Weekly Vulnerabilities Reports > November 6 to 12, 2006

Overview

2 new vulnerabilities reported during this period, including 0 critical vulnerabilities and 1 high severity vulnerabilities. This weekly summary report vulnerabilities in 3 products from 3 vendors including Canonical, Openldap, and Freewebshop. Vulnerabilities are notably categorized as "Reachable Assertion", and "Cross-site Scripting".

2 reported vulnerabilities are remotely exploitables.
1 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
2 reported vulnerabilities are exploitable by an anonymous user.
Canonical has the most reported vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES

CRITICAL RISK
VULNERABILITIES

HIGH RISK
VULNERABILITIES

MEDIUM RISK
VULNERABILITIES

LOW RISK
VULNERABILITIES

REMOTELY
EXPLOITABLE

LOCALLY
EXPLOITABLE

EXPLOIT
AVAILABLE

EXPLOITABLE
ANONYMOUSLY

AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

0 Critical Vulnerabilities

DATE	CVE	VENDOR	VULNERABILITY	CVSS

Expand/Hide

1 High Vulnerabilities

DATE	CVE	VENDOR	VULNERABILITY	CVSS
2006-11-07	CVE-2006-5779	Openldap Canonical	Reachable Assertion vulnerability in multiple products OpenLDAP before 2.3.29 allows remote attackers to cause a denial of service (daemon crash) via LDAP BIND requests with long authcid names, which triggers an assertion failure.	7.5

Expand/Hide

1 Medium Vulnerabilities

DATE	CVE	VENDOR	VULNERABILITY	CVSS
2006-11-10	CVE-2006-5847	Freewebshop	Cross-site Scripting vulnerability in Freewebshop Cross-site scripting (XSS) vulnerability in index.php in FreeWebshop 2.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the cat parameter.	6.1

Expand/Hide

0 Low Vulnerabilities

DATE	CVE	VENDOR	VULNERABILITY	CVSS