Weekly Vulnerabilities Reports > October 10 to 16, 2005

Overview

68 new vulnerabilities reported during this period, including 1 critical vulnerabilities and 15 high severity vulnerabilities. This weekly summary report vulnerabilities in 62 products from 48 vendors including Microsoft, Oracle, Linux, Broadcom, and Avira. Vulnerabilities are notably categorized as "Resource Management Errors", "Permissions, Privileges, and Access Controls", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Cross-site Scripting", and "Improper Input Validation".

  • 57 reported vulnerabilities are remotely exploitables.
  • 1 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 66 reported vulnerabilities are exploitable by an anonymous user.
  • Microsoft has the most reported vulnerabilities, with 8 reported vulnerabilities.
  • Symantec Veritas has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

1 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2005-10-12 CVE-2005-2715 Symantec Veritas Remote Format String vulnerability in Symantec Veritas products

Format string vulnerability in the Java user interface service (bpjava-msvc) daemon for VERITAS NetBackup Data and Business Center 4.5FP and 4.5MP, and NetBackup Enterprise/Server/Client 5.0, 5.1, and 6.0, allows remote attackers to execute arbitrary code via the COMMAND_LOGON_TO_MSERVER command.

10.0

15 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2005-10-14 CVE-2005-3239 Clam Anti Virus Denial Of Service vulnerability in Clam Anti-Virus Clamav .

The OLE2 unpacker in clamd in Clam AntiVirus (ClamAV) 0.87-1 allows remote attackers to cause a denial of service (segmentation fault) via a DOC file with an invalid property tree, which triggers an infinite recursion in the ole2_walk_property_tree function.

7.8
2005-10-14 CVE-2005-3201 Utopia Software SQL Injection vulnerability in Utopia News Pro

SQL injection vulnerability in news.php for Utopia News Pro (UNP) 1.1.3, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to execute arbitrary SQL via the newsid parameter.

7.5
2005-10-14 CVE-2005-3199 Aspready FAQ Manager SQL Injection vulnerability in AspReady FAQ Manager

Multiple SQL injection vulnerabilities in aradmin.asp for aspReady FAQ allow remote attackers to execute arbitrary SQL commands, possibly via the (1) txtLogin and (2) txtPassword parameters.

7.5
2005-10-14 CVE-2005-2967 Xine Remote CDDB Information Format String vulnerability in Xine-Lib

Format string vulnerability in input_cdda.c in xine-lib 1-beta through 1-beta 3, 1-rc, 1.0 through 1.0.2, and 1.1.1 allows remote servers to execute arbitrary code via format string specifiers in metadata in CDDB server responses when the victim plays a CD.

7.5
2005-10-14 CVE-2005-2661 UP Imapproxy Remote Format String vulnerability in Up-Imapproxy 1.2.3/1.2.4

Format string vulnerability in the ParseBannerAndCapability function in main.c for up-imapproxy 1.2.3 and 1.2.4 allows remote IMAP servers to execute arbitrary code via format string specifiers in a banner or capability line.

7.5
2005-10-13 CVE-2005-3190 Broadcom Unspecified vulnerability in Broadcom Igateway 3.0/4.0

Buffer overflow in Computer Associates (CA) iGateway 3.0 and 4.0 before 4.0.050623, when running in debug mode, allows remote attackers to execute arbitrary code via HTTP GET requests.

7.5
2005-10-13 CVE-2005-3185 Curl
Libcurl
Wget
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Stack-based buffer overflow in the ntlm_output function in http-ntlm.c for (1) wget 1.10, (2) curl 7.13.2, and (3) libcurl 7.13.2, and other products that use libcurl, when NTLM authentication is enabled, allows remote servers to execute arbitrary code via a long NTLM username.

7.5
2005-10-13 CVE-2005-2943 Davide Libenzi Local Buffer Overflow vulnerability in XMail

Stack-based buffer overflow in sendmail in XMail before 1.22 allows remote attackers to execute arbitrary code via a long -t command line option.

