Weekly Vulnerabilities Reports > September 5 to 11, 2005
Overview
59 new vulnerabilities reported during this period, including 0 critical vulnerabilities and 21 high severity vulnerabilities. This weekly summary report vulnerabilities in 48 products from 48 vendors including Barracuda Networks, Flatnuke, Linux, Openbsd, and Squid. Vulnerabilities are notably categorized as "Permissions, Privileges, and Access Controls", "Incorrect Comparison", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Cross-site Scripting", and "Improper Input Validation".
- 48 reported vulnerabilities are remotely exploitables.
- 1 reported vulnerabilities have public exploit available.
- 1 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 59 reported vulnerabilities are exploitable by an anonymous user.
- Barracuda Networks has the most reported vulnerabilities, with 3 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
0 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|
21 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2005-09-09 | CVE-2005-2871 | Mozilla | Remote Buffer Overflow vulnerability in Mozilla/Netscape/Firefox Browsers Domain Name Buffer overflow in the International Domain Name (IDN) support in Mozilla Firefox 1.0.6 and earlier, and Netscape 8.0.3.3 and 7.2, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a hostname with all "soft" hyphens (character 0xAD), which is not properly handled by the NormalizeIDN call in nsStandardURL::BuildNormalizedSpec. | 7.5 |
2005-09-08 | CVE-2005-2870 | SUN | Remote Security vulnerability in SUN Solaris 10.0 Unknown vulnerability in the net-svc script on Solaris 10 allows remote authenticated users to execute arbitrary code on a DHCP client via certain DHCP responses. | 7.5 |
2005-09-08 | CVE-2005-2867 | Bluewhalecrm | SQL Injection vulnerability in BlueWhaleCRM AccountID SQL injection vulnerability in BlueWhaleCRM allows remote attackers to execute arbitrary SQL commands via the Account ID field. | 7.5 |
2005-09-08 | CVE-2005-2865 | Amember | Remote Security vulnerability in Amember 2.3.4 Multiple PHP remote file inclusion vulnerabilities in aMember Pro 2.3.4 allow remote attackers to execute arbitrary PHP code via the config[root_dir] parameter to (1) mysql.inc.php, (2) efsnet.inc.php, (3) theinternetcommerce.inc.php, (4) cdg.inc.php, (5) compuworld.inc.php, (6) directone.inc.php, (7) authorize_aim.inc.php, (8) beanstream.inc.php, (9) config.inc.php, (10) eprocessingnetwork.inc.php, (11) eway.inc.php, (12) linkpoint.inc.php, (13) logiccommerce.inc.php, (14) netbilling.inc.php, (15) payflow_pro.inc.php, (16) paymentsgateway.inc.php, (17) payos.inc.php, (18) payready.inc.php, or (19) plugnplay.inc.php. | 7.5 |
2005-09-08 | CVE-2005-2862 | Road Runner | Remote Security vulnerability in Road Runner Adsl Road Runner Modem Annexa ADSL Road Runner modem in the Annex A family has a service running on port 224, which allows remote attackers to login to the modem with a blank password and gain unauthorized access. | 7.5 |
2005-09-08 | CVE-2005-2857 | Softstack | Remote Security vulnerability in Softstack Free Smtp Server 2.2 Free SMTP Server 2.2 allows remote attackers to use the server as an open mail relay (spam proxy). | 7.5 |
2005-09-08 | CVE-2005-2856 | Winace | Buffer Errors vulnerability in Winace 2.6.0.0 Stack-based buffer overflow in the WinACE UNACEV2.DLL third-party compression utility before 2.6.0.0, as used in multiple products including (1) ALZip 5.51 through 6.11, (2) Servant Salamander 2.0 and 2.5 Beta 1, (3) WinHKI 1.66 and 1.67, (4) ExtractNow 3.x, (5) Total Commander 6.53, (6) Anti-Trojan 5.5.421, (7) PowerArchiver before 9.61, (8) UltimateZip 2.7,1, 3.0.3, and 3.1b, (9) Where Is It (WhereIsIt) 3.73.501, (10) FilZip 3.04, (11) IZArc 3.5 beta3, (12) Eazel 1.0, (13) Rising Antivirus 18.27.21 and earlier, (14) AutoMate 6.1.0.0, (15) BitZipper 4.1 SR-1, (16) ZipTV, and other products, allows user-assisted attackers to execute arbitrary code via a long filename in an ACE archive. | 7.5 |
