulnerability in MailScanner 4.41.3 and earlier, related to "incomplete reporting of viruses in zip files," allows remote attackers to bypass virus detection. | 7.5 |
2005-05-24 | CVE-2005-1702 | Black Cactus | Remote Format String vulnerability in Black Cactus Warrior Kings and Warrior Kings Battles Format string vulnerability in Warrior Kings: Battles 1.23 and earlier and Warrior Kings 1.3 and earlier allows remote attackers to execute arbitrary code via format string specifiers in a nickname. | 7.5 |
2005-05-24 | CVE-2005-1701 | Portailphp | SQL Injection vulnerability in Portailphp 1.3 SQL injection vulnerability in PortailPHP 1.3 allows remote attackers to execute arbitrary SQL commands via the id parameter to the (1) News, (2) File, (3) Liens, or (4) Faq modules. | 7.5 |
2005-05-24 | CVE-2005-1700 | Postnuke Software Foundation | Unspecified vulnerability in Postnuke Software Foundation Postnuke 0.760Rc3 SQL injection vulnerability in pnadmin.php in the Xanthia module in PostNuke 0.760-RC3 allows remote administrators to execute arbitrary SQL commands via the riga[0] parameter. | 7.5 |
2005-05-24 | CVE-2005-1694 | Postnuke Software Foundation | Unspecified vulnerability in Postnuke Software Foundation Postnuke 0.750 Multiple SQL injection vulnerabilities in Xanthia.php in the Xanthia module in PostNuke 0.750 allow remote attackers to execute arbitrary SQL commands via the (1) name or (2) module parameter. | 7.5 |
2005-05-25 | CVE-2005-1151 | Debian | Unspecified vulnerability in Debian Qpopper 4.0.4/4.0.5 qpopper 4.0.5 and earlier does not properly drop privileges before processing certain user-supplied files, which allows local users to overwrite or create arbitrary files as root. | 7.2 |
2005-05-24 | CVE-2005-1705 | GNU | Unspecified vulnerability in GNU GDB gdb before 6.3 searches the current working directory to load the .gdbinit configuration file, which allows local users to execute arbitrary commands as the user running gdb. | 7.2 |
38 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2005-05-24 | CVE-2005-1747 | BEA Oracle | Remote vulnerability in BEA WebLogic Server and WebLogic Express Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Server and Express 8.1 through Service Pack 4, and 7.0 through Service Pack 6, allow remote attackers to inject arbitrary web script or HTML, and possibly gain administrative privileges, via the (1) j_username or (2) j_password parameters in the login page (LoginForm.jsp), (3) parameters to the error page in the Administration Console, (4) unknown vectors in the Server Console while the administrator has an active session to obtain the ADMINCONSOLESESSION cookie, or (5) an alternate vector in the Server Console that does not require an active session but also leaks the username and password. | 6.8 |
2005-05-26 | CVE-2005-1797 | Openssl | Unspecified vulnerability in Openssl The design of Advanced Encryption Standard (AES), aka Rijndael, allows remote attackers to recover AES keys via timing attacks on S-box lookups, which are difficult to perform in constant time in AES implementations. | 5.1 |
2005-05-29 | CVE-2005-1830 | Compuware | Denial-Of-Service vulnerability in Compuware Softice Driverstudio 3.1/3.2 The DbgMsg.sys driver in Compuware SoftICE DriverStudio 3.1 and 3.2 allows remote attackers to cause a denial of service (application crash) via an invalid Debug Message pointer. | 5.0 |
2005-05-29 | CVE-2005-1798 | Serverscheck | Directory Traversal vulnerability in Monitoring Software 5.10.0/5.9.0 Directory traversal vulnerability in ServersCheck Monitoring Software 5.9.0 to 5.10.0 allows remote attackers to read arbitrary files via .. | 5.0 |
2005-05-28 | CVE-2005-1829 | Microsoft | Unspecified vulnerability in Microsoft Internet Explorer Microsoft Internet Explorer 6 SP2 allows remote attackers to cause a denial of service (infinite loop and application crash) via two embedded files that call each other. | 5.0 |
2005-05-28 | CVE-2005-1807 | Phpmailer | Remote Denial of Service vulnerability in PHPMailer Data() Function The Data function in class.smtp.php in PHPMailer 1.7.2 and earlier allows remote attackers to cause a denial of service (infinite loop leading to memory and CPU consumption) via a long header field. | 5.0 |