7.5
2005-10-13 CVE-2005-2933 University OF Washington Buffer Overflow vulnerability in University Of Washington IMAP Mailbox Name

Buffer overflow in the mail_valid_net_parse_work function in mail.c for Washington's IMAP Server (UW-IMAP) before imap-2004g allows remote attackers to execute arbitrary code via a mailbox name containing a single double-quote (") character without a closing quote, which causes bytes after the double-quote to be copied into a buffer indefinitely.

7.5
2005-10-13 CVE-2005-2963 MOD Auth Shadow Authentication Bypass vulnerability in Apache Mod_Auth_Shadow

The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with AuthShadow enabled uses shadow authentication for all locations that use the require group directive, even when other authentication mechanisms are specified, which might allow remote authenticated users to bypass security restrictions.

7.5
2005-10-13 CVE-2005-1987 Microsoft Classic Buffer Overflow vulnerability in Microsoft products

Buffer overflow in Collaboration Data Objects (CDO), as used in Microsoft Windows and Microsoft Exchange Server, allows remote attackers to execute arbitrary code when CDOSYS or CDOEX processes an e-mail message with a large header name, as demonstrated using the "Content-Type" string.

7.5
2005-10-13 CVE-2005-1985 Microsoft Buffer Overflow vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP

The Client Service for NetWare (CSNW) on Microsoft Windows 2000 SP4, XP SP1 and Sp2, and Server 2003 SP1 and earlier, allows remote attackers to execute arbitrary code due to an "unchecked buffer" when processing certain crafted network messages.

7.5
2005-10-12 CVE-2005-1978 Microsoft Remote Code Execution vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP

COM+ in Microsoft Windows does not properly "create and use memory structures," which allows local users or remote attackers to execute arbitrary code.

7.5
2005-10-14 CVE-2005-3197 Webroot Software Local vulnerability in Webroot Software Desktop Firewall 1.3.0.43

Stack-based buffer overflow in PWIWrapper.dll for Webroot Desktop Firewall before 1.3.0build52 allows local users to execute arbitrary code as SYSTEM by sending a crafted DeviceIoControl command, then removing an allowed program from the firewall list.

7.2
2005-10-12 CVE-2005-2925 SGI Local Privilege Escalation vulnerability in SGI Irix 6.5.22

runpriv in SGI IRIX allows local users to bypass intended restrictions and execute arbitrary commands via shell metacharacters in a command line for a privileged binary in /usr/sysadm/privbin.

7.2

46 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2005-10-14 CVE-2005-3236 Cynox Input Validation vulnerability in Cynox Cyphor 0.19

Multiple SQL injection vulnerabilities in Cyphor 0.19 allow remote attackers to execute arbitrary SQL and obtain administrative access via (1) the fid parameter of newmsg.php, which can enable XSS attacks when the SQL syntax is invalid or (2) the nick parameter of lostpwd.php.

6.8
2005-10-14 CVE-2005-3208 Aenovo SQL Injection vulnerability in Aenovo Aenovo, Aenovoshop and Aenovowysi

Multiple SQL injection vulnerabilities in (1) aeNovo, (2) aeNovoShop and (3) aeNovoWYSI allow remote attackers to execute arbitrary SQL code via (a) the password parameter in control.asp, and (b) the strSQL parameter in search.asp, which can enable XSS attacks in resulting error messages.

6.8
2005-10-14 CVE-2005-3202 Oracle Cross-Site Scripting vulnerability in Oracle HTML DB 1.3/1.3.6

Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTML DB (HTMLDB) 1.3 through 1.3.6 allow remote attackers to inject arbitrary web script or HTML, and subsequently execute SQL statements via the (1) p or (2) p_t02 parameters.

6.8
2005-10-13 CVE-2005-2120 Microsoft Buffer Overflow vulnerability in Microsoft Windows 2000 and Windows XP

Stack-based buffer overflow in the Plug and Play (PnP) service (UMPNPMGR.DLL) in Microsoft Windows 2000 SP4, and XP SP1 and SP2, allows remote or local authenticated attackers to execute arbitrary code via a large number of "\" (backslash) characters in a registry key name, which triggers the overflow in a wsprintfW function call.

