Weekly Vulnerabilities Reports > July 11 to 17, 2005

Overview

103 new vulnerabilities reported during this period, including 6 critical vulnerabilities and 41 high severity vulnerabilities. This weekly summary report vulnerabilities in 82 products from 62 vendors including Mozilla, IBM, Microsoft, Cisco, and Gianluca Baldo. Vulnerabilities are notably categorized as "Resource Management Errors", "Cross-site Scripting", and "Improper Input Validation".

  • 83 reported vulnerabilities are remotely exploitables.
  • 2 reported vulnerabilities have public exploit available.
  • 1 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 103 reported vulnerabilities are exploitable by an anonymous user.
  • Mozilla has the most reported vulnerabilities, with 11 reported vulnerabilities.
  • Nokia has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

6 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2005-07-15 CVE-2005-2277 Nokia Remote Command Execution vulnerability in Nokia Affix BTSRV/BTOBEX

Bluetooth FTP client (BTFTP) in Nokia Affix 2.1.2 and 3.2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename argument of a PUT command.

10.0
2005-07-13 CVE-2005-2259 Usanet Creations Remote Command Execution vulnerability in Multiple USANet Creations Products

The dispallclosed2 function in dispallclosed.pl for multiple USANet Creations products, including (1) USANet Shopping Mall Software, (2) Domain Name Auction Software, (3) Standard Classified Ads Software, and (4) MakeBid Reverse Auction allows remote attackers to execute arbitrary code via shell metacharacters in the DISPCLOSED parameter.

10.0
2005-07-13 CVE-2005-2257 Phpslash Remote Security vulnerability in PHPslash 0.8.0

The saveProfile function in PhpSlash 0.8.0 allows remote attackers to modify arbitrary profiles and gain privileges by modifying the author_id parameter.

10.0
2005-07-13 CVE-2005-2249 Jinzora Remote Security vulnerability in Jinzora 2.0.1

Multiple unknown vulnerabilities in Jinzora 2.0.1 have unknown impact and attack vectors, possibly involving a PHP file inclusion vulnerability.

10.0
2005-07-12 CVE-2005-2247 Moodle Unspecified vulnerability in Moodle

Multiple unknown vulnerabilities in Moodle before 1.5.1 have unknown impact and attack vectors.

10.0
2005-07-12 CVE-2005-2222 Mailenable Remote Security vulnerability in MailEnable Professional

Unknown vulnerability in the HTTPMail service in MailEnable Professional before 1.6 has unknown impact and attack vectors.

10.0

41 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2005-07-13 CVE-2005-2270 Mozilla Unspecified vulnerability in Mozilla Firefox and Mozilla

Firefox before 1.0.5 and Mozilla before 1.7.9 does not properly clone base objects, which allows remote attackers to execute arbitrary code by navigating the prototype chain to reach a privileged object.

7.5
2005-07-13 CVE-2005-2269 Mozilla Unspecified vulnerability in Mozilla Firefox and Mozilla

Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 does not properly verify the associated types of DOM node names within the context of their namespaces, which allows remote attackers to modify certain tag properties, possibly leading to execution of arbitrary script or code, as demonstrated using an XHTML document with IMG tags with custom properties ("XHTML node spoofing").

7.5
2005-07-13 CVE-2005-2267 Mozilla Unspecified vulnerability in Mozilla Firefox

Firefox before 1.0.5 allows remote attackers to steal information and possibly execute arbitrary code by using standalone applications such as Flash and QuickTime to open a javascript: URL, which is run in the context of the previous page, and may lead to code execution if the standalone application loads a privileged chrome: URL.

7.5
2005-07-13 CVE-2005-2264 Mozilla Unspecified vulnerability in Mozilla Firefox

Firefox before 1.0.5 allows remote attackers to steal sensitive information by opening a malicious link in the Firefox sidebar using the _search target, then injecting script into other pages via a data: URL.

7.5
2005-07-13 CVE-2005-2261 Mozilla Unspecified vulnerability in Mozilla Firefox, Mozilla and Thunderbird

Firefox before 1.0.5, Thunderbird before 1.0.5, Mozilla before 1.7.9, Netscape 8.0.2, and K-Meleon 0.9 runs XBL scripts even when Javascript has been disabled, which makes it easier for remote attackers to bypass such protection.

