Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-12-31 | CVE-2004-2748 | Information Exposure vulnerability in Webtrends Reporting Center 6.1A viewreport.pl in NetIQ WebTrends Reporting Center Enterprise Edition 6.1a allows remote attackers to determine the installation path via an invalid profileid parameter, which leaks the pathname in an error message. | 4.3 |
| 2004-12-31 | CVE-2004-2747 | Path Traversal vulnerability in Pablo Software Solutions Quick N Easy FTP Server 1.77 Directory traversal vulnerability in Pablo Software Solutions Quick 'n Easy FTP Server 1.77, and possibly earlier versions, allows remote authenticated users to determine the existence of arbitrary files via a .. | 4.0 |
| 2004-12-31 | CVE-2004-2746 | SQL Injection vulnerability in Pensacola web Designs Xtremeasp Photogallery 2.0 SQL injection vulnerability in adminlogin.asp in XTREME ASP Photo Gallery 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. | 7.5 |
| 2004-12-31 | CVE-2004-2745 | Path Traversal vulnerability in Anteco Visual Technologies Ownserver Directory traversal vulnerability in Anteco Visual Technologies OwnServer 1.0 and earlier allows remote attackers to read arbitrary files via a .. | 7.8 |
| 2004-12-31 | CVE-2004-2744 | Remote Security vulnerability in Mailing List Manager Unspecified vulnerability in Tincan Limited PHPlist before 2.8.12 has unknown impact and attack vectors, related to a "security update release." | 5.0 |
| 2004-12-31 | CVE-2004-2743 | Permissions, Privileges, and Access Controls vulnerability in Raditha Dissanayake Mega Upload Progress BAR upload.cgi in Mega Upload Progress Bar before 1.45 allows remote attackers to copy or overwrite arbitrary files via unspecified parameters related to names of uploaded files. | 6.4 |
| 2004-12-31 | CVE-2004-2742 | Cross-Site Scripting vulnerability in Businessobjects Crystal Enterprise 10/8.5/9 Cross-site scripting (XSS) vulnerability in the report viewer in Crystal Enterprise 8.5, 9, and 10 allows remote attackers to inject arbitrary web script or HTML via script in the URL to a report (RPT) file. | 4.3 |
| 2004-12-31 | CVE-2004-2741 | Cross-Site Scripting vulnerability in Horde Application Framework Cross-site scripting (XSS) vulnerability in the "help window" (help.php) in Horde Application Framework 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) module, (2) topic, or (3) module parameters. | 4.3 |
| 2004-12-31 | CVE-2004-2740 | Code Injection vulnerability in PHProjekt PHP remote file inclusion vulnerability in authform.inc.php in PHProjekt 4.2.3 and earlier allows remote attackers to include arbitrary PHP code via a URL in the path_pre parameter. | 4.3 |
| 2004-12-31 | CVE-2004-2739 | Permissions, Privileges, and Access Controls vulnerability in PHProjekt The setup routine (setup.php) in PHProjekt 4.2.1 and earlier allows remote attackers to modify system configuration via unknown attack vectors. | 7.5 |