6.5
2005-10-14 CVE-2005-3235 Proland Security Bypass vulnerability in Proland Protector Plus 2000

Multiple interpretation error in unspecified versions of Proland Protector Plus 2000 Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper.

5.1
2005-10-14 CVE-2005-3234 Grisoft Security Bypass vulnerability in Avg Antivirus

Multiple interpretation error in unspecified versions of Grisoft AVG Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper.

5.1
2005-10-14 CVE-2005-3233 Trustix Security Bypass vulnerability in Antivirus

Multiple interpretation error in unspecified versions of Trustix Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper.

5.1
2005-10-14 CVE-2005-3232 Thehacker Security Bypass vulnerability in Thehacker

Multiple interpretation error in unspecified versions of TheHacker allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper.

5.1
2005-10-14 CVE-2005-3231 CAT Security Bypass vulnerability in Quick Heal

Multiple interpretation error in unspecified versions of CAT Quick Heal allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper.

5.1
2005-10-14 CVE-2005-3230 Panda Security Bypass vulnerability in Panda Antivirus

Multiple interpretation error in unspecified versions of Panda Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper.

5.1
2005-10-14 CVE-2005-3229 Clam Anti Virus Security Bypass vulnerability in ClamAV Antivirus

Multiple interpretation error in unspecified versions of ClamAV Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper.

5.1
2005-10-14 CVE-2005-3228 Ikarus Security Bypass vulnerability in Ikarus Antivirus

Multiple interpretation error in unspecified versions of Ikarus AntiVirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper.

5.1
2005-10-14 CVE-2005-3227 UNA Multiple interpretation error in unspecified versions of UNA Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper.
5.1
2005-10-14 CVE-2005-3226 Arcavir Security Bypass vulnerability in Arcavir Antivirus

Multiple interpretation error in unspecified versions of ArcaVir Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper.

5.1
2005-10-14 CVE-2005-3225 Broadcom Unspecified vulnerability in Broadcom Etrust Antivirus and Etrust Antivirus Iris Engine

Multiple interpretation error in unspecified versions of (1) eTrust-Iris and (2) eTrust-Vet Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper.

5.1
2005-10-14 CVE-2005-3224 Avira Security Bypass vulnerability in AntiVir Personal

Multiple interpretation error in unspecified versions of AntiVir Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper.

5.1
2005-10-14 CVE-2005-3223 Rising Security Bypass vulnerability in Rising Antivirus

Multiple interpretation error in unspecified versions of Rising Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper.

5.1
2005-10-14 CVE-2005-3222 Vba32 Security Bypass vulnerability in Vba32 Antivirus

Multiple interpretation error in unspecified versions of VBA32 Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper.

5.1
2005-10-14 CVE-2005-3221 Fortinet Security Bypass vulnerability in Fortinet Antivirus

Multiple interpretation error in unspecified versions of Fortinet Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper.

5.1
2005-10-14 CVE-2005-3220 Norman Security Bypass vulnerability in Virus Control Antivirus

Multiple interpretation error in unspecified versions of Norman Virus Control Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper.

5.1
2005-10-14 CVE-2005-3219 Avira Security Bypass vulnerability in AntiVir Personal

Multiple interpretation error in unspecified versions of Avira Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper.

5.1
2005-10-14 CVE-2005-3218 DR WEB Security Bypass vulnerability in Dr.Web Antivirus

Multiple interpretation error in unspecified versions of Dr.Web Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper.

5.1
2005-10-14 CVE-2005-3217 Symantec Unspecified vulnerability in Symantec Antivirus Scan Engine

Multiple interpretation error in unspecified versions of Symantec Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper.

5.1
2005-10-14 CVE-2005-3216 Sophos Security Bypass vulnerability in Sophos Anti-Virus

Multiple interpretation error in unspecified versions of Sophos Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper.

5.1
2005-10-14 CVE-2005-3215 Mcafee Multiple interpretation error in unspecified versions of McAfee Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper.
5.1
2005-10-14 CVE-2005-3214 Alwil Security Bypass vulnerability in Avast Antivirus

Multiple interpretation error in unspecified versions of Avast Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper.

5.1
2005-10-14 CVE-2005-3213 Frisk Software Security Bypass vulnerability in F-Prot Antivirus

Multiple interpretation error in unspecified versions of F-Prot Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper.