2005-09-08 | CVE-2005-2847 | Barracuda Networks | Remote Command Execution vulnerability in Barracuda Networks Barracuda Spam Firewall 3.1.16/3.1.17 img.pl in Barracuda Spam Firewall running firmware 3.1.16 and 3.1.17 allows remote attackers to execute arbitrary commands via shell metacharacters in the f parameter. | 7.5 |
2005-09-08 | CVE-2005-2844 | Indiatimes Messenger | Remote Buffer Overflow vulnerability in Indiatimes Messenger Indiatimes Messenger 6.0 Buffer overflow in MMClient.exe in Indiatimes Messenger 6.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long group name argument to the RenameGroup function in the MMClient.MunduMessenger.1 ActiveX object. | 7.5 |
2005-09-08 | CVE-2005-2843 | Helpdesk Software | Authentication Bypass vulnerability in Helpdesk Software Hesk 0.92 Helpdesk software Hesk 0.92 does not properly verify usernames and passwords, which allows remote attackers to bypass authentication via a direct request to admin_main.php. | 7.5 |
2005-09-08 | CVE-2005-2842 | Dameware Development | Buffer Overflow vulnerability in DameWare Mini Remote Control Buffer overflow in dwrcs.exe in DameWare Mini Remote Control before 4.9.0 allows remote attackers to execute arbitrary code via the username. | 7.5 |
2005-09-08 | CVE-2005-2841 | Cisco | Denial-Of-Service vulnerability in IOS Buffer overflow in Firewall Authentication Proxy for FTP and/or Telnet Sessions for Cisco IOS 12.2ZH and 12.2ZL, 12.3 and 12.3T, and 12.4 and 12.4T allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted user authentication credentials. | 7.5 |
2005-09-07 | CVE-2005-2838 | Mywebland | SQL Injection vulnerability in Mywebland Mybloggie 2.1.1/2.1.2/2.1.3Beta SQL injection vulnerability in login.php in myBloggie 2.1.3-beta and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter. | 7.5 |
2005-09-07 | CVE-2005-2819 | Eric Fichot | Permissions, Privileges, and Access Controls vulnerability in Eric Fichot Downfile 1.3 DownFile 1.3 allows remote attackers to gain administrator privileges via a direct request to (1) update.php, (2) del.php, and (3) add_form.php. | 7.5 |
2005-09-07 | CVE-2005-2812 | Man2Web | Scripts Command Execution vulnerability in Man2Web 0.87/0.88 man2web allows remote attackers to execute arbitrary commands via -P arguments. | 7.5 |
2005-09-07 | CVE-2005-2808 | Frox | Security Bypass vulnerability in Frox 0.7.16/0.7.17 frox 0.7.16 and 0.7.17 does not properly parse certain Deny ACLs, which might allow attackers to bypass intended restrictions and access blocked hosts. | 7.5 |
2005-09-06 | CVE-2005-2763 | Openttd | Unspecified vulnerability in Openttd Multiple format string vulnerabilities in OpenTTD before 0.4.0.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors. | 7.5 |
2005-09-06 | CVE-2005-2801 | Linux | Incorrect Comparison vulnerability in Linux Kernel 2.6.0 xattr.c in the ext2 and ext3 file system code for Linux kernel 2.6 does not properly compare the name_index fields when sharing xattr blocks, which could prevent default ACLs from being applied. | 7.5 |
2005-09-07 | CVE-2005-2810 | Urban | Local Security vulnerability in Urban Multiple stack-based buffer overflows in urban before 1.5.3 allow local users to gain privileges via a long HOME environment variable to (1) config.cc, (2) game.cc, (3) highscor.cc, or (4) meny.cc. | 7.2 |
2005-09-07 | CVE-2005-2807 | Frox | Unspecified vulnerability in Frox 0.7.18 frox 0.7.18, when running setuid root, does not properly drop privileges when reading a configuration file, which allows local users to read portions of arbitrary files via the -f command line option. | 7.2 |
2005-09-06 | CVE-2005-2494 | KDE | Local Privilege Escalation vulnerability in KDE kcheckpass kcheckpass in KDE 3.2.0 up to 3.4.2 allows local users to gain root access via a symlink attack on lock files. | 7.2 |
