Weekly Vulnerabilities Reports > June 13 to 19, 2005

Overview

74 new vulnerabilities reported during this period, including 2 critical vulnerabilities and 30 high severity vulnerabilities. This weekly summary report vulnerabilities in 87 products from 42 vendors including Microsoft, Apple, SUN, Ultimate PHP Board, and PHP Arena. Vulnerabilities are notably categorized as "Cross-site Scripting", "Code Injection", "Open Redirect", "Information Exposure", and "XXE".

  • 67 reported vulnerabilities are remotely exploitables.
  • 5 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 74 reported vulnerabilities are exploitable by an anonymous user.
  • Microsoft has the most reported vulnerabilities, with 13 reported vulnerabilities.
  • Microsoft has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

2 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2005-06-17 CVE-2005-2023 Suse Remote Security vulnerability in Suse Linux 9.3

The send_pinentry_environment function in asshelp.c in gpg2 on SUSE Linux 9.3 does not properly handle certain options, which can prevent pinentry from being found and causes S/MIME signing to fail.

10.0
2005-06-14 CVE-2005-1208 Microsoft Remote Code Execution vulnerability in Microsoft Windows HTML Help

Integer overflow in Microsoft Windows 98, 2000, XP SP2 and earlier, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code via a crafted compiled Help (.CHM) file with a large size field that triggers a heap-based buffer overflow, as demonstrated using a "ms-its:" URL in Internet Explorer.

10.0

30 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2005-06-18 CVE-2005-0773 Symantec Veritas Remote Agent for Windows Servers Authentication Buffer Overflow vulnerability in Veritas Backup Exec

Stack-based buffer overflow in VERITAS Backup Exec Remote Agent 9.0 through 10.0 for Windows, and 9.0.4019 through 9.1.307 for Netware allows remote attackers to execute arbitrary code via a CONNECT_CLIENT_AUTH request with authentication method type 3 (Windows credentials) and a long password argument.

7.5
2005-06-17 CVE-2005-2029 Amarok Remote Security vulnerability in Amarok web Frontend 1.3

amaroK Web Frontend 1.3 stores the globals.inc file under the web root without a .php extension and insufficient access control, which allows remote attackers to obtain the database username and password via a direct request to the file.

7.5
2005-06-16 CVE-2005-2036 Cool Cafe Chat Information Exposure vulnerability in Cool Cafe Chat Cool Cafe Chat 1.2.1

modifyUser.asp in Cool Cafe (Cool Café) Chat 1.2.1 allows remote attackers to obtain the administrator password and email address via a modified nickname value.

7.5
2005-06-16 CVE-2005-2035 Cool Cafe Chat SQL Injection vulnerability in Cool Cafe Chat Cool Cafe Chat 1.2.1

SQL injection vulnerability in login.asp for Cool Cafe (Cool Café) Chat 1.2.1 allows remote attackers to execute arbitrary SQL commands via the password.

7.5
2005-06-16 CVE-2005-2031 Socialmpn SQL-Injection vulnerability in SocialMPN

Multiple SQL injection vulnerabilities in socialMPN allow remote attackers to execute arbitrary SQL commands via (1) the sid parameter to article.php, (2) uname parameter to user.php, (3) siteid parameter to viewforum.php, (4) username parameter to newtopic.php, the (5) secid or (6) artid parameter to sections.php, (7) siteid parameter to index.php, or (8) sid parameter to friend.php.

7.5
2005-06-16 CVE-2005-2026 Enterasys Remote Security vulnerability in Vertical Horizon VH-2402S 2.05.00/2.05.08.01/2.05.09.07

Enterasys Vertical Horizon VH-2402S before firmware 2.05.05.09 has a hard-coded account and password for debugging, which allows remote attackers to gain privileges.

7.5
2005-06-16 CVE-2005-1971 Interactivephp Directory Traversal vulnerability in Interactivephp Fusionbb 11Beta

Directory traversal vulnerability in InteractivePHP FusionBB .11 Beta and earlier allows remote attackers to include arbitrary local files via ".." sequences in the language parameter.

7.5
2005-06-16 CVE-2005-1967 Early Impact SQL-Injection vulnerability in Productcart Ecommerce

Multiple SQL injection vulnerabilities in ProductCart Ecommerce before 2.7 allow remote attackers to execute arbitrary SQL commands via the (1) idcategory parameter to viewPrd.asp, (2) lid parameter to editCategories.asp, (3) icd parameter to modCustomCardPaymentOpt.asp, or (4) idccr parameter to OptionFieldsEdit.asp.

