Weekly Vulnerabilities Reports > July 11 to 17, 2005
Overview
96 new vulnerabilities reported during this period, including 5 critical vulnerabilities and 40 high severity vulnerabilities. This weekly summary report vulnerabilities in 77 products from 59 vendors including Mozilla, IBM, Cisco, Microsoft, and Gianluca Baldo. Vulnerabilities are notably categorized as "Improper Verification of Cryptographic Signature", "Cross-site Scripting", "Improper Input Validation", and "Cleartext Storage of Sensitive Information".
- 77 reported vulnerabilities are remotely exploitables.
- 2 reported vulnerabilities have public exploit available.
- 2 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 95 reported vulnerabilities are exploitable by an anonymous user.
- Mozilla has the most reported vulnerabilities, with 11 reported vulnerabilities.
- Moodle has the most reported critical vulnerabilities, with 1 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
5 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2005-07-13 | CVE-2005-2259 | Usanet Creations | Remote Command Execution vulnerability in Multiple USANet Creations Products The dispallclosed2 function in dispallclosed.pl for multiple USANet Creations products, including (1) USANet Shopping Mall Software, (2) Domain Name Auction Software, (3) Standard Classified Ads Software, and (4) MakeBid Reverse Auction allows remote attackers to execute arbitrary code via shell metacharacters in the DISPCLOSED parameter. | 10.0 |
2005-07-13 | CVE-2005-2257 | Phpslash | Remote Security vulnerability in PHPslash 0.8.0 The saveProfile function in PhpSlash 0.8.0 allows remote attackers to modify arbitrary profiles and gain privileges by modifying the author_id parameter. | 10.0 |
2005-07-13 | CVE-2005-2249 | Jinzora | Remote Security vulnerability in Jinzora 2.0.1 Multiple unknown vulnerabilities in Jinzora 2.0.1 have unknown impact and attack vectors, possibly involving a PHP file inclusion vulnerability. | 10.0 |
2005-07-12 | CVE-2005-2247 | Moodle | Unspecified vulnerability in Moodle Multiple unknown vulnerabilities in Moodle before 1.5.1 have unknown impact and attack vectors. | 10.0 |
2005-07-12 | CVE-2005-2222 | Mailenable | Remote Security vulnerability in MailEnable Professional Unknown vulnerability in the HTTPMail service in MailEnable Professional before 1.6 has unknown impact and attack vectors. | 10.0 |
40 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2005-07-13 | CVE-2005-2270 | Mozilla | Unspecified vulnerability in Mozilla Firefox and Mozilla Firefox before 1.0.5 and Mozilla before 1.7.9 does not properly clone base objects, which allows remote attackers to execute arbitrary code by navigating the prototype chain to reach a privileged object. | 7.5 |
2005-07-13 | CVE-2005-2269 | Mozilla | Unspecified vulnerability in Mozilla Firefox and Mozilla Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 does not properly verify the associated types of DOM node names within the context of their namespaces, which allows remote attackers to modify certain tag properties, possibly leading to execution of arbitrary script or code, as demonstrated using an XHTML document with IMG tags with custom properties ("XHTML node spoofing"). | 7.5 |
2005-07-13 | CVE-2005-2267 | Mozilla | Unspecified vulnerability in Mozilla Firefox Firefox before 1.0.5 allows remote attackers to steal information and possibly execute arbitrary code by using standalone applications such as Flash and QuickTime to open a javascript: URL, which is run in the context of the previous page, and may lead to code execution if the standalone application loads a privileged chrome: URL. | 7.5 |
2005-07-13 | CVE-2005-2264 | Mozilla | Unspecified vulnerability in Mozilla Firefox Firefox before 1.0.5 allows remote attackers to steal sensitive information by opening a malicious link in the Firefox sidebar using the _search target, then injecting script into other pages via a data: URL. | 7.5 |