5.1
2005-10-14 CVE-2005-3212 Eset Software Security Bypass vulnerability in NOD32 Antivirus

Multiple interpretation error in unspecified versions of NOD32 Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper.

5.1
2005-10-14 CVE-2005-3211 Softwin Security Bypass vulnerability in Bitdefender Antivirus

Multiple interpretation error in unspecified versions of BitDefender Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper.

5.1
2005-10-14 CVE-2005-3210 Kaspersky LAB Security Bypass vulnerability in Kaspersky Anti-Virus

Multiple interpretation error in unspecified versions of Kaspersky Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper.

5.1
2005-10-14 CVE-2005-3194 Estsoft Archive Formats File Name Buffer Overflow vulnerability in Estsoft Alzip 5.52English/6.12Korean/6.1International

Multiple buffer overflows in ALZip 6.12 (Korean), 6.1 (International), and 5.52 (English) allow remote attackers to execute arbitrary code via a long filename in a compressed (1) ALZ, (2) ARJ, (3) ZIP, (4) UUE, or (5) XXE archive.

5.1
2005-10-14 CVE-2005-3207 Oracle Remote Denial Of Service vulnerability in Oracle Forms Servlet TLS Listener

The forms servlet (f90servlet) in Oracle Forms 4.5.10.22 allows remote attackers to cause a denial of service (TNS listener stop) via a userid parameter that contains a STOP command.

5.0
2005-10-14 CVE-2005-3206 Oracle Remote Denial Of Service vulnerability in Oracle Database Server 9.0.2.4

iSQL*Plus (isqlplus) for Oracle9i Database Server Release 2 9.0.2.4 allows remote attackers to cause a denial of service (TNS listener stop) via an HTTP request with an sid parameter that contains a STOP command.

5.0
2005-10-12 CVE-2005-3180 Linux Remote Information Disclosure vulnerability in Linux Orinoco Driver

The Orinoco driver (orinoco.c) in Linux kernel 2.6.13 and earlier does not properly clear memory from a previously used packet whose length is increased, which allows remote attackers to obtain sensitive information.

5.0
2005-10-12 CVE-2005-2128 Microsoft Buffer Overflow vulnerability in Microsoft Windows Media Player 9

QUARTZ.DLL in Microsoft Windows Media Player 9 allows remote attackers to write a null byte to arbitrary memory via an AVI file with a crafted strn element with a modified length value.

5.0
2005-10-12 CVE-2005-2119 Microsoft Unspecified vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP

The MIDL_user_allocate function in the Microsoft Distributed Transaction Coordinator (MSDTC) proxy (MSDTCPRX.DLL) allocates a 4K page of memory regardless of the required size, which allows attackers to overwrite arbitrary memory locations using an incorrect size value that is provided to the NdrAllocate function, which writes management data to memory outside of the allocated buffer.

5.0
2005-10-12 CVE-2005-1980 Microsoft Denial Of Service vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP

Distributed Transaction Controller in Microsoft Windows allows remote servers to cause a denial of service (MSDTC service hang) via a crafted Transaction Internet Protocol (TIP) message that causes DTC to repeatedly connect to a target IP and port number after an error occurs, aka the "Distributed TIP Vulnerability."

5.0
2005-10-12 CVE-2005-1979 Microsoft Denial Of Service vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP

Distributed Transaction Controller in Microsoft Windows allows remote servers to cause a denial of service (MSDTC service exception and exit) via an "unexpected protocol command during the reconnection request," which is not properly handled by the Transaction Internet Protocol (TIP) functionality.

5.0
2005-10-14 CVE-2005-3209 Aenovo Local Security vulnerability in Aenovo Aenovo, Aenovoshop and Aenovowysi

Aenovo products (1) aeNovo, (2) aeNovoShop, and (3) aeNovoWYSI store password information in plaintext in the (a) control, (b) content, and (c) page tables, which allows attackers with database access to obtain those passwords and gain privileges.