7.5
2005-06-16 CVE-2005-1965 Glen Campbell Code Injection vulnerability in Glen Campbell Siteframe

PHP remote file inclusion vulnerability in siteframe.php for Broadpool Siteframe allows remote attackers to execute arbitrary code via a URL in the LOCAL_PATH parameter.

7.5
2005-06-16 CVE-2005-1952 Pico Server Remote Security vulnerability in Pico Server Pico Server 3.3

Directory traversal vulnerability in Pico Server (pServ) 3.3 allows remote attackers to read arbitrary files and execute arbitrary commands via a /./ (slash dot slash) before each ..

7.5
2005-06-16 CVE-2005-1721 Apple Unspecified vulnerability in Apple AFP Server

Buffer overflow in the legacy client support for AFP Server for Mac OS X 10.4.1 allows attackers to execute arbitrary code.

7.5
2005-06-16 CVE-2005-1475 Opera Open Redirect vulnerability in Opera Browser

The XMLHttpRequest object in Opera 8.0 Final Build 1095 allows remote attackers to bypass access restrictions and perform unauthorized actions on other domains via a redirect.

7.5
2005-06-15 CVE-2005-2002 Mambo SQL Injection vulnerability in Mambo Open Source Com_Contents

SQL injection vulnerability in content.php in Mambo 4.5.2.2 and earlier allows remote attackers to execute arbitrary SQL commands via the user_rating parameter.

7.5
2005-06-15 CVE-2005-2000 PHP Arena SQL-Injection vulnerability in paFileDB

Multiple SQL injection vulnerabilities in paFileDB 3.1 and earlier allow remote attackers to execute arbitrary SQL commands via the formname parameter (1) in the login form, (2) in the team login form, or (3) to auth.php, (4) select, (5) id, or (6) query parameter to pafiledb.php, or (7) string parameter to search.php.

7.5
2005-06-15 CVE-2005-1306 Adobe XXE vulnerability in Adobe Acrobat and Acrobat Reader

The Adobe Reader control in Adobe Reader and Acrobat 7.0 and 7.0.1 allows remote attackers to determine the existence of files via Javascript containing XML script, aka the "XML External Entity vulnerability."

7.5
2005-06-14 CVE-2005-1216 Microsoft Unspecified vulnerability in Microsoft ISA Server 2000

Microsoft ISA Server 2000 allows remote attackers to connect to services utilizing the NetBIOS protocol via a NetBIOS connection with an ISA Server that uses the NetBIOS (all) predefined packet filter.

7.5
2005-06-14 CVE-2005-1215 Microsoft Unspecified vulnerability in Microsoft ISA Server 2000

Microsoft ISA Server 2000 allows remote attackers to poison the ISA cache or bypass content restriction policies via a malformed HTTP request packet containing multiple Content-Length headers.

7.5
2005-06-14 CVE-2005-1213 Microsoft Buffer Overflow vulnerability in Microsoft Outlook Express NNTP Response Parsing

Stack-based buffer overflow in the news reader for Microsoft Outlook Express (MSOE.DLL) 5.5 SP2, 6, and 6 SP1 allows remote malicious NNTP servers to execute arbitrary code via a LIST response with a long second field.

7.5
2005-06-14 CVE-2005-1212 Microsoft Buffer Overflow vulnerability in Microsoft Step-By-Step Interactive Training Bookmark Link

Buffer overflow in Microsoft Step-by-Step Interactive Training (orun32.exe) allows remote attackers to execute arbitrary code via a bookmark link file (.cbo, cbl, or .cbm extension) with a long User field.

7.5
2005-06-14 CVE-2005-1206 Microsoft Unspecified vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP

Buffer overflow in the Server Message Block (SMB) functionality for Microsoft Windows 2000, XP SP1 and SP2, and Server 2003 and SP1 allows remote attackers to execute arbitrary code via unknown vectors, aka the "Server Message Block Vulnerability."

7.5
2005-06-13 CVE-2005-1972 Interactivephp SQL-Injection vulnerability in Interactivephp Fusionbb 11Beta

Multiple SQL injection vulnerabilities in InteractivePHP FusionBB .11 Beta and earlier allow remote attackers to execute arbitrary SQL commands via (1) the username, which is not properly handled by the insertUser function, or (2) the bb_session_id value in a cookie.

