Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-12-31 | CVE-2004-2695 | SQL Injection vulnerability in multiple products SQL injection vulnerability in the Authorize.net callback code (subscriptions/authorize.php) in Jelsoft vBulletin 3.0 through 3.0.3 allows remote attackers to execute arbitrary SQL statements via the x_invoice_num parameter. | 7.5 |
| 2004-12-31 | CVE-2004-2694 | Permissions, Privileges, and Access Controls vulnerability in Microsoft Outlook Express 6.0 Microsoft Outlook Express 6.0 allows remote attackers to bypass intended access restrictions, load content from arbitrary sources into the Outlook context, and facilitate phishing attacks via a "BASE HREF" with the target set to "_top". | 5.8 |
| 2004-12-31 | CVE-2004-2693 | Permissions, Privileges, and Access Controls vulnerability in HP Hp-Ux 11.00/11.04/11.11 HP-UX B.11.00 and B.11.11 with B6848AB GTK+ Support Libraries installed uses insecure directory permissions, which allows local users to gain privileges via files in /opt/gnome/src/GLib/. | 7.2 |
| 2004-12-31 | CVE-2004-2692 | Permissions, Privileges, and Access Controls vulnerability in Kyberdigi Labs PHP-Exec-Dir The exec_dir PHP patch (php-exec-dir) 4.3.2 through 4.3.7 with safe mode disabled allows remote attackers to bypass restrictions and execute arbitrary commands via a backtick operator, which is not handled using the php_escape_shell_cmd function. | 9.3 |
| 2004-12-31 | CVE-2004-2691 | Denial-Of-Service vulnerability in 3Com 3C17205-Us, 3C17210-Us and Superstack 3 Switch Unspecified vulnerability in 3Com SuperStack 3 4400 switches with firmware version before 3.31 allows remote attackers to cause a denial of service (device reset) via a crafted request to the web management interface. network 3com | 7.1 |
| 2004-12-31 | CVE-2004-2690 | File-Upload vulnerability in newsPHP Unrestricted file upload vulnerability in the Administration Panel for NewsPHP allows remote authenticated administrators to upload and execute arbitrary code instead of video files. network newsphp | 8.5 |
| 2004-12-31 | CVE-2004-2689 | Permissions, Privileges, and Access Controls vulnerability in Newsphp NewsPHP allows remote attackers to gain unauthorized administrative access by setting a cookie to the "autorized=admin; root=admin" value. | 10.0 |
| 2004-12-31 | CVE-2004-2688 | Cross-Site Scripting vulnerability in Newsphp Cross-site scripting (XSS) vulnerability in index.php in NewsPHP allows remote attackers to inject arbitrary web script or HTML via the cat_id parameter. | 4.3 |
| 2004-12-31 | CVE-2004-2687 | Configuration vulnerability in multiple products distcc 2.x, as used in XCode 1.5 and others, when not configured to restrict access to the server port, allows remote attackers to execute arbitrary commands via compilation jobs, which are executed by the server without authorization checks. | 9.3 |
| 2004-12-31 | CVE-2004-2686 | Path Traversal vulnerability in SUN Solaris and Sunos Directory traversal vulnerability in the vfs_getvfssw function in Solaris 2.6, 7, 8, and 9 allows local users to load arbitrary kernel modules via crafted (1) mount or (2) sysfs system calls. | 7.2 |