Weekly Vulnerabilities Reports > June 6 to 12, 2005

Overview

73 new vulnerabilities reported during this period, including 1 critical vulnerabilities and 29 high severity vulnerabilities. This weekly summary report vulnerabilities in 61 products from 55 vendors including Yapig, Apple, Novell, Flatnuke, and Invision Power Services. Vulnerabilities are notably categorized as "Resource Management Errors", and "Improper Authentication".

  • 58 reported vulnerabilities are remotely exploitables.
  • 1 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 73 reported vulnerabilities are exploitable by an anonymous user.
  • Yapig has the most reported vulnerabilities, with 6 reported vulnerabilities.
  • Flexcast has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

1 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2005-06-09 CVE-2005-1897 Flexcast Remote Security vulnerability in Flexcast Audio Video Streaming Server

Unknown vulnerability in FlexCast Audio Video Streaming Server before 2.0 has unknown impact and attack vectors.

10.0

29 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2005-06-12 CVE-2005-1959 Jammail Remote Arbitrary Command Execution vulnerability in Jammail 1.8

jammail.pl in jamchen JamMail 1.8 allows remote attackers to execute arbitrary commands via shell metacharacters in the mail parameter.

7.5
2005-06-12 CVE-2005-1957 Adam Mmedici Improper Authentication vulnerability in Adam Mmedici File Upload Manager

mtnpeak.net File Upload Manager does not properly check user authentication for certain actions, which allows remote attackers to provide a modified base64-encoded file parameter and (1) read arbitrary files via the "view" action or (2) delete arbitrary files via the del action.

7.5
2005-06-11 CVE-2005-1953 Pico Server Remote Security vulnerability in Pico Server Pico Server 3.3

Heap-based buffer overflow in the CGI extension for Pico Server (pServ) 3.3 allows remote attackers to execute arbitrary code via a long HTTP request.

7.5
2005-06-10 CVE-2005-1966 E107 Remote Command Execution vulnerability in E107 1.0.1

The eTrace_validaddr function in eTrace plugin for e107 portal allows remote attackers to execute arbitrary commands via shell metacharacters after a valid argument to the etrace_host parameter.

7.5
2005-06-10 CVE-2005-1942 Cisco Security Bypass vulnerability in Catalyst

Cisco switches that support 802.1x security allow remote attackers to bypass port security and gain access to the VLAN via spoofed Cisco Discovery Protocol (CDP) messages.

7.5
2005-06-09 CVE-2005-1964 Cantico Remote Security vulnerability in Cantico Ovidentia FX

PHP remote file inclusion vulnerability in utilit.php for Ovidentia Portal allows remote attackers to execute arbitrary PHP code via the babInstallPath parameter.

7.5
2005-06-09 CVE-2005-1950 Darryl Burgdorf Remote Command Execution vulnerability in Darryl Burgdorf Webhints 1.3

hints.pl in Webhints 1.03 allows remote attackers to execute arbitrary commands via shell metacharacters in the argument.

7.5
2005-06-09 CVE-2005-1948 Invision Power Services SQL Injection vulnerability in Invision Power Services Invision Gallery 1.0.1/1.3

Multiple SQL injection vulnerabilities in Invision Gallery before 1.3.1 allow remote attackers to execute arbitrary SQL commands via (1) the comment parameter in an editcomment action or (2) the rating parameter when voting on a photo.

7.5
2005-06-09 CVE-2005-1946 Invision Power Services SQL-Injection vulnerability in Invision Community Blog 1.0/1.1

Multiple SQL injection vulnerabilities in Invision Blog before 1.1.2 Final allow remote attackers to execute arbitrary SQL commands via the (1) eid parameter to an editentry, replyentry, or editcomment action, or (2) the mid parameter to an aboutme action.

7.5
2005-06-09 CVE-2005-1908 Perception Security Bypass vulnerability in Perception Liteweb 2.5

Perception LiteWeb allows remote attackers to bypass access controls for files via an extra leading / (slash) or leading \ (backslash) in the URL.

7.5
2005-06-09 CVE-2005-1904 Jiro SQL-Injection vulnerability in JiRo Upload System

SQL injection vulnerability in login.asp in JiRo's Upload System (JUS) 1 allows remote attackers to execute arbitrary SQL commands via the password parameter.

7.5
2005-06-09 CVE-2005-1900 Sawmill Security Bypass vulnerability in Sawmill

Sawmill before 7.1.6 allows remote attackers to bypass authentication and (1) gain administrative privileges or (2) add a license.