7.5
2005-06-13 CVE-2005-1936 Xerox Remote Authentication Bypass vulnerability in Xerox Document Centre ESS/Network Controller Web Server

Unknown vulnerability in the web server for the ESS/ Network Controller for Xerox Document Centre 240 through 555 running System Software 27.18.017 and earlier allows attackers to "gain unauthorized access."

7.5
2005-06-13 CVE-2005-1935 Microsoft Remote Security vulnerability in Windows NT Terminal Server

Heap-based buffer overflow in the BERDecBitString function in Microsoft ASN.1 library (MSASN1.DLL) allows remote attackers to execute arbitrary code via nested constructed bit strings, which leads to a realloc of a non-null pointer and causes the function to overwrite previously freed memory, as demonstrated using a SPNEGO token with a constructed bit string during HTTP authentication, and a different vulnerability than CVE-2003-0818.

7.5
2005-06-13 CVE-2005-1933 Apple Remote Security vulnerability in Apple mac OS X 10.4

Dashboard in Apple Mac OS X Tiger 10.4 allows attackers to execute arbitrary commands by overriding the behavior of system widgets via a user widget with the same bundle identifier (CFBundleIdentifier), a different vulnerability than CVE-2005-1474.

7.5
2005-06-13 CVE-2005-1760 Redhat Information Disclosure vulnerability in RedHat Linux SysReport Proxy

sysreport 1.3.15 and earlier includes contents of the up2date file in a report, which leaks the password for a proxy server in plaintext and allows local users to gain privileges.

7.5
2005-06-13 CVE-2005-1474 Apple Unspecified vulnerability in Apple mac OS X and mac OS X Server

Dashboard in Apple Mac OS X 10.4.1 allows remote attackers to install widgets via Safari without prompting the user, a different vulnerability than CVE-2005-1933.

7.5
2005-06-13 CVE-2005-0151 Adobe Unspecified vulnerability in Adobe Creative Suite, Photoshop and Premiere

Unknown vulnerability in the installation of Adobe License Management Service, as used in Adobe Photoshop CS, Adobe Creative Suite 1.0, and Adobe Premiere Pro 1.5, allows attackers to gain administrator privileges.

7.5
2005-06-16 CVE-2005-1970 Symantec Local Privileged Command Execution vulnerability in Symantec PCAnywhere

Symantec pcAnywhere 10.5x and 11.x before 11.5, with "Launch with Windows" enabled, allows local users with physical access to execute arbitrary commands via the Caller Properties feature.

7.2
2005-06-16 CVE-2005-1722 Apple Unspecified vulnerability in Apple mac OS X and mac OS X Server

Unknown vulnerability in the CoreGraphics Window Server for Mac OS X 10.4.x up to 10.4.1 allows local users to inject arbitrary commands into root sessions.

7.2
2005-06-14 CVE-2005-1207 Microsoft Unspecified vulnerability in Microsoft Windows 2003 Server and Windows XP

Buffer overflow in the Web Client service in Microsoft Windows XP and Windows Server 2003 allows remote authenticated users to execute arbitrary code via a crafted WebDAV request containing special parameters.

7.2

38 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2005-06-16 CVE-2005-1669 Opera Cross-site Scripting vulnerability in Opera Browser

Cross-site scripting (XSS) vulnerability in Opera 8.0 Final Build 1095 allows remote attackers to inject arbitrary web script or HTML via "javascript:" URLs when a new window or frame is opened, which allows remote attackers to bypass access restrictions and perform unauthorized actions on other domains.

6.8
2005-06-19 CVE-2005-2007 Edgewall Software Directory Traversal vulnerability in Trac

Directory traversal vulnerability in Edgewall Trac 0.8.3 and earlier allows remote attackers to read or write arbitrary files via a ..

6.4
2005-06-16 CVE-2005-1974 SUN Privilege Escalation vulnerability in Sun Java Runtime Environment

Unspecified vulnerability in Java 2 Platform, Standard Edition (J2SE) 5.0 and 5.0 Update 1 and J2SE 1.4.2 up to 1.4.2_07, as used in multiple products and platforms including (1) HP-UX and (2) APC PowerChute, allows applications to assign permissions to themselves and gain privileges.