2005-07-13 | CVE-2005-2261 | Mozilla | Unspecified vulnerability in Mozilla Firefox, Mozilla and Thunderbird Firefox before 1.0.5, Thunderbird before 1.0.5, Mozilla before 1.7.9, Netscape 8.0.2, and K-Meleon 0.9 runs XBL scripts even when Javascript has been disabled, which makes it easier for remote attackers to bypass such protection. | 7.5 |
2005-07-13 | CVE-2005-2260 | Mozilla | Unspecified vulnerability in Mozilla Firefox and Mozilla The browser user interface in Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 does not properly distinguish between user-generated events and untrusted synthetic events, which makes it easier for remote attackers to perform dangerous actions that normally could only be performed manually by the user. | 7.5 |
2005-07-13 | CVE-2005-2258 | Squitosoft | Unspecified vulnerability in Squitosoft Squito Gallery 1.33 PHP remote file inclusion vulnerability in photolist.inc.php in Squito Gallery 1.33 allows remote attackers to execute arbitrary code via the photoroot parameter. | 7.5 |
2005-07-13 | CVE-2005-2253 | Gianluca Baldo | SQL-Injection vulnerability in Gianluca Baldo PHPauction 2.5 SQL injection vulnerability in PhpAuction 2.5 allow remote attackers to modify SQL queries via the category parameter to adsearch.php. | 7.5 |
2005-07-13 | CVE-2005-2252 | Gianluca Baldo | Security Bypass vulnerability in Gianluca Baldo PHPauction 2.5 PhpAuction 2.5 allows remote attackers to bypass authentication and gain privileges as another user by setting the PHPAUCTION_RM_ID cookie to the user ID. | 7.5 |
2005-07-13 | CVE-2005-2251 | Secure Reality | Unspecified vulnerability in Secure Reality PHPsecurepages PHP remote file inclusion vulnerability in secure.php in PHPSecurePages (phpSP) 0.28beta and earlier allows remote attackers to execute arbitrary code via the cfgProgDir parameter, a variant of CVE-2001-1468. | 7.5 |
2005-07-13 | CVE-2005-2250 | Nokia | Remote Buffer Overflow vulnerability in Nokia Affix BTFTP Client Filename Buffer overflow in Bluetooth FTP client (BTFTP) in Nokia Affix 2.1.2 and 3.2.0 allows remote attackers to execute arbitrary code via a long filename in an OBEX file share. | 7.5 |
2005-07-12 | CVE-2005-2246 | Iphotoalbum | File Include vulnerability in iPhotoAlbum Multiple PHP remote file inclusion vulnerabilities in iPhotoAlbum 1.1 allow remote attackers to execute arbitrary code via the (1) doc_path parameter to getpage.php or (2) set_menu parameter to lib/static/header.php. | 7.5 |
2005-07-12 | CVE-2005-2245 | F5 | SSL Authentication Bypass vulnerability in F5 BIG-IP Unknown vulnerability in F5 BIG-IP 9.0.2 through 9.1 allows attackers to "subvert the authentication of SSL transactions," via unknown attack vectors, possibly involving NATIVE ciphers. | 7.5 |
2005-07-12 | CVE-2005-2229 | Blog Torrent | Information Disclosure vulnerability in Blog Torrent Blog Torrent 0.92 and earlier stores sensitive files under the web document root in the (1) data or (2) torrents directories with insufficient access control, which allows remote attackers to obtain sensitive information such as account names and password hashes, as demonstrated using data/newusers. | 7.5 |
2005-07-12 | CVE-2005-2216 | Photogal | Unspecified vulnerability in Photogal Photo Gallery PHP remote file inclusion vulnerability in gals.php in PhotoGal Photo Gallery 1.5 and earlier allows remote attackers to execute arbitrary code via the news_file parameter. | 7.5 |
2005-07-12 | CVE-2005-1219 | Microsoft | Buffer Overflow vulnerability in Microsoft Windows Color Management Module ICC Profile Buffer overflow in the Microsoft Color Management Module for Windows allows remote attackers to execute arbitrary code via an image with crafted ICC profile format tags. | 7.5 |
2005-07-12 | CVE-2005-0564 | Microsoft | Unspecified vulnerability in Microsoft Word 2000/2002 Stack-based buffer overflow in Microsoft Word 2000 and Word 2002, and Microsoft Works Suites 2000 through 2004, might allow remote attackers to execute arbitrary code via a .doc file with long font information. | 7.5 |