7.5
2005-06-09 CVE-2005-1894 Flatnuke Remote Security vulnerability in Flatnuke 2.5.3

Direct code injection vulnerability in FlatNuke 2.5.3 allows remote attackers to execute arbitrary PHP code by placing the code into the Referer header of an HTTP request, which causes the code to be injected into referer.php, which can then be accessed by the attacker.

7.5
2005-06-09 CVE-2005-1882 Yapig Remote Security vulnerability in Yapig 0.93U/0.94U

PHP remote file inclusion vulnerability in last_gallery.php in YaPiG 0.93u and 0.94u allows remote attackers to execute arbitrary PHP code via the YAPIG_PATH parameter.

7.5
2005-06-09 CVE-2005-1873 Crob Remote Security vulnerability in Crob FTP 3.6.1

Multiple buffer overflows in Crob FTP 3.6.1, and possibly earlier versions, allow remote attackers to execute arbitrary code via (1) an FTP command with a large string followed by the RMD command with a long string or (2) a globbing ("*") character followed by a long string.

7.5
2005-06-09 CVE-2005-1871 Drupal Remote Security vulnerability in Drupal

Unknown vulnerability in the privilege system in Drupal 4.4.0 through 4.6.0, when public registration is enabled, allows remote attackers to gain privileges, due to an "input check" that "is not implemented properly."

7.5
2005-06-09 CVE-2005-1868 I MAN File-Upload vulnerability in I-Man

I-Man 0.9, and possibly earlier versions, allows remote attackers to execute arbitrary PHP code by uploading a file attachment with a .php extension.

7.5
2005-06-09 CVE-2005-1867 Symantec Remote Security vulnerability in Brightmail Anti-Spam

Symantec Brightmail AntiSpam before 6.0.2 has a hard-coded database administrator password, which allows remote attackers to gain privileges.

7.5
2005-06-09 CVE-2005-1865 Vincent HOR SQL-Injection vulnerability in Vincent HOR Calendarix Advanced 1.5

Multiple SQL injection vulnerabilities in Calendarix Advanced 1.5 allow remote attackers to execute arbitrary SQL commands via the catview parameter to (1) cal_week.php, (2) cal_cat.php, or (3) cal_day.php, or (4) id parameter to cal_pophols.php.

7.5
2005-06-08 CVE-2005-1960 C J Steele The getemails function in C.J.
7.5
2005-06-08 CVE-2005-1943 Loki SQL Injection vulnerability in Loki Download Manager Default.ASP

Multiple SQL injection vulnerabilities in Loki download manager 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) password field to default.asp or (2) cat parameter to catinfo.asp.

7.5
2005-06-08 CVE-2005-1758 Novell Remote vulnerability in Novell NetMail

Buffer overflow in the IMAP command continuation function in Novell NetMail 3.52 before 3.52C may allow remote attackers to execute arbitrary code.

7.5
2005-06-08 CVE-2005-1757 Novell Remote vulnerability in Novell NetMail

Buffer overflow in the Modweb agent for Novell NetMail 3.52 before 3.52C, when renaming folders, may allow attackers to execute arbitrary code.

7.5
2005-06-08 CVE-2005-1724 Apple Unspecified vulnerability in Apple mac OS X Server 10.4/10.4.1

NFS on Apple Mac OS X 10.4.x up to 10.4.1 does not properly obey the -network or -mask flags for a filesystem and exports it to everyone, which allows remote attackers to bypass intended access restrictions.

7.5
2005-06-08 CVE-2005-1723 Apple Unspecified vulnerability in Apple mac OS X Server 10.4/10.4.1

LaunchServices in Apple Mac OS X 10.4.x up to 10.4.1 does not properly mark file extensions and MIME types as unsafe if an Apple Uniform Type Identifier (UTI) is not created when the type is added to the database of unsafe types, which could allow attackers to bypass intended restrictions.

7.5
2005-06-07 CVE-2005-1869 Appindex Remote Security vulnerability in MWChat

PHP remote file inclusion vulnerability in start_lobby.php in MWChat 6.x allows remote attackers to execute arbitrary PHP code via the CONFIG[MWCHAT_Libs] parameter.

7.5
2005-06-06 CVE-2005-1881 Yapig File-Upload vulnerability in Yapig 0.92B/0.93U/0.94U

upload.php in YaPiG 0.92b, 0.93u and 0.94u does not properly restrict the file extension for uploaded image files, which allows remote attackers to upload arbitrary files and execute arbitrary PHP code.