33 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2005-09-08 | CVE-2005-2849 | Barracuda Networks | Remote Security vulnerability in Barracuda Networks Barracuda Spam Firewall 3.1.16/3.1.17 Argument injection vulnerability in Barracuda Spam Firewall running firmware 3.1.16 and 3.1.17 allows remote attackers to (1) read portions of source code via the -f option to Dig (dig_device.cgi), (2) determine file existence via the -r argument to Tcpdump (tcpdump_device.cgi) or (3) modify files in the cgi-bin directory via the -w argument to Tcpdump. | 6.4 |
2005-09-07 | CVE-2005-2815 | Flatnuke | Denial-Of-Service vulnerability in Flatnuke 2.5.6 print.php in FlatNuke 2.5.6 allows remote attackers to obtain sensitive information (path disclosure on error) or cause a denial of service (resource consumption) via an MS-DOS device name in the news parameter to print.php, such as (1) AUX, (2) CON, (3) PRN, (4) COM1, or (5) LPT1. | 6.4 |
2005-09-08 | CVE-2005-2854 | Thesitewizard COM | Unspecified vulnerability in Thesitewizard.Com Chfeedback.Pl Feedback Form Perl Script 2.0.1 CRLF injection vulnerability in thesitewizard.com chfeedback.pl Feedback Form Perl Script 2.0.1 allows remote attackers to use the script as a mail relay (spam proxy) via CRLF sequences in the (1) name or (2) email fields, which are injected into mail headers. | 5.0 |
2005-09-08 | CVE-2005-2852 | Novell | Denial-Of-Service vulnerability in Novell Netware 5.1/6.0/6.5 Unknown vulnerability in CIFS.NLM in Novell Netware 6.5 SP2 and SP3, 5.1, and 6.0 allows remote attackers to cause a denial of service (ABEND) via an incorrect password length, as exploited by the "worm.rbot.ccc" worm. | 5.0 |
2005-09-08 | CVE-2005-2850 | Whitsoft Development | Denial-Of-Service vulnerability in Whitsoft Development Slimftpd 3.17 SlimFTPd 3.17 allows remote attackers to cause a denial of service (crash) via certain (1) USER and (2) PASS commands, possibly due to a buffer overflow or off-by-one error. | 5.0 |
2005-09-08 | CVE-2005-2848 | Barracuda Networks | Remote Directory Traversal vulnerability in Barracuda Networks Barracuda Spam Firewall 3.1.16/3.1.17 Directory traversal vulnerability in img.pl in Barracuda Spam Firewall running firmware 3.1.16 and 3.1.17 allows remote attackers to read arbitrary files via a .. | 5.0 |
2005-09-08 | CVE-2005-2845 | Ariba | Information Disclosure vulnerability in Ariba Spend Management Solutions Ariba Spend Management System sends the username and password to the server in plaintext in a POST request, which allows remote attackers to obtain sensitive information. | 5.0 |
2005-09-08 | CVE-2005-2020 | 3Com | Unspecified vulnerability in 3Com 3C15100D 5.0.2 Directory traversal vulnerability in the web server for 3Com Network Supervisor 5.0.2 allows remote attackers to read arbitrary files via ".." sequences in the URL to TCP port 21700. | 5.0 |
2005-09-07 | CVE-2005-2817 | Simple Machines | Information Disclosure vulnerability in Simple Machines Simple Machines Forum 1.0.5 Simple Machines Forum (SMF) 1-0-5 and earlier supports the use of URLs for avatar images, which allows remote attackers to monitor sensitive information of forum visitors such as IP address and user agent, as demonstrated using a PHP script on a malicious server. | 5.0 |
2005-09-07 | CVE-2005-2813 | Flatnuke | Directory Traversal vulnerability in Flatnuke 2.5.6 Directory traversal vulnerability in FlatNuke 2.5.6 and possibly earlier allows remote attackers to read arbitrary files via ".." sequences and "%00" (trailing null byte) characters in the id parameter to the read mod in index.php. | 5.0 |
2005-09-07 | CVE-2005-2796 | Squid | Remote Denial Of Service vulnerability in Squid Proxy SSLConnectTimeout The sslConnectTimeout function in ssl.c for Squid 2.5.STABLE10 and earlier allows remote attackers to cause a denial of service (segmentation fault) via certain crafted requests. | 5.0 |
2005-09-07 | CVE-2005-2794 | Squid | Remote Denial Of Service vulnerability in Squid Proxy Aborted Requests store.c in Squid 2.5.STABLE10 and earlier allows remote attackers to cause a denial of service (crash) via certain aborted requests that trigger an assert error related to STORE_PENDING. | 5.0 |