2005-07-11 | CVE-2005-2213 | MMS Ripper | Remote Security vulnerability in MMS Ripper Buffer overflow in the mms_interp_header function in mms.c in MMS Ripper before 0.6.4 might allow remote attackers to execute arbitrary code via a file with more than 20 streams. | 7.5 |
2005-07-11 | CVE-2005-2206 | Elemental Software | SQL-Injection vulnerability in CartWIZ Multiple SQL injection vulnerabilities in CartWIZ allow remote attackers to modify SQL statements via the (1) idProduct parameter to tellAFriend.asp, (2) sortType parameter to viewSupportTickets.asp, or the id parameter to (3) updateCreditCards.asp or (4) deleteCreditCards.asp. | 7.5 |
2005-07-11 | CVE-2005-2205 | Pngren | Remote Command Execution vulnerability in Pngren 2.0.1 The ReadLog function in kaiseki.cgi in pngren allows remote attackers to execute arbitrary commands via shell metacharacters in the query string. | 7.5 |
2005-07-11 | CVE-2005-2203 | Phpwishlist | Security Bypass vulnerability in phpWishlist login.php in phpWishlist before 0.1.15 allows remote attackers to bypass authentication via a direct request to admin.php. | 7.5 |
2005-07-11 | CVE-2005-2200 | Xerox | Security Bypass vulnerability in Xerox Workcentre 2128, Workcentre 2636 and Workcentre 3545 Multiple unknown vulnerabilities in the MicroServer Web Server for Xerox WorkCentre Pro Color 2128, 2636, and 3545, version 0.001.04.044 through 0.001.04.504, allow attackers to bypass authentication. | 7.5 |
2005-07-11 | CVE-2005-2199 | Skrypty | Unspecified vulnerability in Skrypty PPA Gallery 0.5.6 PHP remote file inclusion vulnerability in inc/functions.inc.php in PPA web photo gallery 0.5.6 allows remote attackers to execute arbitrary code via the config[ppa_root_path] variable. | 7.5 |
2005-07-11 | CVE-2005-2198 | Spid | Unspecified vulnerability in Spid PHP remote file inclusion vulnerability in lang.php in SPiD before 1.3.1 allows remote attackers to execute arbitrary code via the lang_path parameter. | 7.5 |
2005-07-11 | CVE-2005-2197 | ID Board | SQL Injection vulnerability in ID Board ID Board 1.1.3 SQL injection vulnerability in sql.cls.php in Id Board 1.1.3 allows remote attackers to modify SQL queries, as demonstrated using the f parameter to index.php. | 7.5 |
2005-07-11 | CVE-2005-2193 | Punbb | SQL-Injection vulnerability in Punbb SQL injection vulnerability in the user profile edit module in profile.php for PunBB 1.2.5 and earlier allows remote attackers to execute arbitrary SQL statements via the temp array, which is not initialized before it is used and prevents the attacker-supplied portions of the array from being properly escaped. | 7.5 |
2005-07-11 | CVE-2005-2190 | Comersus Open Technologies | SQL-Injection vulnerability in Comersus Cart Multiple SQL injection vulnerabilities in Comersus shopping cart allow remote attackers to execute arbitrary SQL commands via the (1) email parameter to comersus_optAffiliateRegistrationExec.asp or (2) idProduct parameter to comersus_optReviewReadExec.asp. | 7.5 |
2005-07-11 | CVE-2005-2188 | Mcafee | Remote Security vulnerability in IntruShield Security Management System McAfee IntruShield Security Management System obtains the user ID from the URL, which allows remote attackers to guess the Manager account and possibly gain privileges via a brute force attack. | 7.5 |
2005-07-11 | CVE-2005-2185 | EMC | Remote Security vulnerability in Eroom eRoom does not set an expiration for Cookies, which allows remote attackers to capture cookies and conduct replay attacks. | 7.5 |
2005-07-11 | CVE-2005-2184 | EMC | Remote Security vulnerability in Eroom eRoom 6.x does not properly restrict files that can be attached, which allows remote attackers to execute arbitrary commands via a .lnk file. | 7.5 |