7.5
2005-07-13 CVE-2005-2260 Mozilla Unspecified vulnerability in Mozilla Firefox and Mozilla

The browser user interface in Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 does not properly distinguish between user-generated events and untrusted synthetic events, which makes it easier for remote attackers to perform dangerous actions that normally could only be performed manually by the user.

7.5
2005-07-13 CVE-2005-2258 Squitosoft Unspecified vulnerability in Squitosoft Squito Gallery 1.33

PHP remote file inclusion vulnerability in photolist.inc.php in Squito Gallery 1.33 allows remote attackers to execute arbitrary code via the photoroot parameter.

7.5
2005-07-13 CVE-2005-2253 Gianluca Baldo SQL-Injection vulnerability in Gianluca Baldo PHPauction 2.5

SQL injection vulnerability in PhpAuction 2.5 allow remote attackers to modify SQL queries via the category parameter to adsearch.php.

7.5
2005-07-13 CVE-2005-2252 Gianluca Baldo Security Bypass vulnerability in Gianluca Baldo PHPauction 2.5

PhpAuction 2.5 allows remote attackers to bypass authentication and gain privileges as another user by setting the PHPAUCTION_RM_ID cookie to the user ID.

7.5
2005-07-13 CVE-2005-2251 Secure Reality Unspecified vulnerability in Secure Reality PHPsecurepages

PHP remote file inclusion vulnerability in secure.php in PHPSecurePages (phpSP) 0.28beta and earlier allows remote attackers to execute arbitrary code via the cfgProgDir parameter, a variant of CVE-2001-1468.

7.5
2005-07-13 CVE-2005-2250 Nokia Remote Buffer Overflow vulnerability in Nokia Affix BTFTP Client Filename

Buffer overflow in Bluetooth FTP client (BTFTP) in Nokia Affix 2.1.2 and 3.2.0 allows remote attackers to execute arbitrary code via a long filename in an OBEX file share.

7.5
2005-07-12 CVE-2005-2246 Iphotoalbum File Include vulnerability in iPhotoAlbum

Multiple PHP remote file inclusion vulnerabilities in iPhotoAlbum 1.1 allow remote attackers to execute arbitrary code via the (1) doc_path parameter to getpage.php or (2) set_menu parameter to lib/static/header.php.

7.5
2005-07-12 CVE-2005-2245 F5 SSL Authentication Bypass vulnerability in F5 BIG-IP

Unknown vulnerability in F5 BIG-IP 9.0.2 through 9.1 allows attackers to "subvert the authentication of SSL transactions," via unknown attack vectors, possibly involving NATIVE ciphers.

7.5
2005-07-12 CVE-2005-2229 Blog Torrent Information Disclosure vulnerability in Blog Torrent

Blog Torrent 0.92 and earlier stores sensitive files under the web document root in the (1) data or (2) torrents directories with insufficient access control, which allows remote attackers to obtain sensitive information such as account names and password hashes, as demonstrated using data/newusers.

7.5
2005-07-12 CVE-2005-2221 Incredible Interactive Unspecified vulnerability in Incredible Interactive Dragonfly Commerce

** DISPUTED ** Multiple SQL injection vulnerabilities in Dragonfly Commerce allows remote attackers to modify SQL statements and possibly execute arbitrary SQL commands via the (1) key parameter to dc_Categoriesview.asp, (2) dc_productslist_Clearance.asp, (3) PID parameter to ratings.asp, (4) dc_Productsview.asp, (5) start, (6) key_mp, (7) searchtype, or (8) psearch parameters to dc_forum_Postslist.asp.

7.5
2005-07-12 CVE-2005-2216 Photogal Unspecified vulnerability in Photogal Photo Gallery

PHP remote file inclusion vulnerability in gals.php in PhotoGal Photo Gallery 1.5 and earlier allows remote attackers to execute arbitrary code via the news_file parameter.

7.5
2005-07-12 CVE-2005-1219 Microsoft Buffer Overflow vulnerability in Microsoft Windows Color Management Module ICC Profile

Buffer overflow in the Microsoft Color Management Module for Windows allows remote attackers to execute arbitrary code via an image with crafted ICC profile format tags.

7.5
2005-07-12 CVE-2005-0564 Microsoft Unspecified vulnerability in Microsoft Word 2000/2002

Stack-based buffer overflow in Microsoft Word 2000 and Word 2002, and Microsoft Works Suites 2000 through 2004, might allow remote attackers to execute arbitrary code via a .doc file with long font information.

