Weekly Vulnerabilities Reports > October 24 to 30, 2005
Overview
81 new vulnerabilities reported during this period, including 2 critical vulnerabilities and 31 high severity vulnerabilities. This weekly summary report vulnerabilities in 74 products from 63 vendors including Apple, Mantis, Techno Dreams, Flatnuke, and Suse. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Permissions, Privileges, and Access Controls", "SQL Injection", "Resource Management Errors", and "Numeric Errors".
- 67 reported vulnerabilities are remotely exploitables.
- 2 reported vulnerabilities have public exploit available.
- 2 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 80 reported vulnerabilities are exploitable by an anonymous user.
- Apple has the most reported vulnerabilities, with 9 reported vulnerabilities.
- Skype Technologies has the most reported critical vulnerabilities, with 2 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
2 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2005-10-27 | CVE-2005-3267 | Skype Technologies | Numeric Errors vulnerability in Skype Technologies Skype Integer overflow in Skype client before 1.4.x.84 on Windows, before 1.3.x.17 on Mac OS, before 1.2.x.18 on Linux, and 1.1.x.6 and earlier allows remote attackers to cause a denial of service (crash) via crafted network data with a large Object Counter value, which leads to a resultant heap-based buffer overflow. | 10.0 |
2005-10-27 | CVE-2005-3265 | Skype Technologies | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Skype Technologies Skype Buffer overflow in Skype for Windows 1.1.x.0 through 1.4.x.83 allows remote attackers to execute arbitrary code via (1) callto:// and (2) skype:// links, or (3) a non-standard VCARD, possibly due to an underlying error in the SysUtils.WideFmtStr Delphi routine. | 9.3 |
31 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2005-10-30 | CVE-2005-3315 | Novell | SQL Injection vulnerability in Novell Zenworks Patch Management Server 6.0.0.52 Multiple SQL injection vulnerabilities in Novell ZENworks Patch Management 6.x before 6.2.2.181 allow remote attackers to execute arbitrary SQL commands via the (1) Direction parameter to computers/default.asp, and the (2) SearchText, (3) StatusFilter, and (4) computerFilter parameters to reports/default.asp. | 7.5 |
2005-10-30 | CVE-2005-3386 | Techno Dreams | Scripts Multiple SQL Injection vulnerability in Techno Dreams SQL injection vulnerability in Techno Dreams Web Directory script allows remote attackers to execute arbitrary SQL commands and bypass authentication via the userid parameter in admin/login.asp. | 7.5 |
2005-10-30 | CVE-2005-3385 | Techno Dreams | Scripts Multiple SQL Injection vulnerability in Techno Dreams SQL injection vulnerability in Techno Dreams Mailing List script allows remote attackers to execute arbitrary SQL commands and bypass authentication via the userid parameter in admin/login.asp. | 7.5 |
2005-10-30 | CVE-2005-3384 | Techno Dreams | Scripts Multiple SQL Injection vulnerability in Techno Dreams SQL injection vulnerability in Techno Dreams Guest Book script allows remote attackers to execute arbitrary SQL commands and bypass authentication via the userid parameter in admin/login.asp. | 7.5 |
2005-10-30 | CVE-2005-3383 | Techno Dreams | Scripts Multiple SQL Injection vulnerability in Techno Dreams SQL injection vulnerability in Techno Dreams Announcement script allows remote attackers to execute arbitrary SQL commands and bypass authentication via the userid parameter in admin/login.asp. | 7.5 |
2005-10-30 | CVE-2005-3369 | Woltlab | SQL Injection vulnerability in Woltlab Info-DB Info_db.PHP Multiple SQL injection vulnerabilities in the Info-DB module (info_db.php) in Woltlab Burning Board 2.7 and earlier allow remote attackers to execute arbitrary SQL commands and possibly upload files via the (1) fileid and (2) subkatid parameters. | 7.5 |