2005-07-11 | CVE-2005-2183 | Phpxmail | Security Bypass vulnerability in PHPxmail 0.7/1.1 class.xmail.php in PhpXmail 0.7 through 1.1 does not properly handle large passwords, which prevents an error message from being returned and allows remote attackers to bypass authentication and gain unauthorized access. | 7.5 |
2005-07-11 | CVE-2005-2182 | Grandstream | Improper Verification of Cryptographic Signature vulnerability in Grandstream Bt-100 Firmware Grandstream BudgeTone (BT) 100 Voice over IP (VoIP) phones do not properly check the Call-ID, branch, and tag values in a NOTIFY message to verify a subscription, which allows remote attackers to spoof messages such as the "Messages waiting" message. | 7.5 |
2005-07-11 | CVE-2005-2181 | Cisco | Improper Verification of Cryptographic Signature vulnerability in Cisco IP Phone 7940 Firmware and IP Phone 7960 Firmware Cisco 7940/7960 Voice over IP (VoIP) phones do not properly check the Call-ID, branch, and tag values in a NOTIFY message to verify a subscription, which allows remote attackers to spoof messages such as the "Messages waiting" message. | 7.5 |
2005-07-11 | CVE-2005-2178 | Probe CGI | Remote Security vulnerability in Probe.Cgi probe.cgi allows remote attackers to execute arbitrary commands via shell metacharacters in the olddat parameter. | 7.5 |
2005-07-12 | CVE-2005-2237 | IBM | Local Buffer Overflow vulnerability in IBM AIX Swcons Command Line Argument Format string vulnerability in the swcons command in IBM AIX 5.3, and possibly other versions, might allow local users to execute arbitrary code via long command line arguments. | 7.2 |
2005-07-12 | CVE-2005-2236 | IBM | Local Format String vulnerability in IBM AIX 5.3 Format string vulnerability in the paginit command in IBM AIX 5.3, and possibly other versions, might allow local users to execute arbitrary code via format strings in command line arguments. | 7.2 |
2005-07-12 | CVE-2005-2235 | IBM | Local Buffer Overflow vulnerability in IBM AIX diagTasksWebSM Command Line Argument Buffer overflow in the diagTasksWebSM command in IBM AIX 5.1, 5.2 and 5.3, might allow local users to execute arbitrary code via long command line arguments. | 7.2 |
2005-07-12 | CVE-2005-2234 | IBM | Local Buffer Overflow vulnerability in IBM AIX GetLVName Command Line Argument Buffer overflow in the getlvname command in IBM AIX 5.1, 5.2 and 5.3, might allow local users to execute arbitrary code via long command line arguments. | 7.2 |
2005-07-12 | CVE-2005-2233 | IBM | Local Buffer Overflow vulnerability in IBM AIX Penable Command Line Argument Buffer overflow in multiple "p" commands in IBM AIX 5.1, 5.2 and 5.3 might allow local users to execute arbitrary code via long command line arguments to (1) penable or other hard-linked files including (2) pdisable, (3) pstart, (4) phold, (5) pdelay, or (6) pshare. | 7.2 |
2005-07-12 | CVE-2005-2227 | Softiacom | Local Information Disclosure vulnerability in Softiacom Wmailserver 1.0 Softiacom wMailserver 1.0 stores passwords in plaintext in the Darsite\MAILSRV\Admin key, which allows local users to gain administrator privileges. | 7.2 |
39 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2005-07-13 | CVE-2005-2255 | Gianluca Baldo | Directory Traversal vulnerability in Gianluca Baldo PHPauction 2.5 Directory traversal vulnerability in PhpAuction 2.5 allows remote attackers to read arbitrary files, include local PHP files, or obtain sensitive path information via ".." sequences in the lan parameter to (1) index.php or (2) admin/index.php. | 6.4 |
2005-07-11 | CVE-2005-2212 | Sukria | Remote Security vulnerability in Sukria Backup Manager 0.5.8A Backup Manager 0.5.8a creates an archive repository with world readable and writable permissions, which allows attackers to modify or read the repository. | 6.4 |
2005-07-11 | CVE-2005-2201 | Xerox | Denial-Of-Service vulnerability in Xerox Workcentre 2128, Workcentre 2636 and Workcentre 3545 Unknown vulnerability in the MicroServer Web Server for Xerox WorkCentre Pro Color 2128, 2636, and 3545, version 0.001.04.044 through 0.001.04.504, allow attackers to cause a denial of service or access files via crafted HTTP requests. | 6.4 |