7.5
2005-07-11 CVE-2005-2213 MMS Ripper Remote Security vulnerability in MMS Ripper

Buffer overflow in the mms_interp_header function in mms.c in MMS Ripper before 0.6.4 might allow remote attackers to execute arbitrary code via a file with more than 20 streams.

7.5
2005-07-11 CVE-2005-2210 Tonec INC Remote Security vulnerability in Tonec Inc. Internet Download Manager 4.05

Stack-based buffer overflow in Internet Download Manager 4.05 allows remote attackers to execute arbitrary code via a long URL.

7.5
2005-07-11 CVE-2005-2206 Elemental Software SQL-Injection vulnerability in CartWIZ

Multiple SQL injection vulnerabilities in CartWIZ allow remote attackers to modify SQL statements via the (1) idProduct parameter to tellAFriend.asp, (2) sortType parameter to viewSupportTickets.asp, or the id parameter to (3) updateCreditCards.asp or (4) deleteCreditCards.asp.

7.5
2005-07-11 CVE-2005-2205 Pngren Remote Command Execution vulnerability in Pngren 2.0.1

The ReadLog function in kaiseki.cgi in pngren allows remote attackers to execute arbitrary commands via shell metacharacters in the query string.

7.5
2005-07-11 CVE-2005-2203 Phpwishlist Security Bypass vulnerability in phpWishlist

login.php in phpWishlist before 0.1.15 allows remote attackers to bypass authentication via a direct request to admin.php.

7.5
2005-07-11 CVE-2005-2200 Xerox Security Bypass vulnerability in Xerox Workcentre 2128, Workcentre 2636 and Workcentre 3545

Multiple unknown vulnerabilities in the MicroServer Web Server for Xerox WorkCentre Pro Color 2128, 2636, and 3545, version 0.001.04.044 through 0.001.04.504, allow attackers to bypass authentication.

7.5
2005-07-11 CVE-2005-2199 Skrypty Unspecified vulnerability in Skrypty PPA Gallery 0.5.6

PHP remote file inclusion vulnerability in inc/functions.inc.php in PPA web photo gallery 0.5.6 allows remote attackers to execute arbitrary code via the config[ppa_root_path] variable.

7.5
2005-07-11 CVE-2005-2198 Spid Unspecified vulnerability in Spid

PHP remote file inclusion vulnerability in lang.php in SPiD before 1.3.1 allows remote attackers to execute arbitrary code via the lang_path parameter.

7.5
2005-07-11 CVE-2005-2197 ID Board SQL Injection vulnerability in ID Board ID Board 1.1.3

SQL injection vulnerability in sql.cls.php in Id Board 1.1.3 allows remote attackers to modify SQL queries, as demonstrated using the f parameter to index.php.

7.5
2005-07-11 CVE-2005-2193 Punbb SQL-Injection vulnerability in Punbb

SQL injection vulnerability in the user profile edit module in profile.php for PunBB 1.2.5 and earlier allows remote attackers to execute arbitrary SQL statements via the temp array, which is not initialized before it is used and prevents the attacker-supplied portions of the array from being properly escaped.

7.5
2005-07-11 CVE-2005-2190 Comersus Open Technologies SQL-Injection vulnerability in Comersus Cart

Multiple SQL injection vulnerabilities in Comersus shopping cart allow remote attackers to execute arbitrary SQL commands via the (1) email parameter to comersus_optAffiliateRegistrationExec.asp or (2) idProduct parameter to comersus_optReviewReadExec.asp.

7.5
2005-07-11 CVE-2005-2188 Mcafee Remote Security vulnerability in IntruShield Security Management System

McAfee IntruShield Security Management System obtains the user ID from the URL, which allows remote attackers to guess the Manager account and possibly gain privileges via a brute force attack.

7.5
2005-07-11 CVE-2005-2185 EMC Remote Security vulnerability in Eroom

eRoom does not set an expiration for Cookies, which allows remote attackers to capture cookies and conduct replay attacks.

7.5
2005-07-11 CVE-2005-2184 EMC Remote Security vulnerability in Eroom

eRoom 6.x does not properly restrict files that can be attached, which allows remote attackers to execute arbitrary commands via a .lnk file.

