Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-12-31 | CVE-2004-2563 | Remote Authentication Bypass vulnerability in Serena Software Serena Teamtrack 6.1.1 Serena TeamTrack 6.1.1 allows remote attackers to obtain sensitive information such as user names, versions, and database information, and conduct cross-site scripting (XSS) attacks, via a direct request to tmtrack.dll with modified LoginPage and Template parameters. network serena-software | 5.8 |
| 2004-12-31 | CVE-2004-2561 | SQL Injection vulnerability in Internet Sofware Sciences Web+Center 4.0.1 Multiple SQL injection vulnerabilities in Internet Software Sciences Web+Center 4.0.1 allow remote attackers to execute arbitrary SQL commands via (1) the ISS_TECH_CENTER_LOGIN cookie in search.asp and (2) one or more cookies in DoCustomerOptions.asp. | 7.5 |
| 2004-12-31 | CVE-2004-2560 | Remote Arbitrary File Upload vulnerability in DokuWiki DokuWiki before 2004-10-19, when used on a web server that permits execution based on file extension, allows remote attackers to execute arbitrary code by uploading a file with an appropriate extension such as ".php" or ".cgi". | 7.5 |
| 2004-12-31 | CVE-2004-2559 | Denial-Of-Service vulnerability in Dokuwiki DokuWiki before 2004-10-19 allows remote attackers to access administrative functionality including (1) Mediaselectiondialog, (2) Recent changes, (3) feed, and (4) search, possibly due to the lack of ACL checks. | 7.5 |
| 2004-12-31 | CVE-2004-2558 | Product Unspecified Credential Impersonation vulnerability in IBM Unspecified vulnerability in IBM Tivoli SecureWay Policy Director 3.8, Access Manager for e-business 3.9 to 5.1, Access Manager Identity Manager Solution 5.1, Configuration Manager 4.2, Configuration Manager for Automated Teller Machines 2.1.0, and IBM WebSphere Everyplace Server, Service Provider Offering for Multi-platforms 2.1.3 to 2.15 allow remote attackers to hijack sessions of authenticated users via unknown attack vectors involving certain cookies, aka "Potential Credential Impersonation Attack." | 7.5 |
| 2004-12-31 | CVE-2004-2557 | Unspecified vulnerability in Netgear Wg602 1.7.14 NetGear WG602 (aka WG602v1) Wireless Access Point 1.7.14 has a hardcoded account of username "superman" and password "21241036", which allows remote attackers to modify the configuration. | 5.0 |
| 2004-12-31 | CVE-2004-2556 | Unspecified vulnerability in Netgear Wg602 1.04.0/1.5.67 NetGear WG602 (aka WG602v1) Wireless Access Point firmware 1.04.0 and 1.5.67 has a hardcoded account of username "super" and password "5777364", which allows remote attackers to modify the configuration. | 5.0 |
| 2004-12-31 | CVE-2004-2555 | Unspecified vulnerability in Smartstuff Foolproof Security 3.9/3.9.4/3.9.7 Riverdeep FoolProof Security 3.9.x on Windows 98 and Windows ME uses weak cryptography (arithmetic and XOR operations) to relate the Control password to the Administrator password, which allows local users to calculate the Administrator password if they know the Control password and password recovery key. | 2.1 |
| 2004-12-31 | CVE-2004-2554 | Local Privilege Escalation vulnerability in Novell Client Firewall 2.0 Novell Client Firewall (NCF) 2.0, as based on the Agnitum Outpost Firewall, allows local users to execute arbitrary code with SYSTEM privileges by opening the NCF tray icon and using the Help functionality to launch programs with SYSTEM privileges. | 7.2 |
| 2004-12-31 | CVE-2004-2553 | Privilege Escalation vulnerability in the Ignition Project Ignitionserver 0.1.2/0.1.2R1/0.1.2R2 The Ignition Project ignitionServer 0.1.2 through 0.1.2-R2 allows remote authenticated users with local IRC operator privileges to obtain global IRC operator privileges by using the unofficial umode command with the +ORD argument. network the-ignition-project | 6.0 |