2005-07-11 | CVE-2005-2209 | Capturix | Cleartext Storage of Sensitive Information vulnerability in Capturix Scanshare 1.06 Capturix ScanShare 1.06 build 50 stores sensitive information such as the password in cleartext in capturixss_cfg.ini, which is readable by local users. | 5.5 |
2005-07-13 | CVE-2005-2262 | Mozilla | Unspecified vulnerability in Mozilla Firefox 1.0.3/1.0.4 Firefox 1.0.3 and 1.0.4, and Netscape 8.0.2, allows remote attackers to execute arbitrary code by tricking the user into using the "Set As Wallpaper" (in Firefox) or "Set as Background" (in Netscape) context menu on an image URL that is really a javascript: URL with an eval statement, aka "Firewalling." | 5.1 |
2005-07-13 | CVE-2005-2266 | Mozilla | Unspecified vulnerability in Mozilla Firefox and Mozilla Firefox before 1.0.5 and Mozilla before 1.7.9 allows a child frame to call top.focus and other methods in a parent frame, even when the parent is in a different domain, which violates the same origin policy and allows remote attackers to steal sensitive information such as cookies and passwords from web sites whose child frames do not verify that they are in the same domain as their parents. | 5.0 |
2005-07-13 | CVE-2005-2265 | Mozilla | Unspecified vulnerability in Mozilla Firefox and Mozilla Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 allows remote attackers to cause a denial of service (access violation and crash), and possibly execute arbitrary code, by calling InstallVersion.compareTo with an object instead of a string. | 5.0 |
2005-07-13 | CVE-2005-2263 | Mozilla | Unspecified vulnerability in Mozilla Firefox and Mozilla The InstallTrigger.install method in Firefox before 1.0.5 and Mozilla before 1.7.9 allows remote attackers to execute a callback function in the context of another domain by forcing a page navigation after the install method has been called, which causes the callback to be run in the context of the new page and results in a same origin violation. | 5.0 |
2005-07-13 | CVE-2005-2256 | Phppgadmin | Directory Traversal vulnerability in PHPPGAdmin Login Form Encoded directory traversal vulnerability in phpPgAdmin 3.1 to 3.5.3 allows remote attackers to access arbitrary files via "%2e%2e%2f" (encoded dot dot) sequences in the formLanguage parameter. | 5.0 |
2005-07-13 | CVE-2005-2248 | Sven OVE Bjerkan | Directory Traversal vulnerability in Sven-Ove Bjerkan Downloadprotect 1.0/1.0.1/1.0.2B Directory traversal vulnerability in DownloadProtect before 1.0.3 allows remote attackers to read files above the download folder. | 5.0 |
2005-07-12 | CVE-2005-2244 | Cisco | Remote Heap Buffer Overflow vulnerability in Cisco CallManager AUPair Service The aupair service (aupair.exe) in Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before 4.0(2a)SR2b, and 4.1 4.1 before 4.1(3)SR1 allows remote attackers to execute arbitrary code or corrupt memory via crafted packets that trigger a memory allocation failure and lead to a buffer overflow. | 5.0 |
2005-07-12 | CVE-2005-2243 | Cisco | Failed Logins Remote Denial Of Service vulnerability in Cisco CallManager Memory leak in inetinfo.exe in Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before 4.0(2a)SR2b, and 4.1 4.1 before 4.1(3)SR1, when Multi Level Admin (MLA) is enabled, allows remote attackers to cause a denial of service (memory consumption) via a large number of Admin Service Tool (AST) logins that fail. | 5.0 |
2005-07-12 | CVE-2005-2242 | Cisco | Remote Denial Of Service vulnerability in Cisco CallManager CTI Manager Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before 4.0(2a)SR2b, and 4.1 4.1 before 4.1(3)SR1 allows remote attackers to cause a denial of service (memory consumption and restart) via crafted packets to (1) the CTI Manager (ctimgr.exe) or (2) the CallManager (ccm.exe). | 5.0 |
