Weekly Vulnerabilities Reports > June 22 to 28, 2009
Overview
3 new vulnerabilities reported during this period, including 1 critical vulnerabilities and 1 high severity vulnerabilities. This weekly summary report vulnerabilities in 4 products from 3 vendors including Citrix, Egyplus, and Torrenttrader Project. Vulnerabilities are notably categorized as "Use of Insufficiently Random Values", "Incorrect Authorization", and "Improper Authentication".
- 3 reported vulnerabilities are remotely exploitables.
- 4 reported vulnerabilities have public exploit available.
- 1 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 2 reported vulnerabilities are exploitable by an anonymous user.
- Citrix has the most reported vulnerabilities, with 1 reported vulnerabilities.
- Egyplus has the most reported critical vulnerabilities, with 1 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
1 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2009-06-22 | CVE-2009-2168 | Egyplus | Improper Authentication vulnerability in Egyplus 7Ammel 1.0.1 cpanel/login.php in EgyPlus 7ammel (aka 7ml) 1.0.1 and earlier sends a redirect to the web browser but does not exit when the supplied credentials are incorrect, which allows remote attackers to bypass authentication by providing arbitrary username and password parameters. | 9.8 |
1 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2009-06-22 | CVE-2009-2158 | Torrenttrader Project | Use of Insufficiently Random Values vulnerability in Torrenttrader Project Torrenttrader 1.09 account-recover.php in TorrentTrader Classic 1.09 chooses random passwords from an insufficiently large set, which makes it easier for remote attackers to obtain a password via a brute-force attack. | 7.5 |
1 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2009-06-25 | CVE-2009-2213 | Citrix | Incorrect Authorization vulnerability in Citrix products The default configuration of the Security global settings on the Citrix NetScaler Access Gateway appliance with Enterprise Edition firmware 9.0, 8.1, and earlier specifies Allow for the Default Authorization Action option, which might allow remote authenticated users to bypass intended access restrictions. | 6.5 |
0 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|