Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2004-12-31 | CVE-2004-2514 | HTML Injection vulnerability in Powerportal 1.1B/1.3/1.3B Cross-site scripting (XSS) vulnerability in modules/private_messages/index.php in PowerPortal 1.x allows remote attackers to inject arbitrary web script or HTML via the (1) SUBJECT or (2) MESSAGE field. network powerportal | 4.3 |
2004-12-31 | CVE-2004-2513 | Remote Security vulnerability in Pmail Pegasus 4.01 Buffer overflow in the IMAP service of Mercury (Pegasus) Mail 4.01 allows remote attackers to execute arbitrary code via a long SELECT command. | 10.0 |
2004-12-31 | CVE-2004-2512 | Unspecified vulnerability in Codeworx Technologies Dcp-Portal CRLF injection vulnerability in calendar.php in DCP-Portal 5.3.2 and earlier allows remote attackers to conduct HTTP response splitting attacks to spoof web content and poison web caches via CRLF ("%0d%0a") sequences in the PHPSESSID parameter. network codeworx-technologies | 4.3 |
2004-12-31 | CVE-2004-2511 | Cross-Site Scripting vulnerability in DCP-Portal Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal 5.3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the year, (2) month, and (3) day parameters in calendar.php; (4) the cid and (5) url parameters in index.php; (6) the cid parameter in annoucement.php; (7) the cid parameter in news.php; (8) the cid parameter in contents.php; (9) the q parameter in search.php; and (10) the country parameter in register.php. network codeworx-technologies | 4.3 |
2004-12-31 | CVE-2004-2510 | Cross-Site Scripting vulnerability in UBBCentral UBB.threads Cross-site scripting (XSS) vulnerability in showflat.php in Infopop UBB.Threads before 6.5 allows remote attackers to inject arbitrary web script or HTML via the Cat parameter. network ubbcentral | 4.3 |
2004-12-31 | CVE-2004-2509 | Cross-Site Scripting vulnerability in Ubbcentral Ubb.Threads 6.2.3/6.5 Cross-site scripting (XSS) vulnerabilities in (1) calendar.php, (2) login.php, and (3) online.php in Infopop UBB.Threads 6.2.3 and 6.5 allow remote attackers to inject arbitrary web script or HTML via the Cat parameter. network ubbcentral | 4.3 |
2004-12-31 | CVE-2004-2508 | Cross-Site Scripting vulnerability in Linksys Wvc11B 2.10 Cross-site scripting (XSS) vulnerability in main.cgi in Linksys WVC11B Wireless-B Internet Video Camera allows remote attackers to inject arbitrary web script or HTML via the next_file parameter. network linksys | 4.3 |
2004-12-31 | CVE-2004-2507 | Unspecified vulnerability in Linksys Wvc11B 2.10 Absolute path traversal vulnerability in main.cgi in Linksys WVC11B Wireless-B Internet Video Camera allows remote attackers to read arbitrary files via an absolute pathname in the next_file parameter. | 5.0 |
2004-12-31 | CVE-2004-2506 | Information Disclosure vulnerability in Wikindx Unparsed web content delivery vulnerability in WIKINDX before 0.9.9g allows remote attackers to obtain sensitive information via a direct HTTP request to the config.inc file. | 5.0 |
2004-12-31 | CVE-2004-2505 | Denial Of Service vulnerability in Macromedia ColdFusion MX Oversized Error Message Macromedia ColdFusion MX before 6.1 does not restrict the size of error messages, which allows remote attackers to cause a denial of service (memory consumption and crash) by sending repeated GET or POST requests that trigger error messages that use long strings of data. | 5.0 |