Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-12-31 | CVE-2004-2412 | SQL Injection vulnerability in Virtual Programming VP-ASP Shopping Cart CatalogID Multiple SQL injection vulnerabilities in VP-ASP Shopping Cart 4.0 through 5.0 allow remote attackers to execute arbitrary SQL commands via the catalogid parameter in (1) shopreviewlist.asp and (2) shopreviewadd.asp. | 7.5 |
| 2004-12-31 | CVE-2004-2411 | Cross-Site Scripting vulnerability in Virtual Programming VP-ASP Shopping Cart Shop$DB.Asp 4.0/4.50/5.0 The CleanseMessage function in shop$db.asp for VP-ASP Shopping Cart 4.0 through 5.0 does not sufficiently cleanse inputs, which allows remote attackers to conduct cross-site scripting (XSS) attacks that do not use <script> tags, as demonstrated via javascript in IMG tags to (1) the cat parameter in shopdisplayproducts.asp or (2) the msg parameter in shoperror.asp, and possibly other vectors. network virtual-programming | 4.3 |
| 2004-12-31 | CVE-2004-2410 | Denial-Of-Service vulnerability in Samhain Unknown vulnerability in sh_hash_compdata for Samhain 1.8.9 through 2.0.1 might allow attackers to cause a denial of service (null pointer dereference). | 2.1 |
| 2004-12-31 | CVE-2004-2409 | Local Heap Overflow vulnerability in Samhain Labs Samhain Database Update Buffer overflow in the sh_hash_compdata function for Samhain 1.8.9 through 2.0.1, when running in update mode ("-t update"), might allow attackers to execute arbitrary code. | 7.2 |
| 2004-12-31 | CVE-2004-2408 | Unspecified vulnerability in Vserver Linux-Vserver Linux VServer 1.27 and earlier, 1.3.9 and earlier, and 1.9.1 and earlier shares /proc permissions across all virtual and host servers, which allows local users with the ability to set permissions in /proc to obtain system information or cause a denial of service on other virtual servers or the host server. | 3.6 |
| 2004-12-31 | CVE-2004-2407 | Remote Security vulnerability in Phpgroupware Unknown vulnerability in phpGroupWare before 0.9.14.002 has unknown attack vectors and impact, related to a "security hole" in the Setup/Config functionality. | 10.0 |
| 2004-12-31 | CVE-2004-2406 | Remote Security vulnerability in Phpgroupware Unknown "overflow" in the phpgw_config table for phpGroupWare before 0.9.14.002 has unknown attack vectors and impact. | 10.0 |
| 2004-12-31 | CVE-2004-2405 | Denial-Of-Service vulnerability in F-Secure Anti-Virus Buffer overflow in multiple F-Secure Anti-Virus products, including F-Secure Anti-Virus 5.42 and earlier, allows remote attackers to bypass scanning or cause a denial of service (crash or module restart), depending on the product, via a malformed LHA archive. | 6.4 |
| 2004-12-31 | CVE-2004-2403 | Unspecified vulnerability in Yabb Cross-site request forgery (CSRF) vulnerability in YaBB 1 GOLD SP 1.3.2 allows remote attackers to perform unauthorized actions as the administrative user via a link or IMG tag to YaBB.pl that specifies the desired action, id, and moda parameters. | 10.0 |
| 2004-12-31 | CVE-2004-2402 | Cross-Site Scripting vulnerability in YaBB YaBB.pl IMSend Cross-site scripting (XSS) vulnerability in YaBB.pl in YaBB 1 GOLD SP 1.3.2 allows remote attackers to inject arbitrary web script or HTML via a hex-encoded to parameter. network yabb | 4.3 |