Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-12-31 | CVE-2004-2570 | Injection vulnerability in Opera Browser Opera before 7.54 allows remote attackers to modify properties and methods of the location object and execute Javascript to read arbitrary files from the client's local filesystem or display a false URL to the user. | 5.0 |
| 2004-12-31 | CVE-2004-2569 | Symbolic Link vulnerability in IPMenu Log File ipmenu 0.0.3 before Debian GNU/Linux ipmenu_0.0.3-5 allows local users to overwrite arbitrary files via a symlink attack on the ipmenu.log temporary file. | 2.1 |
| 2004-12-31 | CVE-2004-2568 | SQL Injection and Cross-Site Scripting vulnerability in ReciPants Multiple cross-site scripting (XSS) vulnerabilities in ReciPants 1.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) user id, (2) recipe id, (3) category id, and (4) other ID number fields. network recipants | 4.3 |
| 2004-12-31 | CVE-2004-2567 | SQL Injection and Cross-Site Scripting vulnerability in ReciPants Multiple SQL injection vulnerabilities in ReciPants 1.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) user id, (2) recipe id, (3) category id, and (4) other ID number fields. | 7.5 |
| 2004-12-31 | CVE-2004-2566 | Cross-Site Scripting vulnerability in Livefocusgroup Multiple cross-site scripting (XSS) vulnerabilities in LiveWorld products, possibly including (1) LiveForum, (2) LiveQ&A, (3) LiveChat, and (4) LiveFocusGroup, allow remote attackers to inject arbitrary web script or HTML via the q parameter in (a) search.jsp, (b) findclub!execute.jspa, and (c) search!execute.jspa. network liveworld | 4.3 |
| 2004-12-31 | CVE-2004-2565 | Multiple vulnerability in Sambar Server 6.1 Multiple directory traversal vulnerabilities in Sambar Server 6.1 Beta 2 on Windows, and possibly other versions on Linux, when the administrative IP address restrictions have been modified from the default, allow remote authenticated users to read arbitrary files via (1) a "..\" (dot dot backslash) in the file parameter to showini.asp, or (2) an absolute path with drive letter in the log parameter to showlog.asp. | 5.0 |
| 2004-12-31 | CVE-2004-2564 | Multiple vulnerability in Sambar Server 6.1 Multiple cross-site scripting (XSS) vulnerabilities in Sambar Server 6.1 Beta 2 on Windows, and possibly other versions on Linux, allow remote attackers to inject arbitrary web script or HTML via (1) the show parameter in show.asp and (2) the title parameter in showperf.asp. network sambar | 4.3 |
| 2004-12-31 | CVE-2004-2563 | Remote Authentication Bypass vulnerability in Serena Software Serena Teamtrack 6.1.1 Serena TeamTrack 6.1.1 allows remote attackers to obtain sensitive information such as user names, versions, and database information, and conduct cross-site scripting (XSS) attacks, via a direct request to tmtrack.dll with modified LoginPage and Template parameters. network serena-software | 5.8 |
| 2004-12-31 | CVE-2004-2561 | SQL Injection vulnerability in Internet Sofware Sciences Web+Center 4.0.1 Multiple SQL injection vulnerabilities in Internet Software Sciences Web+Center 4.0.1 allow remote attackers to execute arbitrary SQL commands via (1) the ISS_TECH_CENTER_LOGIN cookie in search.asp and (2) one or more cookies in DoCustomerOptions.asp. | 7.5 |
| 2004-12-31 | CVE-2004-2560 | Remote Arbitrary File Upload vulnerability in DokuWiki DokuWiki before 2004-10-19, when used on a web server that permits execution based on file extension, allows remote attackers to execute arbitrary code by uploading a file with an appropriate extension such as ".php" or ".cgi". | 7.5 |