7.5
2005-07-11 CVE-2005-2183 Phpxmail Security Bypass vulnerability in PHPxmail 0.7/1.1

class.xmail.php in PhpXmail 0.7 through 1.1 does not properly handle large passwords, which prevents an error message from being returned and allows remote attackers to bypass authentication and gain unauthorized access.

7.5
2005-07-11 CVE-2005-2178 Probe CGI Remote Security vulnerability in Probe.Cgi

probe.cgi allows remote attackers to execute arbitrary commands via shell metacharacters in the olddat parameter.

7.5
2005-07-12 CVE-2005-2237 IBM Local Buffer Overflow vulnerability in IBM AIX Swcons Command Line Argument

Format string vulnerability in the swcons command in IBM AIX 5.3, and possibly other versions, might allow local users to execute arbitrary code via long command line arguments.

7.2
2005-07-12 CVE-2005-2236 IBM Local Format String vulnerability in IBM AIX 5.3

Format string vulnerability in the paginit command in IBM AIX 5.3, and possibly other versions, might allow local users to execute arbitrary code via format strings in command line arguments.

7.2
2005-07-12 CVE-2005-2235 IBM Local Buffer Overflow vulnerability in IBM AIX diagTasksWebSM Command Line Argument

Buffer overflow in the diagTasksWebSM command in IBM AIX 5.1, 5.2 and 5.3, might allow local users to execute arbitrary code via long command line arguments.

7.2
2005-07-12 CVE-2005-2234 IBM Local Buffer Overflow vulnerability in IBM AIX GetLVName Command Line Argument

Buffer overflow in the getlvname command in IBM AIX 5.1, 5.2 and 5.3, might allow local users to execute arbitrary code via long command line arguments.

7.2
2005-07-12 CVE-2005-2233 IBM Local Buffer Overflow vulnerability in IBM AIX Penable Command Line Argument

Buffer overflow in multiple "p" commands in IBM AIX 5.1, 5.2 and 5.3 might allow local users to execute arbitrary code via long command line arguments to (1) penable or other hard-linked files including (2) pdisable, (3) pstart, (4) phold, (5) pdelay, or (6) pshare.

7.2
2005-07-12 CVE-2005-2227 Softiacom Local Information Disclosure vulnerability in Softiacom Wmailserver 1.0

Softiacom wMailserver 1.0 stores passwords in plaintext in the Darsite\MAILSRV\Admin key, which allows local users to gain administrator privileges.

7.2
2005-07-12 CVE-2005-1859 SGI Unspecified vulnerability in SGI Propack 3.0/4.0

Unknown vulnerability in arshell in the Array Service (arrayd) for SGI ProPack 3 with SP 5 and 6, and SGI ProPack 4, allows local users to execute arbitrary shells as root on other hosts in the cluster or array.

7.2

43 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2005-07-13 CVE-2005-2255 Gianluca Baldo Directory Traversal vulnerability in Gianluca Baldo PHPauction 2.5

Directory traversal vulnerability in PhpAuction 2.5 allows remote attackers to read arbitrary files, include local PHP files, or obtain sensitive path information via ".." sequences in the lan parameter to (1) index.php or (2) admin/index.php.

6.4
2005-07-11 CVE-2005-2212 Sukria Remote Security vulnerability in Sukria Backup Manager 0.5.8A

Backup Manager 0.5.8a creates an archive repository with world readable and writable permissions, which allows attackers to modify or read the repository.

6.4
2005-07-11 CVE-2005-2201 Xerox Denial-Of-Service vulnerability in Xerox Workcentre 2128, Workcentre 2636 and Workcentre 3545

Unknown vulnerability in the MicroServer Web Server for Xerox WorkCentre Pro Color 2128, 2636, and 3545, version 0.001.04.044 through 0.001.04.504, allow attackers to cause a denial of service or access files via crafted HTTP requests.

6.4
2005-07-13 CVE-2005-2262 Mozilla Unspecified vulnerability in Mozilla Firefox 1.0.3/1.0.4

Firefox 1.0.3 and 1.0.4, and Netscape 8.0.2, allows remote attackers to execute arbitrary code by tricking the user into using the "Set As Wallpaper" (in Firefox) or "Set as Background" (in Netscape) context menu on an image URL that is really a javascript: URL with an eval statement, aka "Firewalling."

