Weekly Vulnerabilities Reports > November 19 to 25, 2007
Overview
2 new vulnerabilities reported during this period, including 1 critical vulnerabilities and 1 high severity vulnerabilities. This weekly summary report vulnerabilities in 3 products from 3 vendors including Fedoraproject, Wordpress, and Wonderware. Vulnerabilities are notably categorized as "Use of a Broken or Risky Cryptographic Algorithm", and "Incorrect Permission Assignment for Critical Resource".
- 2 reported vulnerabilities are remotely exploitables.
- 1 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 1 reported vulnerabilities are exploitable by an anonymous user.
- Fedoraproject has the most reported vulnerabilities, with 1 reported vulnerabilities.
- Fedoraproject has the most reported critical vulnerabilities, with 1 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
1 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-11-19 | CVE-2007-6013 | Wordpress Fedoraproject | Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products Wordpress 1.5 through 2.3.1 uses cookie values based on the MD5 hash of a password MD5 hash, which allows attackers to bypass authentication by obtaining the MD5 hash from the user database, then generating the authentication cookie from that hash. | 9.8 |
1 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-11-20 | CVE-2007-6033 | Wonderware | Incorrect Permission Assignment for Critical Resource vulnerability in Wonderware Intouch 8.0 Invensys Wonderware InTouch 8.0 creates a NetDDE share with insecure permissions (Everyone/Full Control), which allows remote authenticated attackers, and possibly anonymous users, to execute arbitrary programs. | 8.8 |
0 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|
0 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|