2005-07-12 | CVE-2005-2241 | Cisco | Remote Denial Of Service vulnerability in Cisco CallManager RISDC Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before 4.0(2a)SR2b, and 4.1 4.1 before 4.1(3)SR1 does not quickly time out Realtime Information Server Data Collection (RISDC) sockets, which results in a "resource leak" that allows remote attackers to cause a denial of service (memory and connection consumption) in RisDC.exe. | 5.0 |
2005-07-12 | CVE-2005-2239 | Oftpd | Denial-Of-Service vulnerability in Oftpd 0.3.7 oftpd 0.3.7 allows remote attackers to cause a denial of service via a USER command with a large number of null (\0) characters. | 5.0 |
2005-07-12 | CVE-2005-2228 | BDC Enterprises | Information Disclosure vulnerability in BDC Enterprises web WIZ Forums 7.9/7.91/8.0Alpha Web Wiz Forums 7.9 and 8.0 allows remote attackers to view message titles of a hidden forum. | 5.0 |
2005-07-12 | CVE-2005-2226 | Microsoft | Multiple vulnerability in Microsoft Outlook Express 6.0 Microsoft Outlook Express 6.0 leaks the default news server account when a user responds to a "watched" conversation thread, which could allow remote attackers to obtain sensitive information. | 5.0 |
2005-07-12 | CVE-2005-2223 | Mailenable | Denial-Of-Service vulnerability in Mailenable Professional and Mailenable Standard Unknown vulnerability in the SMTP service in MailEnable Standard before 1.9 and Professional before 1.6 allows remote attackers to cause a denial of service (crash) during authentication. | 5.0 |
2005-07-12 | CVE-2005-2217 | Craig Dansie | Information Disclosure vulnerability in Dansie Shopping Cart Dansie Shopping Cart stores the vars.dat file under the web root with insufficient access control, which might allow remote attackers to obtain sensitive information such as program variables. | 5.0 |
2005-07-11 | CVE-2005-2208 | Privashare | Denial-Of-Service vulnerability in Privashare 1.1B PrivaShare 1.1b allows remote attackers to cause a denial of service (crash) via a malformed message. | 5.0 |
2005-07-11 | CVE-2005-2192 | Alexander Palmo | Remote Security vulnerability in Alexander Palmo Simple PHP Blog 0.4.0 SimplePHPBlog 0.4.0 stores password hashes in config/password.txt with insufficient access control, which allows remote attackers to obtain passwords via a brute force attack. | 5.0 |
2005-07-11 | CVE-2005-2189 | Lantronix | Information Disclosure vulnerability in Lantronix Securelinx 2.0/3.0 Lantronix SecureLinx console server running firmware 2.0 and 3.0 stores /etc/ssh under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as SSH private keys. | 5.0 |
2005-07-11 | CVE-2005-2179 | Jaws | Remote Security vulnerability in JAWS PHP remote file inclusion vulnerability in BlogModel.php in Jaws 0.5.2 and earlier allows remote attackers to execute arbitrary PHP code via the path parameter. | 5.0 |
2005-07-11 | CVE-2005-2177 | NET Snmp | Improper Input Validation vulnerability in Net-Snmp Net-SNMP 5.0.x before 5.0.10.2, 5.2.x before 5.2.1.2, and 5.1.3, when net-snmp is using stream sockets such as TCP, allows remote attackers to cause a denial of service (daemon hang and CPU consumption) via a TCP packet of length 1, which triggers an infinite loop. | 5.0 |
2005-07-11 | CVE-2005-2170 | IBM | Remote Denial Of Service vulnerability in IBM Tivoli Management Framework 4.1.1 The LCF component (lcfd) in IBM Tivoli Management Framework Endpoint allows remote attackers to cause a denial of service (process exit and connection loss) by connecting to LCF and ending the connection without sending any data. | 5.0 |
2005-07-11 | CVE-2005-2150 | Microsoft | Unspecified vulnerability in Microsoft Windows 2000 and Windows NT Windows NT 4.0 and Windows 2000 before URP1 for Windows 2000 SP4 does not properly prevent NULL sessions from accessing certain alternate named pipes, which allows remote attackers to (1) list Windows services via svcctl or (2) read eventlogs via eventlog. | 5.0 |