2005-05-27 | CVE-2005-1802 | Nortel | Products Remote Denial of Service vulnerability in Nortel Networks Nortel VPN Router (aka Contivity) allows remote attackers to cause a denial of service (crash) via an IPsec IKE packet with a malformed ISAKMP header. | 5.0 |
2005-05-26 | CVE-2005-1522 | GNU | Remote Denial of Service vulnerability in GNU Mailutils 0.5/0.6 The imap4d server for GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows authenticated remote users to cause a denial of service (CPU consumption) via a large range value in the FETCH command. | 5.0 |
2005-05-26 | CVE-2005-1408 | Apple | Unspecified vulnerability in Apple Keynote 2.0.0/2.0.1 Apple Keynote 2.0 and 2.0.1 allows remote attackers to read arbitrary files via the keynote: URI handler in a crafted Keynote presentation. | 5.0 |
2005-05-26 | CVE-2005-0150 | Mozilla | Unspecified vulnerability in Mozilla Firefox Firefox before 1.0 allows the user to store a (1) javascript: or (2) data: URLs as a Livefeed bookmark, then executes it in the security context of the currently loaded page when the user later accesses the bookmark, which could allow remote attackers to execute arbitrary code. | 5.0 |
2005-05-25 | CVE-2005-1254 | Ipswitch | Multiple vulnerability in Ipswitch IMail Server Stack-based buffer overflow in the IMAP server for Ipswitch IMail 8.12 and 8.13, and other versions before IMail Server 8.2 Hotfix 2, allows remote authenticated users to cause a denial of service (crash) via a SELECT command with a large argument. | 5.0 |
2005-05-25 | CVE-2005-1252 | Ipswitch | Multiple vulnerability in Ipswitch IMail Server Directory traversal vulnerability in the Web Calendaring server in Ipswitch Imail 8.13, and other versions before IMail Server 8.2 Hotfix 2, allows remote attackers to read arbitrary files via "..\" (dot dot backslash) sequences in the query string argument in a GET request to a non-existent .jsp file. | 5.0 |
2005-05-25 | CVE-2005-1249 | Ipswitch | Multiple vulnerability in Ipswitch IMail Server The IMAP daemon (IMAPD32.EXE) in Ipswitch Collaboration Suite (ICS) allows remote attackers to cause a denial of service (CPU consumption) via an LSUB command with a large number of null characters, which causes an infinite loop. | 5.0 |
2005-05-24 | CVE-2005-1749 | BEA Oracle | Remote vulnerability in BEA WebLogic Server and WebLogic Express Buffer overflow in BEA WebLogic Server and WebLogic Express 6.1 Service Pack 4 allows remote attackers to cause a denial of service (CPU consumption from thread looping). | 5.0 |
2005-05-24 | CVE-2005-1748 | BEA Oracle | Remote vulnerability in BEA WebLogic Server and WebLogic Express The embedded LDAP server in BEA WebLogic Server and Express 8.1 through Service Pack 4, and 7.0 through Service Pack 5, allows remote anonymous binds, which may allow remote attackers to view user entries or cause a denial of service. | 5.0 |
2005-05-24 | CVE-2005-1746 | BEA Oracle | Remote vulnerability in BEA WebLogic Server and WebLogic Express The cluster cookie parsing code in BEA WebLogic Server 7.0 through Service Pack 5 attempts to contact any host or port specified in a cookie, even when it is not in the cluster, which allows remote attackers to cause a denial of service (cluster slowdown) via modified cookies. | 5.0 |
2005-05-24 | CVE-2005-1742 | BEA Oracle | Remote vulnerability in BEA WebLogic Server and WebLogic Express BEA WebLogic Server and WebLogic Express 8.1 SP2 and SP3 allows users with the Monitor security role to "shrink or reset JDBC connection pools." | 5.0 |
2005-05-24 | CVE-2005-1741 | Gearbox Software | Denial of Service vulnerability in Gearbox Software Halo Combat Evolved 1.6 Gearbox Software Halo: Combat Evolved 1.6 allows remote attackers to cause a denial of service (infinite loop) via malformed data. | 5.0 |
2005-05-24 | CVE-2005-1739 | Graphicsmagick Imagemagick | Denial Of Service vulnerability in ImageMagick And GraphicsMagick XWD Decoder The XWD Decoder in ImageMagick before 6.2.2.3, and GraphicsMagick before 1.1.6-r1, allows remote attackers to cause a denial of service (infinite loop) via an image with a zero color mask. | 5.0 |