5.1
2005-07-13 CVE-2005-2266 Mozilla Unspecified vulnerability in Mozilla Firefox and Mozilla

Firefox before 1.0.5 and Mozilla before 1.7.9 allows a child frame to call top.focus and other methods in a parent frame, even when the parent is in a different domain, which violates the same origin policy and allows remote attackers to steal sensitive information such as cookies and passwords from web sites whose child frames do not verify that they are in the same domain as their parents.

5.0
2005-07-13 CVE-2005-2265 Mozilla Unspecified vulnerability in Mozilla Firefox and Mozilla

Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 allows remote attackers to cause a denial of service (access violation and crash), and possibly execute arbitrary code, by calling InstallVersion.compareTo with an object instead of a string.

5.0
2005-07-13 CVE-2005-2263 Mozilla Unspecified vulnerability in Mozilla Firefox and Mozilla

The InstallTrigger.install method in Firefox before 1.0.5 and Mozilla before 1.7.9 allows remote attackers to execute a callback function in the context of another domain by forcing a page navigation after the install method has been called, which causes the callback to be run in the context of the new page and results in a same origin violation.

5.0
2005-07-13 CVE-2005-2256 Phppgadmin Directory Traversal vulnerability in PHPPGAdmin Login Form

Encoded directory traversal vulnerability in phpPgAdmin 3.1 to 3.5.3 allows remote attackers to access arbitrary files via "%2e%2e%2f" (encoded dot dot) sequences in the formLanguage parameter.

5.0
2005-07-13 CVE-2005-2248 Sven OVE Bjerkan Directory Traversal vulnerability in Sven-Ove Bjerkan Downloadprotect 1.0/1.0.1/1.0.2B

Directory traversal vulnerability in DownloadProtect before 1.0.3 allows remote attackers to read files above the download folder.

5.0
2005-07-12 CVE-2005-2244 Cisco Remote Heap Buffer Overflow vulnerability in Cisco CallManager AUPair Service

The aupair service (aupair.exe) in Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before 4.0(2a)SR2b, and 4.1 4.1 before 4.1(3)SR1 allows remote attackers to execute arbitrary code or corrupt memory via crafted packets that trigger a memory allocation failure and lead to a buffer overflow.

5.0
2005-07-12 CVE-2005-2243 Cisco Failed Logins Remote Denial Of Service vulnerability in Cisco CallManager

Memory leak in inetinfo.exe in Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before 4.0(2a)SR2b, and 4.1 4.1 before 4.1(3)SR1, when Multi Level Admin (MLA) is enabled, allows remote attackers to cause a denial of service (memory consumption) via a large number of Admin Service Tool (AST) logins that fail.

5.0
2005-07-12 CVE-2005-2242 Cisco Remote Denial Of Service vulnerability in Cisco CallManager CTI Manager

Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before 4.0(2a)SR2b, and 4.1 4.1 before 4.1(3)SR1 allows remote attackers to cause a denial of service (memory consumption and restart) via crafted packets to (1) the CTI Manager (ctimgr.exe) or (2) the CallManager (ccm.exe).

5.0
2005-07-12 CVE-2005-2241 Cisco Remote Denial Of Service vulnerability in Cisco CallManager RISDC

Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before 4.0(2a)SR2b, and 4.1 4.1 before 4.1(3)SR1 does not quickly time out Realtime Information Server Data Collection (RISDC) sockets, which results in a "resource leak" that allows remote attackers to cause a denial of service (memory and connection consumption) in RisDC.exe.

5.0
2005-07-12 CVE-2005-2239 Oftpd Denial-Of-Service vulnerability in Oftpd 0.3.7

oftpd 0.3.7 allows remote attackers to cause a denial of service via a USER command with a large number of null (\0) characters.

5.0
2005-07-12 CVE-2005-2228 BDC Enterprises Information Disclosure vulnerability in BDC Enterprises web WIZ Forums 7.9/7.91/8.0Alpha

Web Wiz Forums 7.9 and 8.0 allows remote attackers to view message titles of a hidden forum.

5.0
2005-07-12 CVE-2005-2226 Microsoft Multiple vulnerability in Microsoft Outlook Express 6.0

Microsoft Outlook Express 6.0 leaks the default news server account when a user responds to a "watched" conversation thread, which could allow remote attackers to obtain sensitive information.