2005-09-06 | CVE-2005-2806 | Trevor Hogan | Improper Input Validation vulnerability in Trevor Hogan Bnbt 7.5Betarelease2/7.5Betarelease3/7.720041027R3 client.cpp in BNBT EasyTracker 7.7r3.2004.10.27 and earlier allows remote attackers to cause a denial of service (application hang) via an HTTP header containing only a ":" (colon), possibly leading to an integer signedness error due to a missing field name or value. | 5.0 |
2005-09-06 | CVE-2005-2805 | E107 | Unspecified vulnerability in E107 0.603/0.616/0.617 forum_post.php in e107 0.6 allows remote attackers to post to non-existent forums by modifying the forum number. | 5.0 |
2005-09-06 | CVE-2005-2798 | Openbsd | Unspecified vulnerability in Openbsd Openssh sshd in OpenSSH before 4.2, when GSSAPIDelegateCredentials is enabled, allows GSSAPI credentials to be delegated to clients who log in using non-GSSAPI methods, which could cause those credentials to be exposed to untrusted users or hosts. | 5.0 |
2005-09-06 | CVE-2005-2797 | Openbsd | Unspecified vulnerability in Openbsd Openssh 4.0 OpenSSH 4.0, and other versions before 4.2, does not properly handle dynamic port forwarding ("-D" option) when a listen address is not provided, which may cause OpenSSH to enable the GatewayPorts functionality. | 5.0 |
2005-09-08 | CVE-2005-2866 | Mercora | Mercora IMRadio 4.0.0.0 stores usernames and passwords in plaintext in the MercoraClient\Profiles registry key, which allows local users to gain privileges. | 4.6 |
2005-09-08 | CVE-2005-2859 | Savant | Local Security vulnerability in Savant Webserver 3.1 Savant Web Server stores user credentials in plaintext in the Savant\Users registry key, which allows local users to gain privileges. | 4.6 |
2005-09-07 | CVE-2005-2811 | NET Snmp | Local Security vulnerability in Net-SNMP Untrusted search path vulnerability in Net-SNMP 5.2.1.2 and earlier, on Gentoo Linux, installs certain Perl modules with an insecure DT_RPATH, which could allow local users to gain privileges. | 4.6 |
2005-09-08 | CVE-2005-2869 | Phpmyadmin | Unspecified vulnerability in PHPmyadmin Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.6.4 allow remote attackers to inject arbitrary web script or HTML via (1) the Username to libraries/auth/cookie.auth.lib.php or (2) the error parameter to error.php. | 4.3 |
2005-09-08 | CVE-2005-2863 | Open Webmail | Cross-Site Scripting vulnerability in Open Webmail Open Webmail 2.41 Cross-site scripting (XSS) vulnerability in openwebmail-main.pl in OpenWebMail 2.41 allows remote attackers to inject arbitrary web script or HTML via the sessionid parameter. | 4.3 |
2005-09-08 | CVE-2005-2861 | N Stalker | HTML Injection vulnerability in N-Stalker N-Stealth Commercial5.8/Free5.8 Cross-site scripting (XSS) vulnerability in N-Stealth Commercial Edition before 5.8.0.38 and Free Edition before 5.8.1.03 allows remote attackers to inject arbitrary web script or HTML via the Server field in an HTTP response header, which is directly injected into an HTML report. | 4.3 |
2005-09-08 | CVE-2005-2860 | Nikto | HTML Injection vulnerability in Multiple Vendor Web Vulnerability Scanners Cross-site scripting (XSS) vulnerability in Nikto 1.35 and earlier allows remote attackers to inject arbitrary web script or HTML via the Server field in an HTTP response header, which is directly injected into an HTML report. | 4.3 |
2005-09-08 | CVE-2005-2855 | Unclassified Newsboard | HTML Injection vulnerability in Unclassified Newsboard Unclassified Newsboard 1.5.3 Cross-site scripting (XSS) vulnerability in Unclassified NewsBoard 1.5.3 allows remote attackers to inject arbitrary web script or HTML via the description field. | 4.3 |
2005-09-08 | CVE-2005-2853 | Guppy | HTML Injection vulnerability in Guppy 4.5/4.5.3/4.5.3A Multiple cross-site scripting (XSS) vulnerabilities in GuppY 4.5.3a and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the pg parameter to printfaq.php, or the (2) Referer or (3) User-Agent HTTP headers, which are not properly handled by error.php. | 4.3 |
