Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-12-31 | CVE-2004-2433 | Remote Buffer Overflow vulnerability in Altnet ADM ActiveX Control Buffer overflow in the IsValidFile function in the ADM ActiveX control for Altnet Download Manager 4.0.0.4 and earlier, as used in Kazaa Media Desktop 1.3 through 2.6.4 and Grokkster 1.3 through 2.6, allows remote attackers to execute arbitrary code via a long bstrFilepath parameter. | 7.5 |
| 2004-12-31 | CVE-2004-2432 | Remote Buffer Overrun vulnerability in WinAgents TFTP Server WinAgents TFTP Server 3.0 allows remote attackers to cause a denial of service (crash) via a request for a file with a long file name, possibly due to an off-by-one buffer overflow. | 5.0 |
| 2004-12-31 | CVE-2004-2431 | Authentication Bypass vulnerability in ignitionServer Server Link Service Unknown vulnerability in The Ignition Project ignitionServer 0.1.2 through 0.3.1, with the linking service enabled, allows remote attackers to bypass authentication. | 7.5 |
| 2004-12-31 | CVE-2004-2430 | Local Privilege Escalation vulnerability in Trend Micro OfficeScan Trend OfficeScan Corporate Edition 5.58 and possibly earler does not drop privileges when opening a help window from a virus detection pop-up window, which allows local users to gain SYSTEM privileges. | 7.2 |
| 2004-12-31 | CVE-2004-2429 | Buffer Overflow vulnerability in Spamguard Multiple stack-based and heap-based buffer overflows in EnderUNIX spamGuard before 1.7-BETA allow remote attackers to execute arbitrary code via the (1) qmail_parseline and (2) sendmail_parseline functions in parser.c, (3) loadconfig and (4) removespaces functions in loadconfig.c, and possibly (5) unspecified functions in functions.c. | 7.5 |
| 2004-12-31 | CVE-2004-2428 | Information Disclosure vulnerability in Abczone.It Wwwguestbook 1.1 Abczone.it WWWguestbook 1.1 stores db/dbase.mdb under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as the plaintext username and password. | 5.0 |
| 2004-12-31 | CVE-2004-2427 | Denial-Of-Service vulnerability in 2420 Video Server Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to obtain sensitive information via direct requests to (1) admin/getparam.cgi, (2) admin/systemlog.cgi, (3) admin/serverreport.cgi, and (4) admin/paramlist.cgi, modify system information via (5) setparam.cgi and (6) factorydefault.cgi, or (7) cause a denial of service (reboot) via restart.cgi. | 10.0 |
| 2004-12-31 | CVE-2004-2426 | Multiple vulnerability in Axis Network Camera And Video Server Directory traversal vulnerability in Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to bypass authentication via a .. | 5.0 |
| 2004-12-31 | CVE-2004-2425 | Multiple vulnerability in Axis Network Camera And Video Server Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to execute arbitrary commands via accent (`) and possibly other shell metacharacters in the query string to virtualinput.cgi. | 7.5 |
| 2004-12-31 | CVE-2004-2424 | Remote Denial of Service vulnerability in BEA Weblogic Server 8.1 BEA WebLogic Server and WebLogic Express 8.1 through 8.1 SP2 allow remote attackers to cause a denial of service (network port consumption) via unknown actions in HTTPS sessions, which prevents the server from releasing the network port when the session ends. | 5.0 |