7.5
2005-06-09 CVE-2005-1905 Kaspersky LAB Privilege Escalation vulnerability in Kaspersky LAB products

The klif.sys driver in Kaspersky Labs Anti-Virus 5.0.227, 5.0.228, and 5.0.335 on Windows 2000 allows local users to gain privileges by modifying certain critical code addresses that are later accessed by privileged programs.

7.2
2005-06-09 CVE-2005-1763 Novell
Suse
Buffer overflow in ptrace in the Linux Kernel for 64-bit architectures allows local users to write bytes into kernel memory.
7.2

34 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2005-06-09 CVE-2005-1892 Flatnuke Denial-Of-Service vulnerability in FlatNuke

FlatNuke 2.5.3 allows remote attackers to cause a denial of service or obtain sensitive information via (1) a direct request to foot_news.php, which triggers an infinite loop, or (2) direct requests to unknown scripts, which reveals the web document root in an error message.

6.4
2005-06-09 CVE-2005-1884 Yapig Directory Traversal vulnerability in Yapig 0.92B/0.93U/0.94U

Directory traversal vulnerability in the (1) rmdir or (2) mkdir commands in upload.php in YaPiG 0.92b, 0.93u and 0.94u allows remote attackers to create or delete arbitrary directories via a ..

6.4
2005-06-12 CVE-2005-1956 File Upload Manager File-Upload vulnerability in File Upload Manager

File Upload Manager allows remote attackers to upload arbitrary files by modifying the test variable to contain a value of '~~~~~~' (six tildes), which bypasses the file extension checks.

5.0
2005-06-12 CVE-2005-1729 Novell Denial-Of-Service vulnerability in Novell Edirectory 8.7.3

Novell eDirectory 8.7.3 allows remote attackers to cause a denial of service (application crash) via a URL containing an MS-DOS device name such as AUX, CON, PRN, COM1, or LPT1.

5.0
2005-06-10 CVE-2005-1267 LBL
Gentoo
Mandrakesoft
Redhat
Trustix
Denial Of Service vulnerability in tcpdump BGP Decoding Routines

The bgp_update_print function in tcpdump 3.x does not properly handle a -1 return value from the decode_prefix4 function, which allows remote attackers to cause a denial of service (infinite loop) via a crafted BGP packet.

5.0
2005-06-09 CVE-2005-1947 Invision Power Services Cross-Site Request Forgery vulnerability in Invision Gallery 1.0.1/1.3

Cross-site request forgery (CSRF) vulnerability in Invision Gallery before 1.3.1 allows remote attackers to delete albums and images as another user via a link or IMG tag to the (1) albums or (2) delimg actions.

5.0
2005-06-09 CVE-2005-1911 Leafnode Unspecified vulnerability in Leafnode

The fetchnews NNTP client in leafnode 1.11.2 and earlier can hang while waiting for input that never arrives, which allows remote NNTP servers to cause a denial of service (news loss).

5.0
2005-06-09 CVE-2005-1899 Rakkarsoft Remote Denial of Service vulnerability in Rakkarsoft RakNet

Rakkarsoft RakNet network library 2.33 and earlier, when released before 30 May 2005, and as used in multiple products including nFusion Elite Warriors: Vietnam, allows remote attackers to cause a denial of service (infinite loop) via a zero-byte UDP packet.

5.0
2005-06-09 CVE-2005-1898 Phpthumb Information Disclosure vulnerability in PHPThumb Arbitrary File

The passthrough functionality in phpThumb.php in phpThumb() before 1.5.4 allows remote attackers to read files that are not images.

5.0
2005-06-09 CVE-2005-1896 Flatnuke Directory Traversal vulnerability in Flatnuke 2.5.3

Directory traversal vulnerability in thumb.php in FlatNuke 2.5.3 allows remote attackers to read arbitrary images or obtain the installation path via the image parameter.

5.0
2005-06-09 CVE-2005-1893 Flatnuke Information Disclosure vulnerability in Flatnuke 2.5.3

FlatNuke 2.5.3 allows remote attackers to obtain sensitive information via invalid parameters to certain scripts, which leaks the web document root in an error message.

5.0
2005-06-09 CVE-2005-1891 AOL Remote Denial of Service vulnerability in AOL Instant Messenger Buddy Icon

The GIF parser in ateimg32.dll in AOL Instant Messenger (AIM) 5.9.3797 and earlier allows remote attackers to cause a denial of service (crash) via a malformed buddy icon that causes an integer underflow in a loop counter variable.