2005-10-30 | CVE-2005-3365 | Codeworx Technologies | SQL Injection vulnerability in Codeworx Technologies Dcp-Portal Multiple SQL injection vulnerabilities in DCP-Portal 6 and earlier allow remote attackers to execute arbitrary SQL commands, possibly requiring encoded characters, via (1) the name parameter in register.php, (2) the email parameter in lostpassword.php, (3) the year parameter in calendar.php, and the (4) cid parameter to index.php. | 7.5 |
2005-10-30 | CVE-2005-3364 | Platinum | SQL Injection vulnerability in Platinum DBoardGear Multiple SQL injection vulnerabilities in DboardGear allow remote attackers to execute arbitrary SQL commands via (1) the buddy parameter in buddy.php, (2) the u2uid parameter in u2u.php, and (3) an invalid theme file in the themes action to ctrtools.php. | 7.5 |
2005-10-30 | CVE-2005-3363 | Saphp | Input Validation vulnerability in Saphp Saphplesson 1.1/2.0 SQL injection vulnerability in Saphp Lesson, possibly saphp Lesson1.1 and saphpLesson2.0, allows remote attackers to execute arbitrary SQL commands via the forumid parameter in (1) showcat.php and (2) add.php. | 7.5 |
2005-10-27 | CVE-2005-3336 | Mantis | Remote vulnerability in Mantis 0.19.2/1.0.0Rc2 SQL injection vulnerability in Mantis 1.0.0RC2 and 0.19.2 allows remote attackers to execute arbitrary SQL commands via unknown vectors. | 7.5 |
2005-10-27 | CVE-2005-3335 | Mantis | Unspecified vulnerability in Mantis 0.19.2/1.0.0Rc2 PHP file inclusion vulnerability in bug_sponsorship_list_view_inc.php in Mantis 1.0.0RC2 and 0.19.2 allows remote attackers to execute arbitrary PHP code and include arbitrary local files via the t_core_path parameter. | 7.5 |
2005-10-27 | CVE-2005-3333 | Ebase | SQL Injection vulnerability in Ebase Ebaseweb 3.0 SQL injection vulnerability in eBASEweb 3.0 allows remote attackers to execute arbitrary SQL commands via unknown attack vectors. | 7.5 |
2005-10-27 | CVE-2005-3332 | Belchior Foundry | Remote File Include vulnerability in Belchior Foundry Vcard 2.9 PHP remote file include vulnerability in admin/define.inc.php in Belchior Foundry vCard 2.9 allows remote attackers to execute arbitrary PHP code via the match parameter. | 7.5 |
2005-10-27 | CVE-2005-3330 | Snoopy | Improper Input Validation vulnerability in Snoopy 1.2 The _httpsrequest function in Snoopy 1.2, as used in products such as (1) MagpieRSS, (2) WordPress, (3) Ampache, and (4) Jinzora, allows remote attackers to execute arbitrary commands via shell metacharacters in an HTTPS URL to an SSL protected web page, which is not properly handled by the fetch function. | 7.5 |
2005-10-27 | CVE-2005-3328 | Punbb | Unspecified vulnerability in Punbb PHP remote file inclusion vulnerability in common.php in PunBB 1.1.2 through 1.1.5 allows remote attackers to execute arbitrary code via the pun_root parameter. | 7.5 |
2005-10-27 | CVE-2005-3327 | Network Appliance | Authentication Bypass vulnerability in Network Appliance iSCSI Network Appliance Data ONTAP 7.0 and earlier allows iSCSI Initiators to bypass iSCSI authentication via a modified client that skips the Security (Start) mode, as required by the Login Negotiation protocol, and uses Operational mode without proving identity. | 7.5 |
2005-10-27 | CVE-2005-3326 | Mybulletinboard | SQL Injection vulnerability in MyBulletinBoard Usercp.PHP SQL injection vulnerability in usercp.php in MyBulletinBoard (MyBB) allows remote attackers to execute arbitrary SQL commands via the awayday parameter. | 7.5 |
2005-10-27 | CVE-2005-3325 | Acid Secureideas | SQL Injection vulnerability in multiple products Multiple SQL injection vulnerabilities in (1) acid_qry_main.php in Analysis Console for Intrusion Databases (ACID) 0.9.6b20 and (2) base_qry_main.php in Basic Analysis and Security Engine (BASE) 1.2, and unspecified other console scripts in these products, allow remote attackers to execute arbitrary SQL commands via the sig[1] parameter and possibly other parameters. | 7.5 |
