Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-12-31 | CVE-2004-2610 | Local Security vulnerability in Mntd mntd_mount.c in mntd before 0.4.2 might allow local users to gain privileges via shell metacharacters in a remount option in the configuration file. | 4.6 |
| 2004-12-31 | CVE-2004-2609 | Unspecified vulnerability in Symantec Powerquest Deploycenter 5.5 The stuffit.com executable on Symantec PowerQuest DeployCenter 5.5 boot disks allows local users to obtain sensitive information (an unencrypted password for a Windows domain account) via four "stuffit /f:stuffit.dat" invocations, possibly due to a buffer overflow. | 2.1 |
| 2004-12-31 | CVE-2004-2608 | Permissions, Privileges, and Access Controls vulnerability in Smartwebby Smart Guest Book 2 SmartWebby Smart Guest Book stores SmartGuestBook.mdb (aka the "news database") under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as the unencrypted username and password of the administrator's account. | 5.0 |
| 2004-12-31 | CVE-2004-2607 | Unspecified vulnerability in Linux Kernel A numeric casting discrepancy in sdla_xfer in Linux kernel 2.6.x up to 2.6.5 and 2.4 up to 2.4.29-rc1 allows local users to read portions of kernel memory via a large len argument, which is received as an int but cast to a short, which prevents a read loop from filling a buffer. | 2.1 |
| 2004-12-31 | CVE-2004-2606 | Remote Administration Service Weakness in Linksys WRT54G Router World Accessible The Web interface in Linksys WRT54G 2.02.7 and BEFSR41 version 3, with the firewall disabled, allows remote attackers to attempt to login to an administration web page, even when the configuration specifies that remote administration is disabled. | 7.5 |
| 2004-12-31 | CVE-2004-2605 | Local Insecure Temporary File Creation vulnerability in Astats 1.6.5 aStats 1.6.5 allows local users to overwrite arbitrary files via a symlink attack on (1) the aStats-Graphic-Signature-Generation file and (2) certain PNG image files. | 2.1 |
| 2004-12-31 | CVE-2004-2604 | Cross-Site Scripting vulnerability in PHProxy 0.1/0.2/0.3 Cross-site scripting (XSS) vulnerability in index.php in PHProxy allows remote attackers to inject arbitrary web script or HTML via the error parameter. network phproxy | 4.3 |
| 2004-12-31 | CVE-2004-2603 | Remote vulnerability in Help Center Live Cross-site scripting (XSS) vulnerability in the Search module in UberTec Help Center Live (HCL) allows remote attackers to inject arbitrary web script or HTML via the find parameter to index.php. network ubertec | 4.3 |
| 2004-12-31 | CVE-2004-2602 | Remote vulnerability in Help Center Live PHP remote file inclusion vulnerability in UberTec Help Center Live (HCL) before 1.2.7 allows remote attackers to execute arbitrary PHP code via a URL in the HCL_path parameter to pipe.php. network ubertec | 6.8 |
| 2004-12-31 | CVE-2004-2601 | Remote Security vulnerability in Ubertec Help Center Live 1.2.6 PHP remote file inclusion vulnerability in UberTec Help Center Live (HCL) allows remote attackers to read local files and possibly execute PHP code via a URL in the SKIN_inner parameter to inc/skin.php. | 6.4 |