Weekly Vulnerabilities Reports > November 23 to 29, 2009
Overview
2 new vulnerabilities reported during this period, including 0 critical vulnerabilities and 0 high severity vulnerabilities. This weekly summary report vulnerabilities in 2 products from 2 vendors including Dovecot, and Home FTP Server Project. Vulnerabilities are notably categorized as "Incorrect Permission Assignment for Critical Resource", and "Path Traversal".
- 1 reported vulnerabilities are remotely exploitables.
- 1 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- Dovecot has the most reported vulnerabilities, with 1 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
0 Critical Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|
0 High Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|
2 Medium Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2009-11-23 | CVE-2009-4053 | Home FTP Server Project | Path Traversal vulnerability in Home FTP Server Project Home FTP Server 1.10.1.139 Multiple directory traversal vulnerabilities in Home FTP Server 1.10.1.139 allow remote authenticated users to (1) create arbitrary directories via directory traversal sequences in an MKD command or (2) create files with any contents in arbitrary directories via directory traversal sequences in a file upload request. | 6.5 |
| 2009-11-24 | CVE-2009-3897 | Dovecot | Incorrect Permission Assignment for Critical Resource vulnerability in Dovecot Dovecot 1.2.x before 1.2.8 sets 0777 permissions during creation of certain directories at installation time, which allows local users to access arbitrary user accounts by replacing the auth socket, related to the parent directories of the base_dir directory, and possibly the base_dir directory itself. | 5.5 |
0 Low Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|