Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-12-31 | CVE-2004-2482 | Unspecified vulnerability in Microsoft Outlook 2000/2003 Microsoft Outlook 2000 and 2003, when configured to use Microsoft Word 2000 or 2003 as the e-mail editor and when forwarding e-mail, does not properly handle an opening OBJECT tag that does not have a closing OBJECT tag, which causes Outlook to automatically download the URI in the data property of the OBJECT tag and might allow remote attackers to execute arbitrary code. | 5.0 |
| 2004-12-31 | CVE-2004-2481 | Local Security vulnerability in Myproxy 6.58 MyProxy 6.58 allows remote authenticated users in the Users Tab to connect to arbitrary hosts from the MyProxy server, possibly bypassing access restrictions, by connecting to the proxy and issuing a CONNECT command. | 4.6 |
| 2004-12-31 | CVE-2004-2480 | Unspecified vulnerability in National Science Foundation Squid web Proxy Cache 2.3Stable5 Squid Web Proxy Cache 2.3.STABLE5 allows remote attackers to bypass security controls and access arbitrary websites via "@@" sequences in a URL within Internet Explorer. | 5.0 |
| 2004-12-31 | CVE-2004-2479 | Information Disclosure vulnerability in Squid Proxy Failed DNS Lookup Random Error Messages Squid Web Proxy Cache 2.5 might allow remote attackers to obtain sensitive information via URLs containing invalid hostnames that cause DNS operations to fail, which results in references to previously used error messages. | 5.0 |
| 2004-12-31 | CVE-2004-2478 | Directory Traversal vulnerability in Jetty Unspecified vulnerability in Jetty HTTP Server, as used in (1) IBM Trading Partner Interchange before 4.2.4, (2) CA Unicenter Web Services Distributed Management (WSDM) before 3.11, and possibly other products, allows remote attackers to read arbitrary files via a .. | 7.5 |
| 2004-12-31 | CVE-2004-2477 | Unspecified vulnerability in Diamondcs Process Guard Free 2.000 DiamondCS Process Guard Free 2.000 allows local users to disable the process guard protection system by overwriting the current Service Descriptor Table (SDT) in \device\physicalmemory with the original SDT found in ntoskrnl.exe. | 2.1 |
| 2004-12-31 | CVE-2004-2476 | Unspecified vulnerability in Microsoft Internet Explorer 6.0.2800 Microsoft Internet Explorer 6.0 allows remote attackers to cause a denial of service (infinite loop and crash) via an IFRAME with "?" as the file source. | 2.6 |
| 2004-12-31 | CVE-2004-2475 | HTML Injection vulnerability in Google Toolbar About.HTML Cross-site scripting (XSS) vulnerability in Google Toolbar 2.0.114.1 allows remote attackers to inject arbitrary web script via about.html in the About section. network google | 4.3 |
| 2004-12-31 | CVE-2004-2474 | SQL Injection vulnerability in PHPnews 1.2.3 SQL injection vulnerability in PHPNews 1.2.3 allows remote attackers to execute arbitrary SQL commands via the mid parameter to sendtofriend.php. | 7.5 |
| 2004-12-31 | CVE-2004-2473 | Link Following vulnerability in Wmfrog 0.1.6 wmFrog weather monitor 0.1.6 and other versions before 0.2.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files. | 1.2 |