2005-10-27 | CVE-2005-3324 | Appindex | SQL Injection vulnerability in Appindex Mwchat 6.8 SQL injection vulnerability in chat.php in MWChat 6.8 allows remote attackers to execute arbitrary SQL commands via the username parameter. | 7.5 |
2005-10-27 | CVE-2005-3323 | Zope Debian | docutils in Zope 2.6, 2.7 before 2.7.8, and 2.8 before 2.8.2 allows remote attackers to include arbitrary files via include directives in RestructuredText functionality. | 7.5 |
2005-10-27 | CVE-2005-3317 | Zipgenius | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Zipgenius Standard5.5.1.468/Suite5.5.1.468 Multiple stack-based buffer overflows in ZipGenius 5.5.1.468 and 6.0.2.1041, and other versions before 6.0.2.1050, allow remote attackers to execute arbitrary code via (1) a ZIP archive that contains a file with a long filename, which is not properly handled by (a) zipgenius.exe, (b) zg.exe, (c) zgtips.dll, and (d) contmenu.dll; (2) a long original name in a (a) UUE, (b) XXE, or (c) MIM file, which is not properly handled by zipgenius.exe; or (3) an ACE archive with a file with a long filename, which is not properly handled by unacev2.dll. | 7.5 |
2005-10-27 | CVE-2005-3316 | Symantec | Unspecified vulnerability in Symantec Discovery and ON Command Discovery The installation of ON Symantec Discovery 4.5.x and Symantec Discovery 6.0 creates the (1) DiscoveryWeb and (2) DiscoveryRO database accounts with null passwords, which could allow attackers to gain privileges or prevent Discovery from running by setting another password. | 7.5 |
2005-10-26 | CVE-2005-3309 | Zomplog | SQL-Injection vulnerability in Zomplog 3.4 Multiple SQL injection vulnerabilities in Zomplog 3.4 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in detail.php and the catid parameter in (2) get.php and (3) index.php. | 7.5 |
2005-10-26 | CVE-2005-3305 | Nuked Klan | SQL Injection vulnerability in Nuked-Klan 1.7 Multiple SQL injection vulnerabilities in Nuked Klan 1.7 allow remote attackers to execute arbitrary SQL commands via the (1) forum_id or (2) thread_id parameter in the Forum file, (3) the link_id in the Links file, (4) the artid parameter in the Sections file, and (5) the dl_id parameter in the Download file. | 7.5 |
2005-10-26 | CVE-2005-3304 | Francisco Burzi | Modules SQL Injection vulnerability in Francisco Burzi PHP-Nuke 7.8 Multiple SQL injection vulnerabilities in PHP-Nuke 7.8 allow remote attackers to modify SQL queries and execute arbitrary PHP code via (1) the username parameter in the Your Account page, (2) the url parameter in the Downloads module, and (3) the description parameter in the Web_Links module. | 7.5 |
2005-10-26 | CVE-2005-2743 | Apple | Unspecified vulnerability in Apple mac OS X, mac OS X Server and Quicktime The Java extensions for QuickTime 6.52 and earlier in Apple Mac OS X 10.3.9 allow untrusted applets to call arbitrary functions in system libraries, which allows remote attackers to execute arbitrary code. | 7.5 |
2005-10-25 | CVE-2005-2747 | Apple | Multiple vulnerability in Apple Mac OS X Security Update 2005-008 Buffer overflow in ImageIO for Apple Mac OS X 10.4.2, as used by applications such as WebCore and Safari, allows remote attackers to execute arbitrary code via a crafted GIF file. | 7.5 |
2005-10-25 | CVE-2005-2958 | Gnome | Format String vulnerability in LibGDA Multiple format string vulnerabilities in the GNOME Data Access library for GNOME2 (libgda2) 1.2.1 and earlier allow attackers to execute arbitrary code. | 7.5 |
2005-10-27 | CVE-2005-3339 | Mantis | Remote vulnerability in Mantis Mantis before 0.19.3 caches the User ID longer than necessary, which has unknown impact and attack vectors. | 7.2 |
