Weekly Vulnerabilities Reports > June 6 to 12, 2005
Overview
5 new vulnerabilities reported during this period, including 0 critical vulnerabilities and 2 high severity vulnerabilities. This weekly summary report vulnerabilities in 5 products from 5 vendors including Invisioncommunity, AOL, Lutel, Silvercity Project, and Everybuddy. Vulnerabilities are notably categorized as "Link Following", "Integer Underflow (Wrap or Wraparound)", "Incorrect Default Permissions", and "Cross-Site Request Forgery (CSRF)".
- 2 reported vulnerabilities are remotely exploitables.
- 2 reported vulnerabilities are exploitable by an anonymous user.
- Invisioncommunity has the most reported vulnerabilities, with 1 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
0 Critical Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|
2 High Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2005-06-08 | CVE-2005-1941 | Silvercity Project | Incorrect Default Permissions vulnerability in Silvercity Project Silvercity SilverCity before 0.9.5-r1 installs (1) cgi-styler-form.py, (2) cgi-styler.py, and (3) source2html.py with read and write world permissions, which allows local users to execute arbitrary code. | 7.8 |
| 2005-06-09 | CVE-2005-1891 | AOL | Integer Underflow (Wrap or Wraparound) vulnerability in AOL AIM The GIF parser in ateimg32.dll in AOL Instant Messenger (AIM) 5.9.3797 and earlier allows remote attackers to cause a denial of service (crash) via a malformed buddy icon that causes an integer underflow in a loop counter variable. | 7.5 |
3 Medium Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2005-06-09 | CVE-2005-1879 | Lutel | Link Following vulnerability in Lutel Lutelwall LutelWall 0.97 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file created by a system call to wget. | 5.5 |
| 2005-06-06 | CVE-2005-1880 | Everybuddy | Link Following vulnerability in Everybuddy 0.4.3 everybuddy 0.4.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file created by a system call to wget. | 5.5 |
| 2005-06-09 | CVE-2005-1947 | Invisioncommunity | Cross-Site Request Forgery (CSRF) vulnerability in Invisioncommunity Gallery Cross-site request forgery (CSRF) vulnerability in Invision Gallery before 1.3.1 allows remote attackers to delete albums and images as another user via a link or IMG tag to the (1) albums or (2) delimg actions. | 4.3 |
0 Low Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|