5.0
2005-06-09 CVE-2005-1883 Yapig Remote Security vulnerability in Yapig 0.92B

global.php in YaPiG 0.92b allows remote attackers to include arbitrary local files via the BASE_DIR parameter.

5.0
2005-06-09 CVE-2005-1874 Evan Wagner Directory traversal vulnerability in Dzip before 2.9 allows remote attackers to create arbitrary files via a filename containing a ..
5.0
2005-06-09 CVE-2005-1870 Popper Remote Security vulnerability in Popper 1.41R2

PHP remote file inclusion vulnerability in childwindow.inc.php in Popper 1.41-r2 and earlier allows remote attackers to execute arbitrary PHP code via the form parameter.

5.0
2005-06-09 CVE-2005-1864 Vincent HOR Remote Security vulnerability in Vincent HOR Calendarix Advanced 1.5

PHP remote file inclusion vulnerability in cal_admintop.php in Calendarix Advanced 1.5 allows remote attackers to execute arbitrary PHP code via the calpath parameter.

5.0
2005-06-07 CVE-2005-1890 Mortiforo Remote Security vulnerability in Mortiforo

Unknown vulnerability in Mortiforo before 0.9.1 allows users to access private forums via unknown attack vectors.

5.0
2005-06-07 CVE-2005-1889 SUN Remote Security vulnerability in SUN Java System web Server 6.0/6.1

Unknown vulnerability in Sun ONE Application Server 6.5 SP1 Maintenance Update 6 and earlier allows attackers to read files.

5.0
2005-06-06 CVE-2005-1885 Yapig Information Disclosure vulnerability in Yapig 0.92B/0.93U/0.94U

view.php in YaPiG 0.92b, 0.93u and 0.94u allows remote attackers to obtain sensitive information via a phid parameter that is not an integer, which reveals the path in an error message.

5.0
2005-06-09 CVE-2005-1887 SUN Local Security vulnerability in SUN Solaris 10.0

Unknown vulnerability in the Sun Solaris C library (libc and libproject) in Solaris 10 allows local users to gain privileges.

4.6
2005-06-09 CVE-2005-1876 Cutephp Local Security vulnerability in Cutephp Cutenews 1.3.6

Direct code injection vulnerability in CuteNews 1.3.6 and earlier allows remote attackers with administrative privileges to execute arbitrary PHP code via certain inputs that are injected into a template (.tpl) file.

4.6
2005-06-08 CVE-2005-1728 Apple Unspecified vulnerability in Apple mac OS X 10.4/10.4.1

MCX Client for Apple Mac OS X 10.4.x up to 10.4.1 insecurely logs Portable Home Directory credentials, which allows local users to obtain the credentials.

4.6
2005-06-07 CVE-2005-1961 Objectweb Security Bypass vulnerability in Consortium C-Jdbc

Unknown vulnerability in ObjectWeb Consortium C-JDBC before 1.3.1 allows local users to bypass intended access restrictions and obtain the cache results from another user.

4.6
2005-06-12 CVE-2005-1955 Singapore Cross-Site Scripting vulnerability in Singapore 0.9.11Beta

Cross-site scripting (XSS) vulnerability in index.php in singapore 0.9.11 allows remote attackers to inject arbitrary web script or HTML via the gallery parameter.

4.3
2005-06-09 CVE-2005-1945 Invision Power Services Cross-Site Scripting vulnerability in Invision Community Blog 1.0/1.1

Cross-site scripting (XSS) vulnerability in the convert_highlite_words function in Invision Blog before 1.1.2 Final allows remote attackers to inject arbitrary web script or HTML via double hex encoded highlight data.

4.3
2005-06-09 CVE-2005-1909 Software602 Unspecified vulnerability in Software602 602Lan Suite 2004

The web server control panel in 602LAN SUITE 2004 allows remote attackers to make it more difficult for the administrator to read portions of log files via a "</pre><!-" sequence in an HTTP GET request in the logon, possibly due to a cross-site scripting (XSS) vulnerability.

4.3
2005-06-09 CVE-2005-1901 Sawmill Cross-Site Scripting vulnerability in Sawmill

Multiple cross-site scripting (XSS) vulnerabilities in Sawmill before 7.1.6 allow remote attackers to inject arbitrary web script or HTML via (1) the username in the Add User window or (2) the license key in the Licensing page.

4.3
2005-06-09 CVE-2005-1895 Flatnuke Cross-Site Scripting vulnerability in Flatnuke 2.5.3

Cross-site scripting (XSS) vulnerability in FlatNuke 2.5.3 allows remote attackers to inject arbitrary web script or HTML via the border or back parameters to (1) help.php or (2) footer.php.

