Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-12-31 | CVE-2004-2532 | Credentials Management vulnerability in Solarwinds Serv-U File Server Serv-U FTP server before 5.1.0.0 has a default account and password for local administration, which allows local users to execute arbitrary commands by connecting to the server using the default administrator account, creating a new user, logging in as that new user, and then using the SITE EXEC command. | 10.0 |
| 2004-12-31 | CVE-2004-2531 | Denial Of Service vulnerability in GNU Gnutls 1.0.16 X.509 Certificate Signature Verification in Gnu transport layer security library (GnuTLS) 1.0.16 allows remote attackers to cause a denial of service (CPU consumption) via certificates containing long chains and signed with large RSA keys. | 7.8 |
| 2004-12-31 | CVE-2004-2530 | Visual truncation vulnerability in Gadu-Gadu allows remote attackers to spoof the file extension on transmitted files via a filename with a large number of spaces followed by the real extension, which is not displayed in the dialog box. | 2.6 |
| 2004-12-31 | CVE-2004-2529 | Remote vulnerability in Gadu-Gadu Gadu-Gadu allows remote attackers to bypass the "image send" option by sending a very small image file, which could be used in conjunction with image-related vulnerabilities. | 5.0 |
| 2004-12-31 | CVE-2004-2528 | Cross-Site Scripting vulnerability in Webcam Corp Webcam Watchdog 4.0.1A Cross-site scripting (XSS) vulnerability in sresult.exe in Webcam Watchdog 4.0.1a allows remote attackers to inject arbitrary web script or HTML via the cam parameter. network webcam-corp | 4.3 |
| 2004-12-31 | CVE-2004-2527 | The local and remote desktop login screens in Microsoft Windows XP before SP2 and 2003 allow remote attackers to cause a denial of service (CPU and memory consumption) by repeatedly using the WinKey+"U" key combination, which causes multiple copies of Windows Utility Manager to be loaded more quickly than they can be closed when the copies detect that another instance is running. | 5.4 |
| 2004-12-31 | CVE-2004-2526 | Directory Traversal vulnerability in IBM Tivoli Directory Server LDACGI Directory traversal vulnerability in ldacgi.exe in IBM Tivoli Directory Server 4.1 and earlier allows remote attackers to view arbitrary files via a .. | 5.0 |
| 2004-12-31 | CVE-2004-2525 | Remote Cross-Site Scripting vulnerability in S9Y Serendipity Cross-site scripting (XSS) vulnerability in compat.php in Serendipity before 0.7.1 allows remote attackers to inject arbitrary web script or HTML via the searchTerm variable. network s9y | 4.3 |
| 2004-12-31 | CVE-2004-2524 | Information Disclosure vulnerability in WHM Autopilot WHM Autopilot 2.4.5 clogin.php in Benchmark Designs' WHM AutoPilot 2.4.5 and earlier allows remote attackers to obtain plaintext username and password credentials by using the clogin_e and base64_encode functions to encode the desired user ID in the c parameter, then read the plaintext values in the resulting form. | 5.0 |
| 2004-12-31 | CVE-2004-2523 | Remote Message Format String vulnerability in Openftpd FTP Server 0.29.4/0.30/0.30.1 Format string vulnerability in the msg command (cat_message function in msg.c) in OpenFTPD 0.30.2 and earlier allows remote authenticated users to execute arbitrary code via format string specifiers in the message argument. | 6.5 |