5.1
2005-06-16 CVE-2005-1973 SUN Privilege Escalation vulnerability in Sun Java Web Start

Java Web Start in Java 2 Platform Standard Edition (J2SE) 5.0 and 5.0 Update 1 allows applications to assign permissions to themselves and gain privileges.

5.1
2005-06-14 CVE-2005-1214 Microsoft Unspecified vulnerability in Microsoft products

Microsoft Agent allows remote attackers to spoof trusted Internet content and execute arbitrary code by disguising security prompts on a malicious Web page.

5.1
2005-06-14 CVE-2005-1211 Microsoft Unspecified vulnerability in Microsoft Internet Explorer 6.0.2900

Buffer overflow in the PNG image rendering component of Microsoft Internet Explorer allows remote attackers to execute arbitrary code via a crafted PNG file.

5.1
2005-06-19 CVE-2005-2039 Nanoblogger Remote Security vulnerability in Nanoblogger 3.1

Unknown vulnerability in "various plugins" for NanoBlogger 3.2.1 and earlier allows remote attackers to execute arbitrary commands.

5.0
2005-06-17 CVE-2005-2043 Xampp Directory Traversal vulnerability in XAMMP

Directory traversal vulnerability in XAMPP before 1.4.14 allows remote attackers to inject arbitrary HTML and PHP code via lang.php.

5.0
2005-06-17 CVE-2005-2024 Vipul Denial Of Service vulnerability in Vipul Razor-Agents 2.70/2.71/2.72

Vipul Razor Agents (razor-agents) before 2.70 allows remote attackers to cause a denial of service via (1) certain "unusual HTML messages" or (2) "certain malformed headers" such as Content-Type.

5.0
2005-06-17 CVE-2005-2008 Yaws Remote Security vulnerability in Webserver

Yaws Webserver 1.55 and earlier allows remote attackers to obtain the source code for yaws scripts via a request to a yaw script with a trailing %00 (null).

5.0
2005-06-17 CVE-2005-2006 Jboss Remote Information Disclosure vulnerability in JBoss Malformed HTTP Request

JBOSS 3.2.2 through 3.2.7 and 4.0.2 allows remote attackers to obtain sensitive information via a GET request (1) with a "%." (percent dot), which reveals the installation path or (2) with a % (percent) before a filename, which reveals the contents of the file.

5.0
2005-06-17 CVE-2005-2004 Ultimate PHP Board Cross-Site Scripting vulnerability in Ultimate PHP Board

Multiple cross-site scripting vulnerabilities in Ultimate PHP Board (UPB) 1.9.6 GOLD and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) ref parameter to login.php, (2) id or (3) page parameter to viewtopic.php, id parameter to (4) profile.php, (5) newpost.php, (6) email.php, (7) icq.php, or (8) aol.php, (9) t_id parameter to newpost.php, (10) ref parameter to getpass.php, or (11) sText parameter to search.php.

5.0
2005-06-16 CVE-2005-2030 Ultimate PHP Board Weak Password Encryption vulnerability in Ultimate PHP Board

Ultimate PHP Board (UPB) 1.9.6 GOLD uses weak encryption for passwords in the users.dat file, which allows attackers to easily decrypt the passwords and gain privileges, possibly after exploiting CVE-2005-2005 to obtain users.dat.

5.0
2005-06-16 CVE-2005-2027 Enterasys Information Disclosure vulnerability in Vertical Horizon VH-2402S 2.05.00/2.05.08.01/2.05.09.07

Enterasys Vertical Horizon VH-2402S before firmware 2.05.05.09 does not properly restrict certain debugging commands to the ADMIN account, which could allow attackers to obtain sensitive information or modify the registry.

5.0
2005-06-16 CVE-2005-2005 Ultimate PHP Board Information Disclosure vulnerability in Ultimate PHP Board

Ultimate PHP Board (UPB) 1.9.6 GOLD and earlier stores the users.dat file under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information on registered users via a direct request to db/users.dat.

5.0
2005-06-16 CVE-2005-2003 Ultimate PHP Board Information Disclosure vulnerability in Ultimate PHP Board Ultimate PHP Board 1.9.6Gold

Ultimate PHP Board (UPB) 1.9.6 GOLD allows remote attackers to obtain sensitive information via an invalid (zero) id parameter to (1) viewtopic.php, (2) profile.php, or (3) newpost.php, which reveals the path in an error message.