2005-10-26 | CVE-2005-2741 | Apple Perry Kiehtreiber | Permissions, Privileges, and Access Controls vulnerability in multiple products Authorization Services in securityd for Apple Mac OS X 10.3.9 allows local users to gain privileges by granting themselves certain rights that should be restricted to administrators. | 7.2 |
2005-10-25 | CVE-2005-2927 | SCO | Local Buffer Overflow vulnerability in SCO Unixware 7.1.3/7.1.4 Stack-based buffer overflow in ppp in SCO Unixware 7.1.3 and 7.1.4, and possibly earlier versions, allows local users to execute arbitrary code via a long argument to the (1) prompt or (2) defprompt command. | 7.2 |
39 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2005-10-30 | CVE-2005-3366 | PHP Icalendar | Remote File Include vulnerability in PHP ICalendar Default_View PHP file inclusion vulnerability in index.php in PHP iCalendar 2.0a2 through 2.0.1 allows remote attackers to execute arbitrary PHP code and include arbitrary local files via the phpicalendar cookie. | 6.8 |
2005-10-30 | CVE-2005-3379 | Trend Micro | Unspecified vulnerability in Trend Micro Officescan and Pc-Cillin 2005 Multiple interpretation error in Trend Micro (1) PC-Cillin 2005 12.0.1244 with the 7.510.1002 engine and (2) OfficeScan 7.0 with the 7.510.1002 engine allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug." | 5.1 |
2005-10-30 | CVE-2005-3378 | Norman | Unspecified vulnerability in Norman Virus Control 5.81Engine5.83.02 Multiple interpretation error in Norman 5.81 with the 5.83.02 engine allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug." | 5.1 |
2005-10-30 | CVE-2005-3377 | Mcafee | Unspecified vulnerability in Mcafee Internet Security Suite 7.1.5Version9.1.08Engine4.4.00/8.0.0Patch10Engine4400 Multiple interpretation error in (1) McAfee Internet Security Suite 7.1.5 version 9.1.08 with the 4.4.00 engine and (2) McAfee Corporate 8.0.0 patch 10 with the 4400 engine allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug." | 5.1 |
2005-10-30 | CVE-2005-3376 | Kaspersky LAB | Unspecified vulnerability in Kaspersky LAB Kaspersky Anti-Virus 5.0.372 Multiple interpretation error in Kaspersky 5.0.372 allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug." | 5.1 |
2005-10-30 | CVE-2005-3375 | Ikarus | Unspecified vulnerability in Ikarus Antivirus Multiple interpretation error in Ikarus demo version allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug." | 5.1 |
2005-10-30 | CVE-2005-3374 | Frisk Software | Unspecified vulnerability in Frisk Software F-Prot Antivirus 3.16C Multiple interpretation error in F-Prot 3.16c allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug." | 5.1 |
2005-10-30 | CVE-2005-3373 | DR WEB | Unspecified vulnerability in Dr.Web Antivirus 4.32B Multiple interpretation error in Dr.Web 4.32b allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug." | 5.1 |
2005-10-30 | CVE-2005-3372 | Broadcom | Unspecified vulnerability in Broadcom Etrust Antivirus 7.0.1.4 Multiple interpretation error in eTrust CA 7.0.1.4 with the 11.9.1 engine allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug." | 5.1 |
2005-10-30 | CVE-2005-3371 | Grisoft | Unspecified vulnerability in Grisoft AVG Antivirus 7.0.323 Multiple interpretation error in AVG 7 7.0.323 allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug." | 5.1 |
2005-10-30 | CVE-2005-3370 | Arcavir | Unspecified vulnerability in Arcavir 2005 20050621 Multiple interpretation error in ArcaVir 2005 package 2005-06-21 allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug." | 5.1 |
2005-10-28 | CVE-2005-2930 | JED Wing | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in JED Wing CHM LIB Stack-based buffer overflow in the _chm_find_in_PMGL function in chm_lib.c for chmlib before 0.36, as used in products such as KchmViewer, allows user-assisted attackers to execute arbitrary code via a CHM file containing a long element, a different vulnerability than CVE-2005-3318. | 5.1 |
