Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-12-31 | CVE-2004-2663 | Unspecified vulnerability in IBM Egatherer 2.0.0.16 The (1) SetDebugging and (2) RunEgatherer methods in IBM Access Support eGatherer ActiveX control 2.0.0.16 allow remote attackers to create files with arbitrary content, as demonstrated by creating a .hta file in a Startup folder. | 7.5 |
| 2004-12-31 | CVE-2004-2662 | Denial-Of-Service vulnerability in Soft3304 04Webserver 1.41 Soft3304 04WebServer before 1.41 allows remote attackers to cause a denial of service (resource consumption or crash) via certain data related to OpenSSL, which causes a thread to terminate but continue to hold resources. | 5.0 |
| 2004-12-31 | CVE-2004-2661 | Information Disclosure vulnerability in Soft3304 04Webserver 1.40 Soft3304 04WebServer before 1.41 does not properly check file names, which allows remote attackers to obtain sensitive information (CGI source code). | 5.0 |
| 2004-12-31 | CVE-2004-2659 | Race Condition vulnerability in multiple products Opera offers an Open button to verify that a user wishes to execute a downloaded file, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking Open via a request for a different mouse or keyboard action very shortly before the Open dialog appears. | 4.0 |
| 2004-12-31 | CVE-2004-2658 | Local Security vulnerability in Suse Linux 9.0 resmgr in SUSE CORE 9 does not properly identify terminal names, which allows local users to spoof terminals and login types. | 2.1 |
| 2004-12-31 | CVE-2004-2656 | Security vulnerability in Open Source Development Network Slashcode 2.2.5 Multiple cross-site scripting (XSS) vulnerabilities in Slashdot Like Automated Storytelling Homepage (Slash) (aka Slashcode) before R_2_5_0_41 allow remote attackers to inject arbitrary web script or HTML via (1) the topic parameter in search.pl and (2) the filter parameter in submit.pl. network open-source-development-network | 4.3 |
| 2004-12-31 | CVE-2004-2655 | Local Password Disclosure vulnerability in Xscreensaver 4.14/4.16/4.17 rdesktop 1.3.1 with xscreensaver 4.14, and possibly other versions, when running on Fedora and possibly other platforms, does not release the keyboard focus when xscreensaver starts, which causes the password to be entered into the active window when the user unlocks the screen. | 5.4 |
| 2004-12-31 | CVE-2004-2654 | Denial-Of-Service vulnerability in Squid 2.5Stable5 The clientAbortBody function in client_side.c in Squid Web Proxy Cache before 2.6 STABLE6 allows remote attackers to cause a denial of service (segmentation fault) via unspecified vectors that trigger a null dereference. | 5.0 |
| 2004-12-31 | CVE-2004-2653 | Remote Security vulnerability in Megabbs 2.0/2.1 Unspecified vulnerability in PD9 Software MegaBBS 2.0 and 2.1 allows attackers to gain privileges via unknown vectors involving (1) admin/userlevelmembers-edit.asp and (2) admin/edit-groups.asp. | 7.5 |
| 2004-12-31 | CVE-2004-2652 | Remote Denial Of Service vulnerability in Snort DecodeTCPOptions The DecodeTCPOptions function in decode.c in Snort before 2.3.0, when printing TCP/IP options using FAST output or verbose mode, allows remote attackers to cause a denial of service (crash) via packets with invalid TCP/IP options, which trigger a null dereference. | 7.8 |