5.0
2005-06-16 CVE-2005-1963 Cerberus Information Disclosure vulnerability in Cerberus Helpdesk 0.97.3

Cerberus Helpdesk 0.97.3 allows remote attackers to obtain sensitive information via certain requests to (1) reports.php, (2) knowledgebase.php, or (3) configuration.php, which leaks the information in a PHP error message.

5.0
2005-06-16 CVE-2005-1954 Singapore Information Disclosure vulnerability in Singapore 0.9.11

singapore 0.9.11 allows remote attackers to obtain sensitive information via a direct request to (1) admin.class.php, (2) any .tpl.php file in templates/admin_default/, or (3) any .tpl.php file in templates/default/, which reveal the path in an error message.

5.0
2005-06-16 CVE-2005-1951 Oscommerce HTTP Response Splitting vulnerability in osCommerce

Multiple HTTP Response Splitting vulnerabilities in osCommerce 2.2 Milestone 2 and earlier allow remote attackers to spoof web content and poison web caches via hex-encoded CRLF ("%0d%0a") sequences in the (1) products_id or (2) pid parameter to index.php or (3) goto parameter to banner.php.

5.0
2005-06-16 CVE-2005-1269 ROB Flynn Denial of Service vulnerability in Gaim Yahoo! Protocol Support File Download

Gaim before 1.3.1 allows remote attackers to cause a denial of service (application crash) via a Yahoo! message with non-ASCII characters in a file name.

5.0
2005-06-15 CVE-2005-2041 Hauri Remote Security vulnerability in Hauri Virobot Linux Server 2.0

Buffer overflow in addschup in HAURI ViRobot 2.0, and possibly other products, allows remote attackers to execute arbitrary code via a long ViRobot_ID cookie (HTTP_COOKIE).

5.0
2005-06-15 CVE-2005-2001 PHP Arena Directory Traversal vulnerability in paFileDB

Directory traversal vulnerability in pafiledb.php in paFileDB 3.1 and earlier allows remote attackers to include arbitrary files via a ..

5.0
2005-06-15 CVE-2005-1998 Mcgallery Unspecified vulnerability in Mcgallery 1.1

Directory traversal vulnerability in admin.php in McGallery 1.1 allows remote attackers to read arbitrary files via a ..

5.0
2005-06-15 CVE-2005-1997 Mcgallery Information Disclosure vulnerability in Mcgallery 1.1

show.php in McGallery 1.1 allows remote attackers to connect to arbitrary databases, or gain sensitive information by triggering an error, via a modified host parameter.

5.0
2005-06-15 CVE-2005-1996 Bitrix Code Injection vulnerability in Bitrix Site Manager

PHP remote file inclusion vulnerability in start.php in Bitrix Site Manager 4.0.x allows remote attackers to execute arbitrary PHP code via the _SERVER[DOCUMENT_ROOT] parameter.

5.0
2005-06-15 CVE-2005-1995 Bitrix Information Disclosure vulnerability in Bitrix Site Manager

Bitrix Site Manager 4.0.x allows remote attackers to obtain sensitive information via direct request to (1) subscr_form.php or (2) dbquery_error.php, which reveals the path in an error message.

5.0
2005-06-14 CVE-2005-1994 Finjan Software Remote Security vulnerability in Surfingate

Finjan SurfinGate 7.0SP2 and SP3 allows remote attackers to download blocked files via hex-encoded characters in a filename, as demonstrated using "%2e".

5.0
2005-06-14 CVE-2005-1205 Microsoft Remote Information Disclosure vulnerability in Multiple Vendor Telnet Client

The Telnet client for Microsoft Windows XP, Windows Server 2003, and Windows Services for UNIX allows remote attackers to read sensitive environment variables via the NEW-ENVIRON option with a SEND ENV_USERVAR command.

5.0
2005-06-14 CVE-2005-0488 Microsoft
MIT
SUN
Remote Information Disclosure vulnerability in Multiple Vendor Telnet Client

Certain BSD-based Telnet clients, including those used on Solaris and SuSE Linux, allow remote malicious Telnet servers to read sensitive environment variables via the NEW-ENVIRON option with a SEND ENV_USERVAR command.

5.0
2005-06-13 CVE-2005-1473 Apple Unspecified vulnerability in Apple mac OS X 10.4.1

SecurityAgent in Apple Mac OS X 10.4.1 allows attackers with physical access to bypass the locked screensaver and launch background applications by opening a URL from a text input field.

