Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-12-31 | CVE-2004-2401 | Buffer Overrun vulnerability in Ipswitch Imail Express 8.03 Stack-based buffer overflow in Ipswitch IMail Express Web Messaging before 8.05 might allow remote attackers to execute arbitrary code via an HTML message with long "tag text." | 7.5 |
| 2004-12-31 | CVE-2004-2400 | Unspecified vulnerability in Winftp Server Winftp Server 1.6 WinFTP Server 1.6 stores username and password credentials in plaintext in the data\user.wfd file, which allows local users to gain access to the credentials. | 2.1 |
| 2004-12-31 | CVE-2004-2399 | Denial-Of-Service vulnerability in Securecomputing Sidewinder G2 6.1.0.01 Secure Computing Corporation Sidewinder G2 6.1.0.01 allows remote attackers to cause a denial of service (CPU consumption) via delayed responses to DNS queries. | 5.0 |
| 2004-12-31 | CVE-2004-2398 | Unspecified vulnerability in Netenberg Fantastico DE Luxe 2.8 Netenberg Fantastico De Luxe 2.8 uses database file names that contain the associated usernames, which allows local users to determine valid usernames and conduct brute force attacks by reading the file names from /var/lib/mysql, which is assigned world-readable permissions by cPanel 9.3.0 R5. | 2.1 |
| 2004-12-31 | CVE-2004-2397 | Cleartext Storage of Sensitive Information vulnerability in Broadcom Bluecoat Security Gateway The web-based Management Console in Blue Coat Security Gateway OS 3.0 through 3.1.3.13 and 3.2.1, when importing a private key, stores the key and its passphrase in plaintext in a log file, which allows attackers to steal digital certificates. | 7.5 |
| 2004-12-31 | CVE-2004-2396 | passwd 0.68 does not check the return code for the pam_start function, which has unknown impact and attack vectors that may prevent "safe and proper operation" of PAM. | 7.2 |
| 2004-12-31 | CVE-2004-2395 | Unspecified vulnerability in Mandrakesoft products Memory leak in passwd 0.68 allows local users to cause a denial of service (memory consumption) via a large number of failed read attempts from the password buffer. | 2.1 |
| 2004-12-31 | CVE-2004-2394 | Unspecified vulnerability in Mandrakesoft products Off-by-one error in passwd 0.68 and earlier, when using the --stdin option, causes passwd to use the first 78 characters of a password instead of the first 79, which results in a small reduction of the search space required for brute force attacks. | 2.1 |
| 2004-12-31 | CVE-2004-2393 | Unspecified vulnerability in SUN Jsse 1.0.3/1.0.301/1.0.302 Java Secure Socket Extension (JSSE) 1.0.3 through 1.0.3_2 does not properly validate the certificate chain of a client or server, which allows remote attackers to falsely authenticate peers for SSL/TLS. | 7.5 |
| 2004-12-31 | CVE-2004-2392 | Multiple Unspecified vulnerability in Mandrakesoft Mandrake Linux and Mandrake Linux Corporate Server libuser 0.51.7 allows attackers to cause a denial of service (crash or disk consumption) via unknown attack vectors, related to read failures and other bugs. | 5.0 |