Weekly Vulnerabilities Reports > August 8 to 14, 2005
Overview
27 new vulnerabilities reported during this period, including 1 critical vulnerabilities and 10 high severity vulnerabilities. This weekly summary report vulnerabilities in 24 products from 14 vendors including Microsoft, Flatnuke, Gnome, Comdev, and Linux. Vulnerabilities are notably categorized as and "Resource Management Errors".
- 24 reported vulnerabilities are remotely exploitables.
- 27 reported vulnerabilities are exploitable by an anonymous user.
- Microsoft has the most reported vulnerabilities, with 9 reported vulnerabilities.
- Microsoft has the most reported critical vulnerabilities, with 1 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
1 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2005-08-10 | CVE-2005-1983 | Microsoft | Buffer Overflow vulnerability in Microsoft Windows 2000 and Windows XP Stack-based buffer overflow in the Plug and Play (PnP) service for Microsoft Windows 2000 and Windows XP Service Pack 1 allows remote attackers to execute arbitrary code via a crafted packet, and local users to gain privileges via a malicious application, as exploited by the Zotob (aka Mytob) worm. | 10.0 |
10 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2005-08-12 | CVE-2005-2552 | HP | Remote Access vulnerability in HP Proliant DL585 Server Unauthorized Unknown vulnerability in HP ProLiant DL585 servers running Integrated Lights Out (ILO) firmware before 1.81 allows attackers to access server controls when the server is "powered down." | 7.5 |
2005-08-12 | CVE-2005-2551 | Novell | Buffer Overflow vulnerability in Novell Edirectory 8.7.3 Buffer overflow in dhost.exe in iMonitor for Novell eDirectory 8.7.3 on Windows allows attackers to cause a denial of service (crash) and obtain access to files via unknown vectors. | 7.5 |
2005-08-12 | CVE-2005-2550 | Gnome | Format String vulnerability in GNOME Evolution Format string vulnerability in Evolution 1.4 through 2.3.6.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the calendar entries such as task lists, which are not properly handled when the user selects the Calendars tab. | 7.5 |
2005-08-12 | CVE-2005-2549 | Gnome | Format String vulnerability in GNOME Evolution Multiple format string vulnerabilities in Evolution 1.5 through 2.3.6.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) full vCard data, (2) contact data from remote LDAP servers, or (3) task list data from remote servers. | 7.5 |
2005-08-12 | CVE-2005-2547 | Bluez Project | Unspecified vulnerability in Bluez Project Bluez 2.18 security.c in hcid for BlueZ 2.16, 2.17, and 2.18 allows remote attackers to execute arbitrary commands via shell metacharacters in the Bluetooth device name when invoking the PIN helper. | 7.5 |
2005-08-10 | CVE-2005-2536 | Pstotext | Unspecified vulnerability in Pstotext pstotext before 1.8g does not properly use the "-dSAFER" option when calling Ghostscript to extract plain text from PostScript and PDF files, which allows remote attackers to execute arbitrary commands via a malicious PostScript file. | 7.5 |
2005-08-10 | CVE-2005-2535 | Broadcom | Unspecified vulnerability in Broadcom products Buffer overflow in the Discovery Service in BrightStor ARCserve Backup 9.0 through 11.1 allows remote attackers to execute arbitrary commands via a large packet to TCP port 41523, a different vulnerability than CVE-2005-0260. | 7.5 |
2005-08-10 | CVE-2005-1989 | Microsoft | Unspecified vulnerability in Microsoft IE and Internet Explorer Unknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to obtain information and possibly execute code when browsing from a web site to a web folder view using WebDAV, aka "Web Folder Behaviors Cross-Domain Vulnerability". | 7.5 |
2005-08-10 | CVE-2005-1984 | Microsoft | Buffer Overflow vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP Buffer overflow in the Print Spooler service (Spoolsv.exe) for Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code via a malicious message. | 7.5 |
2005-08-10 | CVE-2005-0058 | Microsoft | Buffer Overflow vulnerability in Microsoft Windows Telephony Service Buffer overflow in the Telephony Application Programming Interface (TAPI) for Microsoft Windows 98, Windows 98 SE, Windows ME, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to elevate privileges or execute arbitrary code via a crafted message. | 7.5 |
13 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2005-08-10 | CVE-2005-1990 | Microsoft | Unspecified vulnerability in Microsoft IE and Internet Explorer Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not ActiveX controls, including (1) devenum.dll, (2) diactfrm.dll, (3) wmm2filt.dll, (4) fsusd.dll, (5) dmdskmgr.dll, (6) browsewm.dll, (7) browseui.dll, (8) shell32.dll, (9) mshtml.dll, (10) inetcfg.dll, (11) infosoft.dll, (12) query.dll, (13) syncui.dll, (14) clbcatex.dll, (15) clbcatq.dll, (16) comsvcs.dll, and (17) msconf.dll, which causes memory corruption, aka "COM Object Instantiation Memory Corruption Vulnerability," a different vulnerability than CVE-2005-2087. | 5.1 |