2005-07-11 | CVE-2005-1848 | Phystech | Unspecified vulnerability in Phystech Dhcpcd 1.3.17Pl2 The dhcpcd DHCP client before 1.3.22 allows remote attackers to cause a denial of service (daemon crash) via unknown vectors that cause an out-of-bounds memory read. | 5.0 |
2005-07-12 | CVE-2005-2232 | IBM | Local Buffer Overflow vulnerability in IBM AIX 5.1/5.2/5.3 Buffer overflow in invscout in IBM AIX 5.1.0 through 5.3.0 might allow local users to execute arbitrary code via a long command line argument. | 4.6 |
2005-07-12 | CVE-2005-2219 | Hosting Controller | Cross-Site Request Forgery vulnerability in Hosting Controller Hosting Controller 6.1Hotfix2.1 Hosting Controller 6.1 Hotfix 2.1 allows remote authenticated users to perform unauthorized actions, such as modifying the credit limit, via a direct request to AccountActions.asp and modifying the CreditLimit parameter in an UpdateCreditLimit action. | 4.6 |
2005-07-11 | CVE-2005-2214 | Debian | Unspecified vulnerability in Debian Apt-Setup apt-setup in Debian GNU/Linux installs the apt.conf file with insecure permissions, which allows local users to obtain sensitive information such as passwords. | 4.6 |
2005-07-11 | CVE-2005-2211 | Sukria | Local Security vulnerability in Sukria Backup Manager 0.5.8A Backup Manager 0.5.8a creates temporary files insecurely, which allows local users to conduct unauthorized file operations when a user is burning a CDR. | 4.6 |
2005-07-11 | CVE-2005-2187 | Mcafee | Local Security vulnerability in IntruShield Security Management System McAfee IntruShield Security Management System allows remote authenticated users to access the "Generate Reports" feature and modify alerts by setting the Access option to true, as demonstrated using the (1) fullAccess or (2) fullAccessRight parameter in reports-column-center.jsp, or (3) fullAccess parameter to SystemEvent.jsp. | 4.6 |
2005-07-13 | CVE-2005-2254 | Gianluca Baldo | Cross-Site Scripting vulnerability in Gianluca Baldo PHPauction 2.5 Multiple cross-site scripting (XSS) vulnerabilities in PhpAuction 2.5 allow remote attackers to inject arbitrary web script or HTML via the lan parameter to (1) index.php or (2) admin/index.php, or (3) the auction_id parameter to profile.php. | 4.3 |
2005-07-13 | CVE-2005-2095 | Squirrelmail | Unspecified vulnerability in Squirrelmail options_identities.php in SquirrelMail 1.4.4 and earlier uses the extract function to process the $_POST variable, which allows remote attackers to modify or read the preferences of other users, conduct cross-site scripting XSS) attacks, and write arbitrary files. | 4.3 |
2005-07-12 | CVE-2005-2215 | Mediawiki | Cross-Site Scripting vulnerability in MediaWiki Page Move Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.x before 1.4.6 and 1.5 before 1.5beta3 allows remote attackers to inject arbitrary web script or HTML via a parameter in the page move template, a different vulnerability than CVE-2005-1888. | 4.3 |
2005-07-11 | CVE-2005-2207 | Elemental Software | Cross-Site Scripting vulnerability in CartWIZ Cross-site scripting (XSS) vulnerability in store/login.asp in CartWIZ allows remote attackers to inject arbitrary web script or HTML via the message parameter. | 4.3 |
2005-07-11 | CVE-2005-2204 | Broadcom | Unspecified vulnerability in Broadcom Etrust Siteminder 5.5 Cross-site scripting (XSS) vulnerability in Computer Associates (CA) eTrust SiteMinder 5.5, when the "CSSChecking" parameter is set to "NO," allows remote attackers to inject arbitrary web script or HTML via the (1) PASSWORD or (2) BUFFER parameters to smpwservicescgi.exe, (3) the TARGET parameter to login.fcc, and possibly other vectors. | 4.3 |
2005-07-11 | CVE-2005-2202 | Xerox | Cross-Site Scripting vulnerability in Xerox Workcentre 2128, Workcentre 2636 and Workcentre 3545 Cross-site scripting (XSS) vulnerability in the MicroServer Web Server for Xerox WorkCentre Pro Color 2128, 2636, and 3545, version 0.001.04.044 through 0.001.04.504, allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | 4.3 |
