Weekly Vulnerabilities Reports > April 28 to May 4, 2008

Overview

2 new vulnerabilities reported during this period, including 0 critical vulnerabilities and 1 high severity vulnerabilities. This weekly summary report vulnerabilities in 9 products from 9 vendors including Bitrix24, E107, Phpnuke, Torrentflux Project, and My123Tkshop. Vulnerabilities are notably categorized as "Use of Insufficiently Random Values", and "Open Redirect".

  • 2 reported vulnerabilities are remotely exploitables.
  • 2 reported vulnerabilities are exploitable by an anonymous user.
  • Bitrix24 has the most reported vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

0 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS

1 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-04-30 CVE-2008-2020 My123Tkshop
Phpmybittorrent
Webze
E107
Labgab
Phpnuke
Torrentflux Project
Opendb
Use of Insufficiently Random Values vulnerability in multiple products

The CAPTCHA implementation as used in (1) Francisco Burzi PHP-Nuke 7.0 and 8.1, (2) my123tkShop e-Commerce-Suite (aka 123tkShop) 0.9.1, (3) phpMyBitTorrent 1.2.2, (4) TorrentFlux 2.3, (5) e107 0.7.11, (6) WebZE 0.5.9, (7) Open Media Collectors Database (aka OpenDb) 1.5.0b4, and (8) Labgab 1.1 uses a code_bg.jpg background image and the PHP ImageString function in a way that produces an insufficient number of different images, which allows remote attackers to pass the CAPTCHA test via an automated attack using a table of all possible image checksums and their corresponding digit strings.

7.5

1 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-05-02 CVE-2008-2052 Bitrix24 Open Redirect vulnerability in Bitrix24 Bitrix Site Manager 6.5

Open redirect vulnerability in redirect.php in Bitrix Site Manager 6.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the goto parameter.

6.1

0 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS