Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-12-31 | CVE-2004-2580 | Remote vulnerability in Novell Ichain 2.3 Cross-site scripting (XSS) vulnerability in Novell iChain 2.3 allows remote attackers to obtain login credentials via unspecified vectors. network novell | 5.8 |
| 2004-12-31 | CVE-2004-2579 | Remote vulnerability in Novell Ichain 2.3 ACLCHECK module in Novell iChain 2.3 allows attackers to bypass access control rules of an unspecified component via an unspecified attack vector involving a string that contains escape sequences represented with "overlong UTF-8 encoding." | 7.5 |
| 2004-12-31 | CVE-2004-2578 | Information Disclosure vulnerability in PHPGroupWare Plaintext Cookie Authentication Credentials phpGroupWare before 0.9.16.002 transmits the (1) header admin and (2) setup passwords in plaintext via cookies, which allows remote attackers to sniff passwords. | 5.0 |
| 2004-12-31 | CVE-2004-2577 | Unspecified vulnerability in PHPgroupware 0.9.16Rc1/0.9.16Rc2 The acl_check function in phpGroupWare 0.9.16RC2 always returns True, even when mkdir does not behave as expected, which could allow remote attackers to obtain sensitive information via WebDAV from users' home directories that lack .htaccess files, and possibly has other unknown impacts. | 5.0 |
| 2004-12-31 | CVE-2004-2576 | Information Disclosure vulnerability in PHPgroupware 0.9.16.000 class.vfs_dav.inc.php in phpGroupWare 0.9.16.000 does not create .htaccess files to enable authorization checks for access to users' home-directory files, which allows remote attackers to obtain sensitive information from these files. | 5.0 |
| 2004-12-31 | CVE-2004-2575 | Information Disclosure vulnerability in Phpgroupware phpGroupWare 0.9.14.005 and earlier allow remote attackers to obtain sensitive information via a direct request to (1) hook_admin.inc.php, (2) hook_home.inc.php, (3) class.holidaycalc.inc.php, and (4) setup.inc.php.sample, which reveals the path in an error message. | 5.0 |
| 2004-12-31 | CVE-2004-2574 | HTML Injection vulnerability in PHPgroupware 0.9.16.000/0.9.16.002/0.9.16.003 Cross-site scripting (XSS) vulnerability in index.php in phpGroupWare 0.9.14.005 and earlier allows remote attackers to inject arbitrary web script or HTML via the date parameter in a calendar.uicalendar.planner menuaction. network phpgroupware | 4.3 |
| 2004-12-31 | CVE-2004-2573 | Remote File Include vulnerability in PHPgroupware 0.9.14.003 PHP remote file inclusion vulnerability in tables_update.inc.php in phpGroupWare 0.9.14.005 and earlier allows remote attackers to execute arbitrary PHP code via an external URL in the appdir parameter. | 7.5 |
| 2004-12-31 | CVE-2004-2572 | Remote Installation Path Disclosure vulnerability in Amax Information Technologies Magic Winmail Server 3.6 AMAX Magic Winmail Server 3.6 allows remote attackers to obtain sensitive information by entering (1) invalid characters such as "()" or (2) a large number of characters in the Lookup field on the netaddressbook.php web form, which reveals the path in an ldaplib.php error message when the ldap_search function fails, due to improper processing of the $keyword variable. | 5.0 |
| 2004-12-31 | CVE-2004-2571 | Buffer Overflow vulnerability in Isoqlog Multiple buffer overflows in EnderUNIX isoqlog 2.1.1 allow remote attackers to execute arbitrary code via the (1) parseQmailFromBytesLine, (2) parseQmailToRemoteLine, (3) parseQmailToLocalLine, (4) parseSendmailFromBytesLine, (5) parseSendmailToLine, (6) parseEximFromBytesLine, and (7) parseEximToLine functions in Parser.c; allow local users to execute arbitrary code via the (8) lowercase and (9) check_syslog_date functions in Parser.c, and (10) unspecified functions in Dir.c; and allow unspecified attackers to execute arbitrary code via the (11) loadconfig and (12) removespaces functions in loadconfig.c, the (13) loadLang function in LangCfg.c, and (14) unspecified functions in Html.c. | 7.5 |