4.3
2005-06-09 CVE-2005-1886 Yapig Cross-Site Scripting vulnerability in Yapig 0.92B/0.93U/0.94U

Cross-site scripting (XSS) vulnerability in view.php in YaPiG 0.92b, 0.93u and 0.94u allows remote attackers to inject arbitrary web script or HTML via (1) the phid parameter or (2) unknown parameters when posting a new comment.

4.3
2005-06-08 CVE-2005-1968 Early Impact Cross-Site Scripting vulnerability in Early Impact Productcart 2.7

Cross-site scripting (XSS) vulnerability in ProductCart Ecommerce before 2.7 allows remote attackers to inject arbitrary web script or HTML via the error parameter to techErr.asp.

4.3
2005-06-08 CVE-2005-1756 Novell Remote vulnerability in Novell NetMail

Cross-site scripting (XSS) vulnerability in the ModWeb agent for Novell NetMail 3.52 before 3.52C allows remote attackers to inject arbitrary web script or HTML via calendar display fields.

4.3
2005-06-07 CVE-2005-1969 Pragma Systems Unspecified vulnerability in Pragma Systems Pragma Telnetserver 6.0

Cross-site scripting (XSS) vulnerability in Pragma Systems Telnetserver 6.0 allows remote attackers to inject arbitrary web script or HTML, and hide activities in log files, via a "<!--" (HTML comment) in a session.

4.3
2005-06-06 CVE-2005-1888 Mediawiki HTML Injection vulnerability in MediaWiki Page Template

Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.5 allows remote attackers to inject arbitrary web script via HTML attributes in page templates.

4.3
2005-06-06 CVE-2005-1877 Lpanel Input Validation vulnerability in Lpanel 1.59

Cross-site scripting (XSS) vulnerability in view_ticket.php in Lpanel 1.59 and earlier allows remote attackers to inject arbitrary web script or HTML and obtain sensitive information via the pid parameter.

4.3

9 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2005-06-08 CVE-2005-1941 Silvercity Local Security vulnerability in Silvercity 0.9.5R1

SilverCity before 0.9.5-r1 installs (1) cgi-styler-form.py, (2) cgi-styler.py, and (3) source2html.py with read and write world permissions, which allows local users to execute arbitrary code.

3.7
2005-06-08 CVE-2005-1727 Apple Unspecified vulnerability in Apple mac OS X Server 10.4/10.4.1

Apple Mac OS X 10.4.x up to 10.4.1 sets insecure world- and group-writable permissions for the (1) system cache folder and (2) Dashboard system widgets, which allows local users to conduct unauthorized file operations via "file race conditions."

3.7
2005-06-09 CVE-2005-1902 E Post Corporation Directory Traversal vulnerability in E-Post Corporation Spa-Pro Mail Atsolomon 4.00

Directory traversal vulnerability in the IMAP service for SPA-PRO Mail @Solomon 4.00 allows remote authenticated users to read other users' mail and perform operations on arbitrary directories via ..

3.6
2005-06-09 CVE-2005-1944 Xmysqladmin Local Security vulnerability in Xmysqladmin 1.0

xmysqladmin 1.0 and earlier allows local users to delete arbitrary files via a symlink attack on a database backup file in /tmp.

2.1
2005-06-09 CVE-2005-1879 Tomasz Lutelmowski Insecure File Creation vulnerability in LutelWall

LutelWall 0.97 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file created by a system call to wget.

2.1
2005-06-08 CVE-2005-1725 Apple Unspecified vulnerability in Apple mac OS X Server 10.4/10.4.1

launchd 106 in Apple Mac OS X 10.4.x up to 10.4.1 allows local users to overwrite arbitrary files via a symlink attack on the socket file in an insecure temporary directory.

2.1
2005-06-08 CVE-2005-0756 Linux Resource Management Errors vulnerability in Linux Kernel 2.6.8.1

ptrace in Linux kernel 2.6.8.1 does not properly verify addresses on the amd64 platform, which allows local users to cause a denial of service (kernel crash).

2.1
2005-06-06 CVE-2005-1880 Everybuddy Unspecified vulnerability in Everybuddy 0.4.3

everybuddy 0.4.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file created by a system call to wget.

2.1
2005-06-09 CVE-2005-1878 Giptables Local Security vulnerability in Giptables Firewall

GIPTables Firewall 1.1 and earlier allows local users to overwrite arbitrary files via a symlink attack on the temp.ip.addresses temporary file.

1.2