5.0
2005-07-12 CVE-2005-2225 Microsoft Unspecified vulnerability in Microsoft MSN Messenger Service

Microsoft MSN Messenger allows remote attackers to cause a denial of service via a plaintext message containing the ".pif" string, which is interpreted as a malicious file extension and causes users to be kicked from a group conversation.

5.0
2005-07-12 CVE-2005-2224 Microsoft Resource Management Errors vulnerability in Microsoft Asp.Net

aspnet_wp.exe in Microsoft ASP.NET web services allows remote attackers to cause a denial of service (CPU consumption from infinite loop) via a crafted SOAP message to an RPC/Encoded method.

5.0
2005-07-12 CVE-2005-2223 Mailenable Denial-Of-Service vulnerability in Mailenable Professional and Mailenable Standard

Unknown vulnerability in the SMTP service in MailEnable Standard before 1.9 and Professional before 1.6 allows remote attackers to cause a denial of service (crash) during authentication.

5.0
2005-07-12 CVE-2005-2220 Incredible Interactive Unspecified vulnerability in Incredible Interactive Dragonfly Commerce

** DISPUTED ** Dragonfly Commerce allows remote attackers to change a product price by modifying the x_DragonflyCartProductPrice hidden field to (1) dc_Categorieslist.asp, (2) dc_Categoriesview.asp, (3) dc_productslist.asp, and (4) dc_productslist_Clearance.asp.

5.0
2005-07-12 CVE-2005-2217 Craig Dansie Information Disclosure vulnerability in Dansie Shopping Cart

Dansie Shopping Cart stores the vars.dat file under the web root with insufficient access control, which might allow remote attackers to obtain sensitive information such as program variables.

5.0
2005-07-11 CVE-2005-2208 Privashare Denial-Of-Service vulnerability in Privashare 1.1B

PrivaShare 1.1b allows remote attackers to cause a denial of service (crash) via a malformed message.

5.0
2005-07-11 CVE-2005-2192 Alexander Palmo Remote Security vulnerability in Alexander Palmo Simple PHP Blog 0.4.0

SimplePHPBlog 0.4.0 stores password hashes in config/password.txt with insufficient access control, which allows remote attackers to obtain passwords via a brute force attack.

5.0
2005-07-11 CVE-2005-2189 Lantronix Information Disclosure vulnerability in Lantronix Securelinx 2.0/3.0

Lantronix SecureLinx console server running firmware 2.0 and 3.0 stores /etc/ssh under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as SSH private keys.

5.0
2005-07-11 CVE-2005-2182 Grandstream Remote Security vulnerability in Grandstream Budgetone 100

Grandstream BudgeTone (BT) 100 Voice over IP (VoIP) phones do not properly check the Call-ID, branch, and tag values in a NOTIFY message to verify a subscription, which allows remote attackers to spoof messages such as the "Messages waiting" message.

5.0
2005-07-11 CVE-2005-2181 Cisco Remote Security vulnerability in 7960 Router

Cisco 7940/7960 Voice over IP (VoIP) phones do not properly check the Call-ID, branch, and tag values in a NOTIFY message to verify a subscription, which allows remote attackers to spoof messages such as the "Messages waiting" message.

5.0
2005-07-11 CVE-2005-2179 Jaws Remote Security vulnerability in JAWS

PHP remote file inclusion vulnerability in BlogModel.php in Jaws 0.5.2 and earlier allows remote attackers to execute arbitrary PHP code via the path parameter.

5.0
2005-07-11 CVE-2005-2177 NET Snmp Improper Input Validation vulnerability in Net-Snmp

Net-SNMP 5.0.x before 5.0.10.2, 5.2.x before 5.2.1.2, and 5.1.3, when net-snmp is using stream sockets such as TCP, allows remote attackers to cause a denial of service (daemon hang and CPU consumption) via a TCP packet of length 1, which triggers an infinite loop.

5.0
2005-07-11 CVE-2005-2170 IBM Remote Denial Of Service vulnerability in IBM Tivoli Management Framework 4.1.1

The LCF component (lcfd) in IBM Tivoli Management Framework Endpoint allows remote attackers to cause a denial of service (process exit and connection loss) by connecting to LCF and ending the connection without sending any data.