2005-10-27 | CVE-2005-3318 | JED Wing | Stack Buffer Overflow vulnerability in Jed Wing CHM Lib Buffer overflow in the _chm_decompress_block function in CHM lib (chmlib) before 0.37, as used in products such as KchmViewer, allows attackers to execute arbitrary code, a different vulnerability than CVE-2005-2930. | 5.1 |
2005-10-25 | CVE-2005-2744 | Apple | Multiple vulnerability in Apple Mac OS X Security Update 2005-008 Buffer overflow in QuickDraw Manager for Apple OS X 10.3.9 and 10.4.2, as used by applications such as Safari, Mail, and Finder, allows remote attackers to execute arbitrary code via a crafted PICT file. | 5.1 |
2005-10-30 | CVE-2005-3123 | GNU | Directory Traversal vulnerability in GNU gnump3d Directory traversal vulnerability in GNUMP3D before 2.9.6 allows remote attackers to read arbitrary files via crafted sequences such as "/.//..//////././", which is collapsed into "/.././" after ".." and "//" sequences are removed. | 5.0 |
2005-10-30 | CVE-2005-3382 | Sophos | Unspecified vulnerability in Sophos Anti-Virus 3.91Engine2.28.4 Multiple interpretation error in Sophos 3.91 with the 2.28.4 engine allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug." | 5.0 |
2005-10-30 | CVE-2005-3381 | Ukranian National Antivirus | Unspecified vulnerability in Ukranian National Antivirus UNA 1.83.2.16 Multiple interpretation error in Ukrainian National Antivirus (UNA) 1.83.2.16 with kernel 265 allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug." | 5.0 |
2005-10-30 | CVE-2005-3380 | Panda | Unspecified vulnerability in Panda Titanium 2005 4.02.01 Multiple interpretation error in Panda Titanium 2005 4.02.01 allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug." | 5.0 |
2005-10-27 | CVE-2005-3338 | Mantis | Remote vulnerability in Mantis Unspecified vulnerability in Mantis before 0.19.3, when using reminders, causes Mantis to display the real email addresses of users. | 5.0 |
2005-10-27 | CVE-2005-3322 | Squid Suse | Denial of Service vulnerability in SUSE Linux Squid Proxy SSL Handling Unspecified vulnerability in Squid on SUSE Linux 9.0 allows remote attackers to cause a denial of service (crash) via HTTPs (SSL). | 5.0 |
2005-10-26 | CVE-2005-3307 | Flatnuke | Remote File Include vulnerability in FlatNuke Directory traversal vulnerability in index.php for FlatNuke 2.5.6 allows remote attackers to read arbitrary files via ".." sequences in the (1) user parameter in a profile operation or (2) quale parameter in a newtopic operation. | 5.0 |
2005-10-26 | CVE-2005-2746 | Apple | Unspecified vulnerability in Apple mac OS X and mac OS X Server Mail.app in Mail for Apple Mac OS X 10.3.9 and 10.4.2 includes message contents when using auto-reply rules, which could cause Mail.app to include decrypted message contents for encrypted messages. | 5.0 |
2005-10-26 | CVE-2005-2745 | Apple | Unspecified vulnerability in Apple mac OS X and mac OS X Server Mail.app in Mail for Apple Mac OS X 10.3.9, when using Kerberos 5 for SMTP authentication, can include uninitialized memory in a message, which might allow remote attackers to obtain sensitive information. | 5.0 |
2005-10-26 | CVE-2005-2524 | Apple | Unspecified vulnerability in Apple mac OS X, mac OS X Server and Safari Safari after 2.0 in Apple Mac OS X 10.3.9 allows remote attackers to bypass domain restrictions via crafted web archives that cause Safari to render them as if they came from a different site. | 5.0 |
2005-10-27 | CVE-2005-3321 | Novell Suse | chkstat in SuSE Linux 9.0 through 10.0 allows local users to modify permissions of files by creating a hardlink to a file from a world-writable directory, which can cause the link count to drop to 1 when the file is deleted or replaced, which is then modified by chkstat to use weaker permissions. | 4.6 |