2005-05-24 | CVE-2005-1733 | Metro Marketing | Remote Security vulnerability in Cookie Cart Cookie Cart stores the password file under the web document root with insufficient access control, which allows remote attackers to obtain usernames and encrypted passwords via a direct request to passwd.txt. | 5.0 |
2005-05-24 | CVE-2005-1732 | Metro Marketing | Remote Security vulnerability in Cookie Cart Cookie Cart allows remote attackers to read the Order Notification list via the testmycgi and path parameters to testmy.cgi. | 5.0 |
2005-05-24 | CVE-2005-1718 | LS Games | Denial-Of-Service vulnerability in LS Games WAR Times 1.03 Buffer overflow in LS Games War Times 1.03 and earlier allows remote attackers to cause a denial of service (server crash) via a long nickname. | 5.0 |
2005-05-24 | CVE-2005-1717 | Zyxel | Remote Denial of Service vulnerability in Zyxel Prestige 650R-31 3.40Ko.1 ZyXEL Prestige 650R-31 router running ZyNOS FW v3.40(KO.1) allows remote attackers to cause a denial of service (CPU consumption and network loss) via crafted fragmented IP packets. | 5.0 |
2005-05-24 | CVE-2005-1716 | EJ3 | Information Disclosure vulnerability in Topo 2.2/2.2.178 TOPo 2.2 (2.2.178) stores data files in the data directory under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as client IP addresses. | 5.0 |
2005-05-24 | CVE-2005-1703 | Black Cactus | Remote Denial Of Service vulnerability in Black Cactus Warrior Kings Battles 1.23 Warrior Kings: Battles 1.23 and earlier allows remote attackers to cause a denial of service (server crash) via a partial join packet that triggers a NULL pointer dereference. | 5.0 |
2005-05-24 | CVE-2005-1745 | BEA Oracle | Remote vulnerability in BEA WebLogic Server and WebLogic Express The UserLogin control in BEA WebLogic Portal 8.1 through Service Pack 3 prints the password to standard output when an incorrect login attempt is made, which could make it easier for attackers to guess the correct password. | 4.6 |
2005-05-24 | CVE-2005-1708 | Bluecoat | Remote Privilege Escalation vulnerability in Bluecoat Reporter 7.1.1 templates.admin.users.user_form_processing in Blue Coat Reporter before 7.1.2 allows authenticated users to gain administrator privileges via an HTTP POST that sets volatile.user.administrator to true. | 4.6 |
2005-05-24 | CVE-2005-1707 | Gentoo | Unspecified vulnerability in Gentoo Linux Webapp-Config 1.10 The fn_show_postinst function in Gentoo webapp-config before 1.10-r14 allows local users to overwrite arbitrary files via a symlink attack on the postinst.txt temporary file. | 4.6 |
2005-05-24 | CVE-2005-1704 | GNU | Numeric Errors vulnerability in GNU GDB Integer overflow in the Binary File Descriptor (BFD) library for gdb before 6.3, binutils, elfutils, and possibly other packages, allows user-assisted attackers to execute arbitrary code via a crafted object file that specifies a large number of section headers, leading to a heap-based buffer overflow. | 4.6 |
2005-05-29 | CVE-2005-1803 | NET Portal Dynamic System | Unspecified vulnerability in NET Portal Dynamic System NET Portal Dynamic System 5.0 Multiple cross-site scripting (XSS) vulnerabilities in Net Portal Dynamic System (NPDS) 5.0 allow remote attackers to inject arbitrary web script or HTML via the language parameter to (1) admin.php, or (2) powerpack_f.php, (3) the sitename parameter to sdv_infos.php, (4) the categories parameter to faq.php, (5) the lettre parameter to the glossaire module, (6) the title parameter to reviews.php, or (7) the image_subject parameter to reply.php. | 4.3 |
2005-05-28 | CVE-2005-1800 | Clam Anti Virus | Cross-Site Scripting vulnerability in JAWS Glossary Cross-site scripting (XSS) vulnerability in Jaws Glossary gadget 0.4 to 0.5.1 allows remote attackers to inject arbitrary web script or HTML via the term parameter in a view or ViewTerm action to index.php. | 4.3 |
2005-05-26 | CVE-2005-1782 | W M R Simpson | Cross-Site Scripting vulnerability in W.M.R. Simpson Bookreview 1.0 Multiple cross-site scripting (XSS) vulnerabilities in BookReview beta 1.0 allow remote attackers to inject arbitrary web script or HTML via the node parameter to (1) add_review.htm, (2) suggest_review.htm, (3) suggest_category.htm, (4) add_booklist.htm, or (5) add_url.htm, the isbn parameter to (6) add_review.htm, (7) add_contents.htm, (8) add_classification.htm, the (9) chapters parameter to the add_contents page in index.php (aka add_contents.htm), (10) the user parameter to contact.htm, or (11) the submit[string] parameter to search.htm. | 4.3 |