5.0
2005-07-11 CVE-2005-2150 Microsoft Unspecified vulnerability in Microsoft Windows 2000 and Windows NT

Windows NT 4.0 and Windows 2000 before URP1 for Windows 2000 SP4 does not properly prevent NULL sessions from accessing certain alternate named pipes, which allows remote attackers to (1) list Windows services via svcctl or (2) read eventlogs via eventlog.

5.0
2005-07-11 CVE-2005-1848 Phystech Unspecified vulnerability in Phystech Dhcpcd 1.3.17Pl2

The dhcpcd DHCP client before 1.3.22 allows remote attackers to cause a denial of service (daemon crash) via unknown vectors that cause an out-of-bounds memory read.

5.0
2005-07-12 CVE-2005-2232 IBM Local Buffer Overflow vulnerability in IBM AIX 5.1/5.2/5.3

Buffer overflow in invscout in IBM AIX 5.1.0 through 5.3.0 might allow local users to execute arbitrary code via a long command line argument.

4.6
2005-07-12 CVE-2005-2219 Hosting Controller Cross-Site Request Forgery vulnerability in Hosting Controller Hosting Controller 6.1Hotfix2.1

Hosting Controller 6.1 Hotfix 2.1 allows remote authenticated users to perform unauthorized actions, such as modifying the credit limit, via a direct request to AccountActions.asp and modifying the CreditLimit parameter in an UpdateCreditLimit action.

4.6
2005-07-11 CVE-2005-2214 Debian Unspecified vulnerability in Debian Apt-Setup

apt-setup in Debian GNU/Linux installs the apt.conf file with insecure permissions, which allows local users to obtain sensitive information such as passwords.

4.6
2005-07-11 CVE-2005-2211 Sukria Local Security vulnerability in Sukria Backup Manager 0.5.8A

Backup Manager 0.5.8a creates temporary files insecurely, which allows local users to conduct unauthorized file operations when a user is burning a CDR.

4.6
2005-07-11 CVE-2005-2187 Mcafee Local Security vulnerability in IntruShield Security Management System

McAfee IntruShield Security Management System allows remote authenticated users to access the "Generate Reports" feature and modify alerts by setting the Access option to true, as demonstrated using the (1) fullAccess or (2) fullAccessRight parameter in reports-column-center.jsp, or (3) fullAccess parameter to SystemEvent.jsp.

4.6
2005-07-13 CVE-2005-2254 Gianluca Baldo Cross-Site Scripting vulnerability in Gianluca Baldo PHPauction 2.5

Multiple cross-site scripting (XSS) vulnerabilities in PhpAuction 2.5 allow remote attackers to inject arbitrary web script or HTML via the lan parameter to (1) index.php or (2) admin/index.php, or (3) the auction_id parameter to profile.php.

4.3
2005-07-13 CVE-2005-2095 Squirrelmail Unspecified vulnerability in Squirrelmail

options_identities.php in SquirrelMail 1.4.4 and earlier uses the extract function to process the $_POST variable, which allows remote attackers to modify or read the preferences of other users, conduct cross-site scripting XSS) attacks, and write arbitrary files.

4.3
2005-07-12 CVE-2005-2215 Mediawiki Cross-Site Scripting vulnerability in MediaWiki Page Move

Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.x before 1.4.6 and 1.5 before 1.5beta3 allows remote attackers to inject arbitrary web script or HTML via a parameter in the page move template, a different vulnerability than CVE-2005-1888.

4.3
2005-07-11 CVE-2005-2207 Elemental Software Cross-Site Scripting vulnerability in CartWIZ

Cross-site scripting (XSS) vulnerability in store/login.asp in CartWIZ allows remote attackers to inject arbitrary web script or HTML via the message parameter.

4.3
2005-07-11 CVE-2005-2204 Broadcom Unspecified vulnerability in Broadcom Etrust Siteminder 5.5

Cross-site scripting (XSS) vulnerability in Computer Associates (CA) eTrust SiteMinder 5.5, when the "CSSChecking" parameter is set to "NO," allows remote attackers to inject arbitrary web script or HTML via the (1) PASSWORD or (2) BUFFER parameters to smpwservicescgi.exe, (3) the TARGET parameter to login.fcc, and possibly other vectors.