2005-10-26 | CVE-2005-2742 | Apple | Unspecified vulnerability in Apple mac OS X and mac OS X Server SecurityAgent in Apple Mac OS X 10.4.2, under certain circumstances, can cause the "Switch User..." button to appear even though the "Enable fast user switching" setting is disabled, which can allow attackers with physical access to gain access to the desktop and bypass the "Require password to wake this computer from sleep or screen saver" setting. | 4.6 |
2005-10-25 | CVE-2005-2959 | Todd Miller | Permissions, Privileges, and Access Controls vulnerability in Todd Miller Sudo Incomplete blacklist vulnerability in sudo 1.6.8 and earlier allows local users to gain privileges via the (1) SHELLOPTS and (2) PS4 environment variables before executing a bash script on behalf of another user, which are not cleared even though other variables are. | 4.6 |
2005-10-25 | CVE-2005-2926 | SCO | Local Buffer Overflow vulnerability in SCO OpenServer Backupsh Stack-based buffer overflow in (1) backupsh and (2) authsh in SCO Openserver 5.0.7 allows local users to execute arbitrary code via a long HOME environment variable. | 4.6 |
2005-10-30 | CVE-2005-3368 | Search Enhanced | HTML Injection vulnerability in Search Enhanced Search Enhanced 1.1/2.0 Cross-site scripting (XSS) vulnerability in the Search_Enhanced module in PHP-Nuke 7.9 allows remote attackers to inject arbitrary web script or HTML via the query parameter. | 4.3 |
2005-10-30 | CVE-2005-3367 | Sparkleblog | HTML Injection vulnerability in Sparkleblog 2.1 Cross-site scripting (XSS) vulnerability in journal.php in SparkleBlog 2.1 allows remote attackers to inject arbitrary web script or HTML via the name field. | 4.3 |
2005-10-28 | CVE-2005-3361 | Flatnuke | Unspecified vulnerability in Flatnuke 2.5.6 Cross-site scripting (XSS) vulnerability in forum/index.php in FlatNuke 2.5.6 allows remote attackers to inject arbitrary web script or HTML via the nome parameter in a login operation, a variant of CVE-2005-3306. | 4.3 |
2005-10-27 | CVE-2005-3337 | Mantis | Cross-Site Scripting vulnerability in Mantis Multiple cross-site scripting (XSS) vulnerabilities in Mantis before 0.19.3 allow remote attackers to inject arbitrary web script or HTML via (1) unknown vectors involving Javascript and (2) mantis/view_all_set.php. | 4.3 |
2005-10-27 | CVE-2005-3334 | Flyspray | Cross-Site Scripting vulnerability in Flyspray 0.9.7/0.9.8 Cross-site scripting (XSS) vulnerability in index.php in Flyspray 0.9.7 through 0.9.8 (devel) allows remote attackers to inject arbitrary web script or HTML via the (1) PHPSESSID, (2) task, (3) string, (4) type, (5) serv, (6) due, (7) dev, and (8) sort2 parameters. | 4.3 |
2005-10-27 | CVE-2005-3329 | RSA | Cross-Site Scripting vulnerability in RSA ACE Agent Image Cross-site scripting (XSS) vulnerability in RSA Authentication Agent for Web 5.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the image parameter in a GetPic operation. | 4.3 |
2005-10-27 | CVE-2005-2338 | Xoops | HTML Injection vulnerability in XOOPS Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.0.12 JP and earlier, XOOPS 2.0.13.1 and earlier, and 2.2.x up to 2.2.3 RC1 allow remote attackers to inject arbitrary web script or HTML via (1) modules that use "XOOPS Code" and (2) newbb in the forum module. | 4.3 |
2005-10-26 | CVE-2005-3312 | Microsoft | Unspecified vulnerability in Microsoft Internet Explorer 6.0 The HTML rendering engine in Microsoft Internet Explorer 6.0 allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML in corrupted images and other files such as .GIF, JPG, and WAV, which is rendered as HTML when the user clicks on the link, even though the web server response and file extension indicate that it should be treated as a different file type. | 4.3 |
2005-10-26 | CVE-2005-3308 | Zomplog | HTML Injection vulnerability in Zomplog 3.3/3.4 Multiple cross-site scripting (XSS) vulnerabilities in Zomplog 3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) comment parameter in detail.php, (3) the username parameter in get.php, and (4) the search parameter in index.php. | 4.3 |
