Weekly Vulnerabilities Reports > July 4 to 10, 2005

Overview

2 new vulnerabilities reported during this period, including 0 critical vulnerabilities and 1 high severity vulnerabilities. This weekly summary report vulnerabilities in 3 products from 3 vendors including Debian, Ipswitch, and EKG Project. Vulnerabilities are notably categorized as "Link Following", and "Cleartext Storage of Sensitive Information".

1 reported vulnerabilities are remotely exploitables.
1 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
1 reported vulnerabilities are exploitable by an anonymous user.
Debian has the most reported vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES

CRITICAL RISK
VULNERABILITIES

HIGH RISK
VULNERABILITIES

MEDIUM RISK
VULNERABILITIES

LOW RISK
VULNERABILITIES

REMOTELY
EXPLOITABLE

LOCALLY
EXPLOITABLE

EXPLOIT
AVAILABLE

EXPLOITABLE
ANONYMOUSLY

AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

0 Critical Vulnerabilities

DATE	CVE	VENDOR	VULNERABILITY	CVSS

Expand/Hide

1 High Vulnerabilities

DATE	CVE	VENDOR	VULNERABILITY	CVSS
2005-07-06	CVE-2005-2160	Ipswitch	Cleartext Storage of Sensitive Information vulnerability in Ipswitch Imail 2006 IMail stores usernames and passwords in cleartext in a cookie, which allows remote attackers to obtain sensitive information.	7.5

Expand/Hide

1 Medium Vulnerabilities

DATE	CVE	VENDOR	VULNERABILITY	CVSS
2005-07-06	CVE-2005-1916	EKG Project Debian	Link Following vulnerability in multiple products linki.py in ekg 2005-06-05 and earlier allows local users to overwrite or create arbitrary files via a symlink attack on temporary files.	5.5

Expand/Hide

0 Low Vulnerabilities

DATE	CVE	VENDOR	VULNERABILITY	CVSS