Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-12-31 | CVE-2004-2552 | Local Security vulnerability in Xboard Buffer overflow in XBoard 4.2.7 and earlier might allow local users to execute arbitrary code via a long -icshost command line argument. | 4.6 |
| 2004-12-31 | CVE-2004-2551 | SQL Injection vulnerability in Layton Technology Helpbox 3.0.1 Multiple SQL injection vulnerabilities in Layton HelpBox 3.0.1 allow remote attackers to execute arbitrary SQL commands via (1) the sys_comment_id parameter in editcommentenduser.asp, (2) the sys_suspend_id parameter in editsuspensionuser.asp, (3) the table parameter in export_data.asp, (4) the sys_analgroup parameter in manageanalgrouppreference.asp, (5) the sys_asset_id parameter in quickinfoassetrequests.asp, (6) the sys_eusername parameter in quickinfoenduserrequests.asp, and the sys_request_id parameter in (7) requestauditlog.asp, (8) requestcommentsenduser.asp, (9) selectrequestapplytemplate.asp, and (10) selectrequestlink.asp, resulting in an ability to create a new HelpBox user account and read, modify, or delete data from the backend database. | 7.5 |
| 2004-12-31 | CVE-2004-2550 | Undisclosed Cross-Site Scripting vulnerability in SandSurfer Multiple cross-site scripting (XSS) vulnerabilities in unspecified Perl scripts in SandSurfer before 1.7.1 allow remote attackers to inject arbitrary web script or HTML, which is later executed by a target who views reports containing the injected data. network xperience | 4.3 |
| 2004-12-31 | CVE-2004-2549 | Denial Of Service vulnerability in Nortel products Nortel Wireless LAN (WLAN) Access Point (AP) 2220, 2221, and 2225 allow remote attackers to cause a denial of service (service crash) via a TCP request with a large string, followed by 8 newline characters, to (1) the Telnet service on TCP port 23 and (2) the HTTP service on TCP port 80, possibly due to a buffer overflow. | 5.0 |
| 2004-12-31 | CVE-2004-2548 | Input Validation vulnerability in Netwin Surgemail and Webmail Multiple cross-site scripting (XSS) vulnerabilities in NetWin (1) SurgeMail before 2.0c and (2) WebMail allow remote attackers to inject arbitrary web script or HTML via (a) a URI containing the script, or (b) the username field in the login form. network netwin | 4.3 |
| 2004-12-31 | CVE-2004-2547 | Input Validation vulnerability in Netwin Surgemail and Webmail NetWin (1) SurgeMail before 2.0c and (2) WebMail allow remote attackers to obtain sensitive information via HTTP requests that (a) specify the / URI, (b) specify the /scripts/ URI, or (c) specify a non-existent file, which reveal the path in an error message. | 2.6 |
| 2004-12-31 | CVE-2004-2546 | Denial-Of-Service vulnerability in Samba Multiple memory leaks in Samba before 3.0.6 allow attackers to cause a denial of service (memory consumption). | 6.4 |
| 2004-12-31 | CVE-2004-2545 | Denial-Of-Service vulnerability in Securecomputing Sidewinder G2 6.1.0.01 Secure Computing Corporation Sidewinder G2 6.1.0.01 allows remote attackers to cause a denial of service (SMTP proxy failure) via unknown attack vendors involving an "extremely busy network." NOTE: this might not be a vulnerability because the embedded monitoring sub-system automatically restarts after the failure. | 5.0 |
| 2004-12-31 | CVE-2004-2544 | Information Disclosure vulnerability in Securecomputing Sidewinder G2 6.1.0.01 Admin Console in Secure Computing Corporation Sidewinder G2 6.1.0.01 exports private keys when exporting firewall certificates, which might allow attackers to obtain sensitive information. | 2.1 |
| 2004-12-31 | CVE-2004-2543 | Denial-Of-Service vulnerability in Securecomputing Sidewinder G2 6.1.0.01 Secure Computing Corporation Sidewinder G2 6.1.0.01 might allow remote attackers to cause a denial of service (proxy failure) via invalid traffic to the (1) T.120 or (2) RTSP proxy, or (3) invalid MIME messages to the mail filter. | 5.0 |