Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-12-31 | CVE-2004-2621 | Unspecified vulnerability in Nortel Contivity Nortel Contivity VPN Client 2.1.7, 3.00, 3.01, 4.91, and 5.01, when opening a VPN tunnel, does not check the gateway certificate until after a dialog box has been displayed to the user, which creates a race condition that allows remote attackers to perform a man-in-the-middle (MITM) attack. | 4.0 |
| 2004-12-31 | CVE-2004-2620 | Remote Security vulnerability in Paul L Daniels Ripmime 1.3.1.0 The MIMEH_read_headers function in ripMIME 1.3.1.0 does not properly handle trailing "\r" and "\n" characters in headers, which leads to a buffer underflow. | 5.0 |
| 2004-12-31 | CVE-2004-2619 | Unspecified vulnerability in Paul L Daniels Ripmime ripMIME 1.3.2.3 and earlier allows remote attackers to bypass e-mail protection via a base64 MIME encoded attachment containing invalid characters that are not properly extracted. | 7.5 |
| 2004-12-31 | CVE-2004-2618 | Input Validation vulnerability in Pegasi web Server Pegasi web Server 0.2.2 Cross-site scripting (XSS) vulnerability in Pegasi Web Server (PWS) 0.2.2 allows remote attackers to inject arbitrary web script or HTML via the URI, directly after the initial '/' (slash). network pegasi-web-server | 4.3 |
| 2004-12-31 | CVE-2004-2617 | Input Validation vulnerability in Pegasi web Server Pegasi web Server 0.2.2 Directory traversal vulnerability in Pegasi Web Server (PWS) 0.2.2 allows remote attackers to read files outside of the web root via a .. | 5.0 |
| 2004-12-31 | CVE-2004-2615 | Local Security vulnerability in Cutephp Cutenews 1.3.6 The documentation for CuteNews 1.3.6 and possibly other versions specifies that files under cutenews/data must be manually given world-writable permissions, which allows local users to insert false news, delete news, and possibly gain privileges or have other unknown impact. | 4.6 |
| 2004-12-31 | CVE-2004-2614 | Buffer Overflow vulnerability in Xuebrothers Myweb 3.3 Buffer overflow in MyWeb 3.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP GET request. | 7.5 |
| 2004-12-31 | CVE-2004-2613 | Remote Security vulnerability in Linux-VServer Unspecified vulnerability in procfs in the Linux-VServer stable branch for the 2.4 kernel before 1.23 and Linux-VServer development branch for the 2.4 kernel before 1.3.5 has unspecified impact and attack vectors, related to "write access to specific proc entries from a vserver context", a different vulnerability than CVE-2004-2408. | 10.0 |
| 2004-12-31 | CVE-2004-2612 | Authentication Bypass vulnerability in BNC 2.9.0 BNC 2.9.0 only grants access when an incorrect password is provided, which allows remote attackers to use the functionality intended for authorized users. | 7.5 |
| 2004-12-31 | CVE-2004-2611 | Denial-Of-Service vulnerability in Sophster The Change Permissions function in the Sophster suite before 0.9.6 28 May 2004 (aka 0.9.6-r5), possibly including Sophster, FreeSophster, and FreeSophsterPAM, removes the (1) setuid, (2) setgid, and (3) sticky bits when changing a file, which might allow attackers to gain privileges or conduct other unauthorized activities. | 4.6 |