Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-12-31 | CVE-2004-2757 | Cross-Site Scripting vulnerability in Novell Ichain 2.1/2.2 Cross-site scripting (XSS) vulnerability in the failed login page in Novell iChain before 2.2 build 2.2.113 and 2.3 First Customer Ship (FCS) allows remote attackers to inject arbitrary web script or HTML via url parameter. | 4.3 |
| 2004-12-31 | CVE-2004-2756 | Cross-Site Scripting vulnerability in Xoops Cross-site scripting (XSS) vulnerability in viewtopic.php in Xoops 2.x, possibly 2 through 2.0.5, allows remote attackers to inject arbitrary web script or HTML via the (1) forum and (2) topic_id parameters. | 4.3 |
| 2004-12-31 | CVE-2004-2755 | Cross-Site Scripting vulnerability in Symantec web Security 2.5/3.0/3.0.1 Cross-site scripting (XSS) vulnerability in Symantec Web Security 2.5, 3.0.0, and 3.0.1 before build 62 allows remote attackers to inject arbitrary web script or HTML via the query string in blocked URLs that are listed in (1) error or (2) block page messages. | 4.3 |
| 2004-12-31 | CVE-2004-2754 | SQL Injection vulnerability in Yabb SE SQL injection vulnerability in SSI.php in YaBB SE 1.5.4, 1.5.3, and possibly other versions before 1.5.5 allows remote attackers to execute arbitrary SQL commands via the ID_MEMBER parameter to the (1) recentTopics and (2) welcome functions. | 7.5 |
| 2004-12-31 | CVE-2004-2753 | Local Insecure File Access vulnerability in HP SharedX Unspecified vulnerability in SharedX in HP-UX B.11.00, B.11.11, and B.11.22 allows local users to access unspecified files or cause a denial of service via unknown vectors related to handling of "files in a potentially insecure manner." | 5.6 |
| 2004-12-31 | CVE-2004-2752 | Cross-Site Scripting vulnerability in Postnuke Software Foundation Postnuke 0.726 Cross-site scripting (XSS) vulnerability in the Downloads module in PostNuke up to 0.726, and possibly later versions, allows remote attackers to inject arbitrary HTML and web script via the ttitle parameter in a viewdownloaddetails action. | 4.3 |
| 2004-12-31 | CVE-2004-2751 | SQL Injection vulnerability in Postnuke Software Foundation Postnuke 0.722/0.723/0.726 SQL injection vulnerability in the members_list module in PostNuke 0.726, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the sortby parameter. | 6.8 |
| 2004-12-31 | CVE-2004-2750 | Path Traversal vulnerability in Jbrowser 1.0/2.0/2.1 Directory traversal vulnerability in browser.php in JBrowser 1.0 through 2.1 allows remote attackers to read arbitrary files via the directory parameter. | 5.0 |
| 2004-12-31 | CVE-2004-2749 | Path Traversal vulnerability in 2Wire Homeportal Directory traversal vulnerability in wra/public/wralogin in 2Wire Gateway, possibly as used in HomePortal and other product lines, allows remote attackers to read arbitrary files via a .. | 4.3 |
| 2004-12-31 | CVE-2004-2748 | Information Exposure vulnerability in Webtrends Reporting Center 6.1A viewreport.pl in NetIQ WebTrends Reporting Center Enterprise Edition 6.1a allows remote attackers to determine the installation path via an invalid profileid parameter, which leaks the pathname in an error message. | 4.3 |