Weekly Vulnerabilities Reports > June 20 to 26, 2005

Overview

26 new vulnerabilities reported during this period, including 1 critical vulnerabilities and 13 high severity vulnerabilities. This weekly summary report vulnerabilities in 26 products from 15 vendors including Duware, PHP Arena, THE Cacti Group, Blue Collar Productions, and Fortibus. Vulnerabilities are notably categorized as and "Path Traversal".

  • 24 reported vulnerabilities are remotely exploitables.
  • 1 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 26 reported vulnerabilities are exploitable by an anonymous user.
  • Duware has the most reported vulnerabilities, with 5 reported vulnerabilities.
  • Symantec Veritas has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

1 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2005-06-23 CVE-2005-0771 Symantec Veritas Unspecified vulnerability in Symantec Veritas Backup Exec

VERITAS Backup Exec Server (beserver.exe) 9.0 through 10.0 for Windows allows remote unauthenticated attackers to modify the registry by calling methods to the RPC interface on TCP port 6106.

10.0

13 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2005-06-22 CVE-2005-2049 Duware SQL Injection vulnerability in Duware Duclassmate 1.2

Multiple SQL injection vulnerabilities in DUware DUclassmate 1.2 allow remote attackers to execute arbitrary SQL commands via the (1) iState parameter to default.asp or (2) iPro parameter to edit.asp.

7.5
2005-06-22 CVE-2005-2048 Duware SQL-Injection vulnerability in Duware Duforum 3.1

Multiple SQL injection vulnerabilities in DUware DUforum 3.1, and possibly other versions, allow remote attackers to execute arbitrary SQL commands via the (1) iMsg parameter to messages.asp, iFor parameter to (2) post.asp or (3) forums.asp, or (4) id parameter to userEdit.asp.

7.5
2005-06-22 CVE-2005-2047 Duware SQL-Injection vulnerability in Duware Dupaypal PRO 3.0

Multiple SQL injection vulnerabilities in DUware DUpaypal Pro 3.0 allow remote attackers to execute arbitrary SQL commands via the (1) iCat parameter to cat.asp, (2) iPro parameter to detail.asp, (3) iSub parameter to sub.asp, (4) iCat parameter to catEdit.asp.

7.5
2005-06-22 CVE-2005-2046 Duware SQL-Injection vulnerability in Duamazon PRO 3.0/3.1

Multiple SQL injection vulnerabilities in DUware DUamazon Pro 3.0 and 3.1 allow remote attackers to execute arbitrary SQL commands via the (1) iCat parameter to cat.asp, (2) iSub parameter to sub.asp, (3) iSub parameter to detail.asp, (4) iPro parameter to review.asp, iCat parameter to (5) catEdit.asp, (6) catDelete.asp, (7) productEdit.asp, or (8) productDelete.asp, or (9) iType parameter to type.asp.

7.5
2005-06-22 CVE-2005-2045 Duware SQL-Injection vulnerability in Duware Duportal PRO 3.4.3

Multiple SQL injection vulnerabilities in DUware DUportal PRO 3.4.3 allow remote attackers to execute arbitrary SQL commands via the (1) iChannel parameter to default.asp, (2) iData parameter to detail.asp, (3) iMem parameter to members.asp, (4) iCat parameter to cat.asp, (5) offset parameter to members_listing_approval.asp, or (6) iChannel parameter to channels_edit.asp.

7.5
2005-06-22 CVE-2005-1526 THE Cacti Group Remote File Include vulnerability in RaXnet Cacti Config_Settings.PHP

PHP remote file inclusion vulnerability in config_settings.php in Cacti before 0.8.6e allows remote attackers to execute arbitrary PHP code via the config[include_path] parameter.

7.5
2005-06-22 CVE-2005-1525 THE Cacti Group SQL Injection vulnerability in RaXnet Cacti

SQL injection vulnerability in config_settings.php for Cacti before 0.8.6e allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2005-06-22 CVE-2005-1250 Ipswitch Unspecified vulnerability in Ipswitch Whatsup Professional2005Sp1

SQL injection vulnerability in the logon screen of the web front end (NmConsole/Login.asp) for IpSwitch WhatsUp Professional 2005 SP1 allows remote attackers to execute arbitrary SQL commands via the (1) User Name field (sUserName parameter) or (2) Password (sPassword parameter).

7.5
2005-06-21 CVE-2005-2037 Fortibus SQL-Injection vulnerability in Fortibus CMS

Multiple SQL injection vulnerabilities in Fortibus CMS 4.0.0 allow remote attackers to execute arbitrary SQL commands via (1) the username or password to logon.asp, (2) WeeklyNotesDisplay.asp, or (3) the Search page.

7.5
2005-06-21 CVE-2005-2028 Mercuryboard Remote SQL Injection vulnerability in Mercuryboard Message Board 1.1.4

SQL injection vulnerability in index.php for MercuryBoard 1.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the User-Agent HTTP header.