4.6
2005-10-14 CVE-2005-3203 Oracle Unspecified vulnerability in Oracle Html DB 1.3/1.3.6

The manual installation of Oracle HTML DB (HTMLDB) 1.3 through 1.3.6 stores the SYS password in install.lst in plaintext, which allows local users to gain privileges.

4.6
2005-10-14 CVE-2005-3198 Webroot Software Local vulnerability in Webroot Software Desktop Firewall

Webroot Desktop Firewall before 1.3.0build52 allows local users to disable the firewall, even when password protection is enabled, via certain DeviceIoControl commands.

4.6
2005-10-14 CVE-2005-3196 Planet Technology Corp Unspecified vulnerability in Planet Technology Corp Fgsw2402Rs 1.2Firmware

Planet Technology Corp FGSW2402RS switch with firmware 1.2 has a default password, which allows attackers with physical access to the device's serial port to gain privileges.

4.6
2005-10-14 CVE-2005-3237 Cynox Input Validation vulnerability in Cyphor

Cross-site scripting (XSS) vulnerability in Cyphor 0.19 allows remote attackers to inject arbitrary web script or HTML via the t_login parameter of footer.php.

4.3
2005-10-14 CVE-2005-3204 Oracle Cross-Site Scripting vulnerability in Oracle Application Server and Oracle9I

Cross-site scripting (XSS) vulnerability in Oracle XML DB 9iR2 allows remote attackers to inject arbitrary web script or HTML via the query string in an HTTP request.

4.3
2005-10-14 CVE-2005-3200 Utopia Software Cross-Site Scripting vulnerability in Utopia Software Utopia News PRO 1.1.3/1.1.4

Multiple cross-site scripting (XSS) vulnerabilities in Utopia News Pro (UNP) 1.1.3 and 1.1.4 allow remote attackers to inject arbitrary web script or HTML via (1) the sitetitle parameter in header.php and (2) the version and (3) query_count parameters in footer.php.

4.3
2005-10-12 CVE-2005-3183 W3C Improper Input Validation vulnerability in W3C Libwww

The HTBoundary_put_block function in HTBound.c for W3C libwww (w3c-libwww) allows remote servers to cause a denial of service (segmentation fault) via a crafted multipart/byteranges MIME message that triggers an out-of-bounds read.

4.3

6 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2005-10-14 CVE-2005-3205 Oracle Cross-Site Scripting vulnerability in Oracle Database Server 9.0.2.4

Cross-site scripting (XSS) vulnerability in iSQL*Plus (iSQLPlus) in Oracle9i Database Server Release 2 9.0.2.4 allows remote attackers to inject arbitrary web script or HTML via script in the "set markup HTML TABLE" command, which is executed when the user selects a table.

3.5
2005-10-14 CVE-2005-3238 SUN Denial-Of-Service vulnerability in Sun Solaris

Multiple unspecified vulnerabilities in Solaris 10 SCTP Socket Option Processing allows local users to cause a denial of service (panic) via unspecified attack vectors.

2.1
2005-10-13 CVE-2005-2992 ARC Unspecified vulnerability in ARC

arc 5.21j and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files, a different type of vulnerability than CVE-2005-2945.

2.1
2005-10-12 CVE-2005-3181 Linux Resource Management Errors vulnerability in Linux Kernel

The audit system in Linux kernel 2.6.6, and other versions before 2.6.13.4, when CONFIG_AUDITSYSCALL is enabled, uses an incorrect function to free names_cache memory, which prevents the memory from being tracked by AUDITSYSCALL code and leads to a memory leak that allows attackers to cause a denial of service (memory consumption).

2.1
2005-10-12 CVE-2005-3179 Linux Permissions, Privileges, and Access Controls vulnerability in Linux Kernel

drm.c in Linux kernel 2.6.10 to 2.6.13 creates a debug file in sysfs with world-readable and world-writable permissions, which allows local users to enable DRM debugging and obtain sensitive information.

2.1
2005-10-12 CVE-2005-3119 Linux Resource Management Errors vulnerability in Linux Kernel

Memory leak in the request_key_auth_destroy function in request_key_auth in Linux kernel 2.6.10 up to 2.6.13 allows local users to cause a denial of service (memory consumption) via a large number of authorization token keys.

2.1