2005-09-07 | CVE-2005-2839 | Maxdev | Cross-Site Scripting vulnerability in Maxdev Md-Pro 1.0.72 Multiple cross-site scripting (XSS) vulnerabilities in MAXdev MD-Pro 1.0.72 allow remote attackers to inject arbitrary web script or HTML via (1) dl-search.php or (2) wl-search.php. | 4.3 |
2005-09-07 | CVE-2005-2836 | Phorum | Cross-Site Scripting vulnerability in Phorum Multiple cross-site scripting (XSS) vulnerabilities in Phorum 5.0.17a and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the username parameter to register.php or (2) a signature of a logged-in user in "My Control Center," which is not properly handled by control.php. | 4.3 |
2005-09-07 | CVE-2005-2820 | Inter7 | Unspecified vulnerability in Inter7 Sqwebmail 5.0.4 Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 allows remote attackers to inject arbitrary web script or HTML via an e-mail message containing Internet Explorer "Conditional Comments" such as "[if]" and "[endif]". | 4.3 |
2005-09-07 | CVE-2005-2818 | Eric Fichot | Cross-Site Scripting vulnerability in Eric Fichot Downfile 1.3 Cross-site scripting (XSS) vulnerability in DownFile 1.3 allows remote attackers to inject arbitrary web script or HTML via the id parameter to (1) email.php,(2) index.php, (3) del.php, or (4) add_form.php. | 4.3 |
2005-09-07 | CVE-2005-2816 | Greymatter | Cross-Site Scripting vulnerability in Greymatter Cross-site scripting (XSS) vulnerability in Greymatter allows remote attackers to inject arbitrary web script or HTML via a post comment, which is recorded in a log file but not properly handled when the administrator uses "View Control Panel Log" to read the log file. | 4.3 |
2005-09-07 | CVE-2005-2814 | Flatnuke | Cross-Site Scripting vulnerability in Flatnuke 2.5.6 Cross-site scripting (XSS) vulnerability in FlatNuke 2.5.6 allows remote attackers to inject arbitrary web script or HTML via the usr parameter in a vis_reg operation to index.php. | 4.3 |
2005-09-06 | CVE-2005-2803 | Hiki | Cross-Site Scripting vulnerability in Hiki 0.8.0/0.8.1/0.8.2 Cross-site scripting (XSS) vulnerability in Hiki 0.8.1 to 0.8.2 allows remote attackers to inject arbitrary web script or HTML via a page name in a Login link, a different vulnerability than CVE-2005-2336. | 4.3 |
2005-09-06 | CVE-2005-2336 | Hiki | Cross-Site Scripting vulnerability in Hiki 0.8.0/0.8.1/0.8.2 Cross-site scripting (XSS) vulnerability in Hiki 0.8.0 to 0.8.2 allows remote attackers to inject arbitrary web script or HTML via "missing pages" in which the page name is not properly escaped, a different vulnerability than CVE-2005-2803. | 4.3 |
5 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2005-09-09 | CVE-2005-2873 | Linux | Remote Denial of Service vulnerability in Linux Kernel Netfilter Ipt_recent The ipt_recent kernel module (ipt_recent.c) in Linux kernel 2.6.12 and earlier does not properly perform certain time tests when the jiffies value is greater than LONG_MAX, which can cause ipt_recent netfilter rules to block too early, a different vulnerability than CVE-2005-2872. | 2.1 |
2005-09-08 | CVE-2005-2864 | Urban | Local Security vulnerability in Urban URBAN 1.5.3_1 allows local users to overwrite arbitrary files via a symlink attack on the (1) high score or (2) save game files. | 2.1 |
2005-09-08 | CVE-2005-2851 | Smb4K | Unspecified vulnerability in Smb4K 0.4/0.5/0.6 smb4k 0.4 and other versions before 0.6.3 allows local users to read sensitive files via a symlink attack on the (1) smb4k.tmp or (2) sudoers temporary files. | 2.1 |
2005-09-07 | CVE-2005-2809 | Silc | Unspecified vulnerability in Silc Secure Internet Live Conferencing silc daemon (silcd.c) in Secure Internet Live Conferencing (SILC) 1.0 and earlier allows local users to overwrite arbitrary files via a symlink attack on the silcd.[PID].stats temporary file. | 2.1 |
2005-09-06 | CVE-2005-2656 | Polygen | Local Denial of Service vulnerability in Polygen 1.0.6 Polygen before 1.0.6 generates precompiled grammar objects with world-writable permissions, which allows local users to cause a denial of service (disk consumption) and possibly perform other unauthorized activities. | 2.1 |