7.5
2005-06-20 CVE-2005-2012 PHP Arena SQL-Injection vulnerability in PHP Arena Pafaq 1.0Beta4

Multiple SQL injection vulnerabilities in login in paFAQ 1.0 Beta 4 allow remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username or (2) id parameters.

7.5
2005-06-20 CVE-2005-2009 Ublog SQL-Injection vulnerability in Ublog Reload 1.0.5

Multiple SQL injection vulnerabilities in Ublog Reload 1.0.5 allow remote attackers to execute arbitrary SQL commands via the (1) ci, (2) d, or (3) m parameter to index.asp, or the (4) bi parameter to blog_comment.asp.

7.5
2005-06-20 CVE-2005-1992 Yukihiro Matsumoto Command Execution vulnerability in Yukihiro Matsumoto Ruby 1.8

The XMLRPC server in utils.rb for the ruby library (libruby) 1.8 sets an invalid default value that prevents "security protection" using handlers, which allows remote attackers to execute arbitrary commands.

7.5

11 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2005-06-22 CVE-2005-1524 THE Cacti Group Unspecified vulnerability in the Cacti Group Cacti

PHP file inclusion vulnerability in top_graph_header.php in Cacti 0.8.6d and possibly earlier versions allows remote attackers to execute arbitrary PHP code via the config[library_path] parameter.

5.0
2005-06-20 CVE-2005-2040 Telnetd Unspecified vulnerability in Telnetd

Multiple buffer overflows in the getterminaltype function in telnetd for Heimdal before 0.6.5 may allow remote attackers to execute arbitrary code, a different vulnerability than CVE-2005-0468 and CVE-2005-0469.

5.0
2005-06-20 CVE-2005-2038 Fortibus Remote Security vulnerability in Fortibus CMS 4.0.0

Fortibus CMS 4.0.0 allows remote attackers to modify information of other users, including Admin, via the "My info" page.

5.0
2005-06-20 CVE-2005-2033 Blue Collar Productions Path Traversal vulnerability in Blue-Collar Productions I-Gallery 3.3

Directory traversal vulnerability in folderview.asp for Blue-Collar Productions i-Gallery 3.3 allows remote attackers to read arbitrary files and directories via the folder parameter.

5.0
2005-06-20 CVE-2005-2025 Cisco Unspecified vulnerability in Cisco products

Cisco VPN 3000 Concentrator before 4.1.7.F allows remote attackers to determine valid groupnames by sending an IKE Aggressive Mode packet with the groupname in the ID field, which generates a response if the groupname is valid, but does not generate a response for an invalid groupname.

5.0
2005-06-20 CVE-2005-2013 PHP Arena Information Disclosure vulnerability in PHP Arena Pafaq 1.0Beta4

paFAQ 1.0 Beta 4 allows remote attackers to obtain sensitive information via a direct request to admin/backup.php, which contains a backup of the database including usernames and passwords.

5.0
2005-06-20 CVE-2005-2014 PHP Arena Local Security vulnerability in PHP Arena Pafaq 1.0Beta4

The "upload a language pack" feature in paFAQ 1.0 Beta 4 allows remote authenticated administrators to execute arbitrary PHP commands by uploading a malicious language pack.

4.6
2005-06-20 CVE-2005-2034 Blue Collar Productions Cross-Site Scripting vulnerability in Blue-Collar Productions I-Gallery 3.3

Cross-site scripting (XSS) vulnerability in folderview.asp for BlueCollar iGallery 3.3 allows remote attackers to inject arbitrary web script or HTML via the folder parameter.

4.3
2005-06-20 CVE-2005-2021 Cpanel Cross-Site Scripting vulnerability in cPanel User Parameter

Cross-site scripting (XSS) vulnerability in cPanel 9.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the user parameter in the login page.

4.3
2005-06-20 CVE-2005-2011 PHP Arena Cross-Site Scripting vulnerability in PHP Arena Pafaq 1.0Beta4

Multiple cross-site scripting (XSS) vulnerabilities in paFAQ 1.0 Beta 4 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the id parameter in a Question action.

4.3
2005-06-20 CVE-2005-2010 Uapplication Cross-Site Scripting vulnerability in Uapplication Ublog Reload 1.0.5

Cross-site scripting (XSS) vulnerability in trackback.asp in Ublog Reload 1.0.5 allows remote attackers to inject arbitrary web script or HTML via the btitle parameter.

4.3

1 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2005-06-20 CVE-2005-1993 Todd Miller Local Race Condition vulnerability in Todd Miller Sudo

Race condition in sudo 1.3.1 up to 1.6.8p8, when the ALL pseudo-command is used after a user entry in the sudoers file, allows local users to gain privileges via a symlink attack.

3.7