2005-07-11 | CVE-2005-2191 | Comersus Open Technologies | Input Validation And Information Disclosure vulnerability in Comersus BackOffice Multiple cross-site scripting (XSS) vulnerabilities in Comersus shopping cart allow remote attackers to inject arbitrary web script or HTML via the (1) name parameter to comersus_backoffice_listAssignedPricesToCustomer.asp or (2) message parameter to comersus_backoffice_message.asp. | 4.3 |
12 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2005-07-11 | CVE-2005-1768 | Linux | Local Buffer Overflow vulnerability in Linux Kernel IA32 ExecVE Race condition in the ia32 compatibility code for the execve system call in Linux kernel 2.4 before 2.4.31 and 2.6 before 2.6.6 allows local users to cause a denial of service (kernel panic) and possibly execute arbitrary code via a concurrent thread that increments a pointer count after the nargs function has counted the pointers, but before the count is copied from user space to kernel space, which leads to a buffer overflow. | 3.7 |
2005-07-13 | CVE-2005-2274 | Microsoft | Unspecified vulnerability in Microsoft Internet Explorer 6.0 Microsoft Internet Explorer 6.0 does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "Dialog Origin Spoofing Vulnerability." | 2.6 |
2005-07-13 | CVE-2005-2273 | Opera | Unspecified vulnerability in Opera Browser Opera 7.x and 8 before 8.01 does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "Dialog Origin Spoofing Vulnerability." | 2.6 |
2005-07-13 | CVE-2005-2272 | Apple | Unspecified vulnerability in Apple Safari 2.0 Safari version 2.0 (412) does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "Dialog Origin Spoofing Vulnerability." | 2.6 |
2005-07-13 | CVE-2005-2271 | Alexander Clauss | Remote Security vulnerability in Alexander Clauss Icab 2.9.8 iCab 2.9.8 does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "Dialog Origin Spoofing Vulnerability." | 2.6 |
2005-07-13 | CVE-2005-2268 | Mozilla | Unspecified vulnerability in Mozilla Firefox and Mozilla Firefox before 1.0.5 and Mozilla before 1.7.9 does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "Dialog Origin Spoofing Vulnerability." | 2.6 |
2005-07-12 | CVE-2005-2240 | Xpvm | Unspecified vulnerability in Xpvm 1.2.5 xpvm.tcl in xpvm 1.2.5 allows local users to overwrite arbitrary files via a symlink attack on the xpvm.trace.$user temporary file. | 2.1 |
2005-07-12 | CVE-2005-2238 | IBM | Denial-Of-Service vulnerability in IBM AIX 5.1/5.2/5.3 ftpd in IBM AIX 5.1, 5.2 and 5.3 allows remote authenticated users to cause a denial of service (port exhaustion and memory consumption) by using all ephemeral ports. | 2.1 |
2005-07-12 | CVE-2005-2231 | High Availability Linux Project | Unspecified vulnerability in High Availability Linux Project Heartbeat 1.2.3 High Availability Linux Project Heartbeat 1.2.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files. | 2.1 |
2005-07-12 | CVE-2005-2230 | Elmo | Unspecified vulnerability in Elmo Electronic Mail Operator (elmo) 1.3.2-r1 and earlier creates the elmostats temporary file insecurely, which allows local users to overwrite arbitrary files. | 2.1 |
2005-07-11 | CVE-2005-2180 | GNU | Local Security vulnerability in Gnats 4.0/4.1.0 gen-index in GNATS 4.0, 4.1.0, and possibly earlier versions, when installed setuid, does not properly check files passed to the -o argument and opens the file with write access, which allows local users to overwrite arbitrary files. | 2.1 |
2005-07-11 | CVE-2005-2186 | Mcafee | Cross-Site Scripting vulnerability in IntruShield Security Management System Multiple cross-site scripting (XSS) vulnerabilities in McAfee IntruShield Security Management System allow remote authenticated users to inject arbitrary web script or HTML via the (1) thirdMenuName or (2) resourceName parameter to SystemEvent.jsp. | 1.9 |