2005-10-26 | CVE-2005-3306 | Flatnuke | Unspecified vulnerability in Flatnuke 2.5.6 Cross-site scripting (XSS) vulnerability in index.php for FlatNuke 2.5.6 allows remote attackers to inject arbitrary web script or HTML via the user parameter in a profile operation, a different vulnerability than CVE-2005-2814. | 4.3 |
2005-10-24 | CVE-2005-3301 | Phpmyadmin | Cross-Site Scripting vulnerability in PHPMyAdmin Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.6.4-pl3 allow remote attackers to inject arbitrary web script or HTML via certain arguments to (1) left.php, (2) queryframe.php, or (3) server_databases.php. | 4.3 |
9 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2005-10-26 | CVE-2005-3310 | Phpbb Group | HTML Injection vulnerability in PHPbb Group PHPbb 2.0.17 Interpretation conflict in phpBB 2.0.17, with remote avatars and avatar uploading enabled, allows remote authenticated users to inject arbitrary web script or HTML via an HTML file with a GIF or JPEG file extension, which causes the HTML to be executed by a victim who views the file in Internet Explorer, which renders malformed image types as HTML, enabling cross-site scripting (XSS) attacks. | 3.5 |
2005-10-27 | CVE-2005-3320 | Siteturn | Cross-Site Scripting vulnerability in SiteTurn Domain Manager Pro Admin Panel Cross-site scripting (XSS) vulnerability in SiteTurn Domain Manager Pro allows remote attackers to inject arbitrary web script or HTML via the err parameter in the panel script. | 2.6 |
2005-10-27 | CVE-2005-3331 | Rogers Software Source | Unspecified vulnerability in Rogers Software Source Mgdiff Patch Viewer 1.0 viewpatch in mgdiff 1.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files. | 2.1 |
2005-10-27 | CVE-2005-3319 | PHP | Local Denial of Service vulnerability in PHP Apache 2 The apache2handler SAPI (sapi_apache2.c) in the Apache module (mod_php) for PHP 5.x before 5.1.0 final and 4.4 before 4.4.1 final allows attackers to cause a denial of service (segmentation fault) via the session.save_path option in a .htaccess file or VirtualHost. | 2.1 |
2005-10-27 | CVE-2005-3088 | Fetchmail | Information Exposure vulnerability in Fetchmail 6.2.0/6.2.5/6.2.5.2 fetchmailconf before 1.49 in fetchmail 6.2.0, 6.2.5 and 6.2.5.2 creates configuration files with insecure world-readable permissions, which allows local users to obtain sensitive information such as passwords. | 2.1 |
2005-10-26 | CVE-2005-3311 | BMC | Unspecified vulnerability in BMC Software Control-M Agent 6.1.03 BMC Software Control-M 6.1.03 for Solaris, and possibly other platforms, allows local users to overwrite arbitrary files via a symlink attack on temporary files. | 2.1 |
2005-10-25 | CVE-2005-2748 | Apple | Unspecified vulnerability in Apple mac OS X and mac OS X Server The malloc function in the libSystem library in Apple Mac OS X 10.3.9 and 10.4.2 allows local users to overwrite arbitrary files by setting the MallocLogFile environment variable to the target file before running a setuid application. | 2.1 |
2005-10-25 | CVE-2005-2708 | Linux | Resource Management Errors vulnerability in Linux Kernel The search_binary_handler function in exec.c in Linux 2.4 kernel on 64-bit x86 architectures does not check a return code for a particular function call when virtual memory is low, which allows local users to cause a denial of service (panic), as demonstrated by running a process using the bash ulimit -v command. | 2.1 |
2005-10-25 | CVE-2005-2100 | Redhat | Denial-Of-Service vulnerability in Enterprise Linux ES The rw_vm function in usercopy.c in the 4GB split patch for the Linux kernel in Red Hat Enterprise Linux 4 does not perform proper bounds checking, which allows local users to cause a denial of service (crash). | 2.1 |