2005-08-10 | CVE-2005-1988 | Microsoft | Unspecified vulnerability in Microsoft IE and Internet Explorer Unknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to execute arbitrary code via a web site or an HTML e-mail containing a crafted JPEG image that causes memory corruption, aka "JPEG Image Rendering Memory Corruption Vulnerability". | 5.1 |
2005-08-12 | CVE-2005-2548 | Linux | Resource Management Errors vulnerability in Linux Kernel 2.6.8 vlan_dev.c in the VLAN code for Linux kernel 2.6.8 allows remote attackers to cause a denial of service (kernel oops from null dereference) via certain UDP packets that lead to a function call with the wrong argument, as demonstrated using snmpwalk on snmpd. | 5.0 |
2005-08-10 | CVE-2005-2546 | Arab Portal | Information Disclosure vulnerability in Arab Portal Arab Portal 2.0 Arab Portal 2.0 allows remote attackers to obtain sensitive information via a long (1) username or (2) password, which reveals the path in an error message when the undefined "errmsg" function is called. | 5.0 |
2005-08-10 | CVE-2005-2544 | Comdev | Remote File Include vulnerability in Comdev Ecommerce 3.0 PHP remote file inclusion vulnerability in config.php in Comdev eCommerce 3.0 allows remote attackers to execute arbitrary PHP code via the path[docroot] parameter. | 5.0 |
2005-08-10 | CVE-2005-2543 | Comdev | Directory Traversal vulnerability in Comdev Ecommerce 3.0 Directory traversal vulnerability in wce.download.php in Comdev eCommerce 3.0 allows remote attackers to download arbitrary files via a .. | 5.0 |
2005-08-10 | CVE-2005-2542 | Invision Power Services | Cross-Site Scripting vulnerability in Invision Power Board Attached File Invision Power Board (IPB) 1.0.3 allows remote attackers to inject arbitrary web script or HTML via an attachment, which is automatically downloaded and processed as HTML. | 5.0 |
2005-08-10 | CVE-2005-2540 | Flatnuke | Unspecified vulnerability in Flatnuke 2.5.5 CRLF injection vulnerability in FlatNuke 2.5.5 and possibly earlier versions allows remote attackers to execute arbitrary PHP commands via an ASCII char 13 (carriage return) in the signature field, which is injected into a PHP script without a preceding comment character, which can then be executed by a direct request. | 5.0 |
2005-08-10 | CVE-2005-2538 | Flatnuke | Denial-Of-Service vulnerability in Flatnuke 2.5.5 FlatNuke 2.5.5 and possibly earlier versions allows remote attackers to obtain sensitive information via (1) a null byte or (2) an MS-DOS device name such as AUX, CON, PRN, COM1, or LPT1 in the mod parameter. | 5.0 |
2005-08-10 | CVE-2005-2537 | Flatnuke | Information Disclosure vulnerability in Flatnuke 2.5.5 FlatNuke 2.5.5 and possibly earlier versions allows remote attackers to obtain sensitive information via a direct request to structure.php. | 5.0 |
2005-08-10 | CVE-2005-1218 | Microsoft | Remote Desktop Protocol Denial Of Service vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP The Microsoft Windows kernel in Microsoft Windows 2000 Server, Windows XP, and Windows Server 2003 allows remote attackers to cause a denial of service (crash) via crafted Remote Desktop Protocol (RDP) requests. | 5.0 |
2005-08-10 | CVE-2005-2545 | Phpopenchat | HTML Injection vulnerability in PHPopenchat 3.0.2 Multiple cross-site scripting (XSS) vulnerabilities in PHPOpenChat 3.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) title or (2) content parameter to profile.php and profile_misc.php, (3) the profile fields in userpage.php, (4) subject or (5) body in mail.php, or (8) disinvited_chatter or (7) invited_chatter parameter to invite.php. | 4.3 |
2005-08-10 | CVE-2005-2539 | Flatnuke | Cross-Site Scripting vulnerability in Flatnuke 2.5.5 Multiple cross-site scripting (XSS) vulnerabilities in FlatNuke 2.5.5 and possibly earlier versions allow remote attackers to inject arbitrary web script or HTML via the (1) bodycolor, (2) backimage, (3) theme, or (4) logo parameter to structure.php, (5) admin, (6) admin_mail, or (7) back parameter to footer.php, or (8) the message body in a news post. | 4.3 |
3 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2005-08-10 | CVE-2005-1982 | Microsoft | Man In The Middle vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP Unknown vulnerability in the PKINIT Protocol for Microsoft Windows 2000, Windows XP, and Windows Server 2003 could allow a local user to obtain information and spoof a server via a man-in-the-middle (MITM) attack between a client and a domain controller when PKINIT smart card authentication is being used. | 3.6 |
2005-08-12 | CVE-2005-2554 | Network Associates | Local Information Disclosure vulnerability in Network Associates Epolicy Orchestrator Agent 3.5.0(Patch3) The web server for Network Associates ePolicy Orchestrator Agent 3.5.0 (patch 3) uses insecure permissions for the "Common Framework\Db" folder, which allows local users to read arbitrary files by creating a subfolder in the EPO agent web root directory. | 2.1 |
2005-08-10 | CVE-2005-1981 | Microsoft | Unspecified vulnerability in Microsoft Windows 2000 and Windows 2003 Server Unknown vulnerability in Microsoft Windows 2000 Server and Windows Server 2003 domain controllers allows remote authenticated users to cause a denial of service (system crash) via a crafted Kerberos message. | 2.1 |