Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-12-31 | CVE-2004-2674 | Multiple vulnerability in ArGoSoft FTP Server Directory traversal vulnerability in ArGoSoft FTP Server before 1.4.1.6 allows remote authenticated users to determine the existence of arbitrary files via ".." sequences in the SITE UNZIP argument. | 6.8 |
| 2004-12-31 | CVE-2004-2673 | Multiple vulnerability in ArGoSoft FTP Server Multiple buffer overflows in ArGoSoft FTP Server before 1.4.1.6 allow remote authenticated users to cause a denial of service and possibly execute arbitrary code via (1) a SITE ZIP command with a long first or second argument, or (2) a SITE COPY with a long argument. | 9.0 |
| 2004-12-31 | CVE-2004-2672 | Remote Security vulnerability in Argosoft FTP Server 1.4.2 Unspecified vulnerability in ArGoSoft FTP server before 1.4.2.2 allows attackers to upload .lnk files via unknown vectors. | 7.5 |
| 2004-12-31 | CVE-2004-2671 | Path Disclosure vulnerability in Endonesia 8.3 mod.php in eNdonesia 8.3 allows remote attackers to obtain sensitive information via certain direct requests, and certain requests with invalid parameter values, which reveal the path in various error messages, as demonstrated by the (1) mod and (2) cid parameters. | 5.0 |
| 2004-12-31 | CVE-2004-2670 | Cross-Site Scripting vulnerability in Endonesia 8.3 Multiple cross-site scripting (XSS) vulnerabilities in mod.php in eNdonesia 8.3 allow remote attackers to inject arbitrary web script or HTML via (1) the mod parameter in a viewcat operation or (2) the query parameter in a search operation in the publisher module. network endonesia | 6.8 |
| 2004-12-31 | CVE-2004-2669 | Remote SQL Injection vulnerability in Neocrome Land Down Under 701 Multiple SQL injection vulnerabilities in Land Down Under (LDU) v701 allow remote attackers to execute arbitrary SQL commands or obtain the installation path via parameters including (1) s, w, and d in users.php, (2) id in comments.php, (3) rusername in auth.php, or (4) h in plug.php. | 7.5 |
| 2004-12-31 | CVE-2004-2668 | SQL-Injection vulnerability in Interchange SQL injection vulnerability in Interchange before 4.8.9 allows remote attackers to execute arbitrary SQL commands via unknown vectors. | 7.5 |
| 2004-12-31 | CVE-2004-2667 | Cross-Site Scripting vulnerability in Lotus Domino Cross-site scripting (XSS) vulnerability in Lotus Domino 6.0.x before 6.0.4 and 6.5.x before 6.5.2 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. network ibm | 6.8 |
| 2004-12-31 | CVE-2004-2666 | Information Disclosure vulnerability in Mantis Mantis before 20041016 provides a complete Issue History (Bug History) in the web interface regardless of view_history_threshold, which allows remote attackers to obtain sensitive information (private bug details) by visiting a bug's web page. | 5.0 |
| 2004-12-31 | CVE-2004-2665 | Denial-Of-Service vulnerability in HP Hp-Ux 11.00/11.11/11.4 Unspecified vulnerability in the Address and Routing Parameter Area (ARPA) transport software in HP-UX B.11.00, B.11.04, and B.11.11 before 20040628 allows local users to cause a denial of service via unspecified vectors. | 4.9 |