4.6
2005-06-17 CVE-2005-2022 SUN Cross-Site Scripting vulnerability in SUN Iplanet Messaging Server and ONE Messaging Server

Unknown vulnerability in Webmail in iPlanet Messaging Server 5.2 Patch 1 and Sun ONE Messaging Server 6.2 allows remote attackers to execute arbitrary Javascript, possibly due to a cross-site scripting (XSS) vulnerability.

4.3
2005-06-16 CVE-2005-2044 Adaptive Technology Resource Centre Cross-Site Scripting vulnerability in ATutor

Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.4.3 and 1.5 RC 1 allow remote attackers to inject arbitrary web script or HTML via the (1) show_course parameter to browse.php, (2) subject parameter to contact.php, (3) cid parameter to content.php, (4) l parameter to inbox/send_message.php, the (5) search, (6) words, (7) include, (8) find_in, (9) display_as, or (10) search parameter to search.php, the (11) submit, (12) query, or (13) field parameter to tile.php, the (14) us parameter to forum/subscribe_forum.php, or the (15) roles[], (16) status, (17) submit, or (18) reset_filter parameters to directory.php.

4.3
2005-06-16 CVE-2005-2042 Ajax Spell Unspecified vulnerability in Ajax-Spell

Cross-site scripting (XSS) vulnerability in ajax-spell before 1.8 allows remote attackers to inject arbitrary web script or HTML via onmouseover or other events in HTML tags.

4.3
2005-06-16 CVE-2005-1975 Annuaire HTML Injection vulnerability in Annuaire 1Two 1.0

Multiple cross-site scripting (XSS) vulnerabilities in Annuaire 1Two 1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the id parameter to index.php, or the (2) site_id, (3) nom, (4) email, or (5) commentaire parameters in commentaires.php.

4.3
2005-06-16 CVE-2005-1962 Cerberus Cross-Site Scripting vulnerability in Cerberus Helpdesk 0.97.3

Cross-site scripting (XSS) vulnerability in Cerberus Helpdesk 0.97.3 allows remote attackers to inject arbitrary web script or HTML via the (1) errorcode parameter to index.php or (2) certain fields to clients.php.

4.3
2005-06-16 CVE-2005-1769 Squirrelmail Unspecified vulnerability in Squirrelmail

Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.0 through 1.4.4 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors in (1) the URL or (2) an e-mail message.

4.3
2005-06-15 CVE-2005-1999 PHP Arena Cross-Site Scripting vulnerability in PHP Arena Pafiledb 3.1

Multiple cross-site scripting (XSS) vulnerabilities in pafiledb.php in paFileDB 3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) sortby or (2) filelist parameters to the category action (category.php), or (3) pages parameter in the viewall action (viewall.php).

4.3
2005-06-14 CVE-2005-0563 Microsoft Cross-Site Scripting vulnerability in Microsoft Exchange Server 5.5

Cross-site scripting (XSS) vulnerability in Microsoft Outlook Web Access (OWA) component in Exchange Server 5.5 allows remote attackers to inject arbitrary web script or HTML via an email message with an encoded javascript: URL ("jav&#X41sc
ript:") in an IMG tag.

4.3

4 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2005-06-14 CVE-2005-1937 Mozilla Unspecified vulnerability in Mozilla Firefox and Mozilla

A regression error in Firefox 1.0.3 and Mozilla 1.7.7 allows remote attackers to inject arbitrary Javascript from one page into the frameset of another site, aka the frame injection spoofing vulnerability, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2004-0718.

2.6
2005-06-16 CVE-2005-2032 SUN Arbitrary Local File Overwrite vulnerability in Sun LPAdmin

Unknown vulnerability in lpadmin on Sun Solaris 7, 8, and 9 allows local users to overwrite arbitrary files.

2.1
2005-06-16 CVE-2005-1720 Apple Unspecified vulnerability in Apple AFP Server

AFP Server for Mac OS X 10.4.1, when using an ACL enabled volume, does not properly remove an ACL when a file is copied to a directory that does not use ACLs, which will override the POSIX file permissions for that ACL.

2.1
2005-06-16 CVE-2005-1265 Linux Local Denial Of Service vulnerability in Linux Kernel 2.6.10

The mmap function in the Linux Kernel 2.6.10 can be used to create memory maps with a start address beyond the end address, which allows local users to cause a denial of service (kernel crash).

2.1