4.3
2005-07-11 CVE-2005-2202 Xerox Cross-Site Scripting vulnerability in Xerox Workcentre 2128, Workcentre 2636 and Workcentre 3545

Cross-site scripting (XSS) vulnerability in the MicroServer Web Server for Xerox WorkCentre Pro Color 2128, 2636, and 3545, version 0.001.04.044 through 0.001.04.504, allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

4.3
2005-07-11 CVE-2005-2191 Comersus Open Technologies Input Validation And Information Disclosure vulnerability in Comersus BackOffice

Multiple cross-site scripting (XSS) vulnerabilities in Comersus shopping cart allow remote attackers to inject arbitrary web script or HTML via the (1) name parameter to comersus_backoffice_listAssignedPricesToCustomer.asp or (2) message parameter to comersus_backoffice_message.asp.

4.3

13 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2005-07-11 CVE-2005-1768 Linux Local Buffer Overflow vulnerability in Linux Kernel IA32 ExecVE

Race condition in the ia32 compatibility code for the execve system call in Linux kernel 2.4 before 2.4.31 and 2.6 before 2.6.6 allows local users to cause a denial of service (kernel panic) and possibly execute arbitrary code via a concurrent thread that increments a pointer count after the nargs function has counted the pointers, but before the count is copied from user space to kernel space, which leads to a buffer overflow.

3.7
2005-07-13 CVE-2005-2274 Microsoft Remote Security vulnerability in Microsoft IE 6.0

Microsoft Internet Explorer 6.0 does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "Dialog Origin Spoofing Vulnerability."

2.6
2005-07-13 CVE-2005-2273 Opera Software Remote Security vulnerability in Opera Web Browser

Opera 7.x and 8 before 8.01 does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "Dialog Origin Spoofing Vulnerability."

2.6
2005-07-13 CVE-2005-2272 Apple Unspecified vulnerability in Apple Safari 2.0

Safari version 2.0 (412) does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "Dialog Origin Spoofing Vulnerability."

2.6
2005-07-13 CVE-2005-2271 Alexander Clauss Remote Security vulnerability in Alexander Clauss Icab 2.9.8

iCab 2.9.8 does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "Dialog Origin Spoofing Vulnerability."

2.6
2005-07-13 CVE-2005-2268 Mozilla Unspecified vulnerability in Mozilla Firefox and Mozilla

Firefox before 1.0.5 and Mozilla before 1.7.9 does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "Dialog Origin Spoofing Vulnerability."

2.6
2005-07-12 CVE-2005-2240 Xpvm Unspecified vulnerability in Xpvm 1.2.5

xpvm.tcl in xpvm 1.2.5 allows local users to overwrite arbitrary files via a symlink attack on the xpvm.trace.$user temporary file.

2.1
2005-07-12 CVE-2005-2238 IBM Denial-Of-Service vulnerability in IBM AIX 5.1/5.2/5.3

ftpd in IBM AIX 5.1, 5.2 and 5.3 allows remote authenticated users to cause a denial of service (port exhaustion and memory consumption) by using all ephemeral ports.

2.1
2005-07-12 CVE-2005-2231 High Availability Linux Project Unspecified vulnerability in High Availability Linux Project Heartbeat 1.2.3

High Availability Linux Project Heartbeat 1.2.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files.

2.1
2005-07-12 CVE-2005-2230 Elmo Unspecified vulnerability in Elmo

Electronic Mail Operator (elmo) 1.3.2-r1 and earlier creates the elmostats temporary file insecurely, which allows local users to overwrite arbitrary files.

2.1
2005-07-11 CVE-2005-2180 GNU Local Security vulnerability in Gnats 4.0/4.1.0

gen-index in GNATS 4.0, 4.1.0, and possibly earlier versions, when installed setuid, does not properly check files passed to the -o argument and opens the file with write access, which allows local users to overwrite arbitrary files.

2.1
2005-07-11 CVE-2005-2209 Capturix Cross-Site Scripting vulnerability in Capturix Scanshare 1.06Build50

Capturix ScanShare 1.06 build 50 stores sensitive information such as the password in cleartext in capturixss_cfg.ini, which is readable by local users.

1.9
2005-07-11 CVE-2005-2186 Mcafee Cross-Site Scripting vulnerability in IntruShield Security Management System

Multiple cross-site scripting (XSS) vulnerabilities in McAfee IntruShield Security Management System allow remote authenticated users to inject arbitrary web script or HTML via the (1) thirdMenuName or (2) resourceName parameter to SystemEvent.jsp.

1.9