2005-05-24 | CVE-2005-1735 | Electricmonk | Unspecified vulnerability in Electricmonk Proms Multiple cross-site scripting (XSS) vulnerabilities in PROMS before 0.11 allow remote attackers to inject arbitrary web script or HTML via unknown vectors. | 4.3 |
2005-05-24 | CVE-2005-1715 | EJ3 | Index.PHP Cross-Site Scripting vulnerability in EJ3 Topo 2.2/2.2.178 Cross-site scripting (XSS) vulnerability in index.php for TOPo 2.2 (2.2.178) allows remote attackers to inject arbitrary web script or HTML via the (1) m, (2) s, (3) ID, or (4) t parameters, or the (5) field name, (6) Your Web field, or (7) email field in the comments section. | 4.3 |
2005-05-24 | CVE-2005-1714 | Netwin | Unspecified vulnerability in Netwin Surgemail 3.0C2 Cross-site scripting (XSS) vulnerability in NetWin SurgeMail 3.0c2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | 4.3 |
2005-05-24 | CVE-2005-1713 | S9Y | Unspecified vulnerability in S9Y Serendipity 0.8 Multiple cross-site scripting (XSS) vulnerabilities in Serendipity 0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) templatedropdown and (2) shoutbox plugins. | 4.3 |
2005-05-24 | CVE-2005-1710 | Bluecoat | Unspecified vulnerability in Bluecoat Reporter 7.1.1 Multiple cross-site scripting (XSS) vulnerabilities in Blue Coat Reporter before 7.1.2 allow remote attackers to inject arbitrary web script or HTML via (1) the username in an Add User window or (2) the license key (volatile.license_to_add parameter) in the Licensing page. | 4.3 |
2005-05-24 | CVE-2005-1699 | Postnuke Software Foundation | Directory Traversal vulnerability in Postnuke Software Foundation Postnuke 0.760Rc3 Directory traversal vulnerability in pnadminapi.php in the Xanthia module in PostNuke 0.760-RC3 allows remote administrators to read arbitrary files via a .. | 4.0 |
6 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2005-05-25 | CVE-2005-1751 | Shtool | Unspecified vulnerability in Shtool Race condition in shtool 2.0.1 and earlier allows local users to create or modify arbitrary files via a symlink attack on the .shtool.$$ temporary file, a different vulnerability than CVE-2005-1759. | 3.7 |
2005-05-28 | CVE-2005-1791 | Microsoft | Denial of Service vulnerability in Microsoft IE 6.0 Microsoft Internet Explorer 6 SP2 (6.0.2900.2180) crashes when the user attempts to add a URI to the restricted zone, in which the full domain name of the URI begins with numeric sequences similar to an IP address. | 2.6 |
2005-05-26 | CVE-2005-1801 | Nokia | Remote Denial of Service vulnerability in Nokia 9500 vCard Viewer The vCard viewer in Nokia 9500 allows attackers to cause a denial of service (crash) via a vCard with a long Name field, which causes the crash when the user views it. | 2.6 |
2005-05-24 | CVE-2005-1696 | Postnuke Software Foundation | Unspecified vulnerability in Postnuke Software Foundation Postnuke 0.750/0.760Rc3 Multiple cross-site scripting (XSS) vulnerabilities in PostNuke 0.750 and 0.760RC3 allow remote attackers to inject arbitrary web script or HTML via the (1) skin or (2) paletteid parameter to demo.php in the Xanthia module, or (3) the serverName parameter to config.php in the Multisites (aka NS-Multisites) module. | 2.6 |
2005-05-24 | CVE-2005-1695 | Postnuke Software Foundation | Unspecified vulnerability in Postnuke Software Foundation Postnuke 0.750/0.760Rc2/0.760Rc3 Multiple cross-site scripting (XSS) vulnerabilities in the RSS module in PostNuke 0.750 and 0.760RC2 and RC3 allow remote attackers to inject arbitrary web script or HTML via the (1) rss_url parameter to magpie_slashbox.php, or the url parameter to (2) magpie_simple.php or (3) magpie_debug.php. | 2.6 |
2005-05-25 | CVE-2005-1152 | Debian | Unspecified vulnerability in Debian Qpopper 4.0.4/4.0.5 popauth.c in qpopper 4.0.5 and earlier does not properly set the umask, which may cause qpopper to create files with group or world-writable permissions. | 2.1 |