Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-12-31 | CVE-2004-2323 | Multiple vulnerability in DotNetNuke DotNetNuke (formerly IBuySpy Workshop) 1.0.6 through 1.0.10d allows remote attackers to obtain sensitive information, including the SQL server username and password, via a GET request for source or configuration files such as Web.config. | 5.0 |
| 2004-12-31 | CVE-2004-2322 | SQL-Injection vulnerability in Phpwebsite SQL injection vulnerability in the (1) announce and (2) notes modules of phpWebSite before 0.9.3-2 allows remote attackers to execute arbitrary SQL queries, as demonstrated using the ANN_id parameter to the announce module. | 7.5 |
| 2004-12-31 | CVE-2004-2321 | Unspecified vulnerability in BEA Weblogic Server 8.1 BEA WebLogic Server and Express 8.1 SP1 and earlier allows local users in the Operator role to obtain administrator passwords via MBean attributes, including (1) ServerStartMBean.Password and (2) NodeManagerMBean.CertificatePassword. | 2.1 |
| 2004-12-31 | CVE-2004-2320 | Information Exposure vulnerability in BEA Weblogic Server The default configuration of BEA WebLogic Server and Express 8.1 SP2 and earlier, 7.0 SP4 and earlier, 6.1 through SP6, and 5.1 through SP13 responds to the HTTP TRACE request, which can allow remote attackers to steal information using cross-site tracing (XST) attacks in applications that are vulnerable to cross-site scripting. | 5.8 |
| 2004-12-31 | CVE-2004-2319 | Local Privilege Escalation vulnerability in IBM products IBM Informix Dynamic Server (IDS) before 9.40.xC3 allows local users to (1) create or overwrite files via the /001 log file to onedcu or (2) read arbitrary files via a symlink attack on a file in /tmp to onshowaudit. | 3.6 |
| 2004-12-31 | CVE-2004-2318 | Denial Of Service vulnerability in SurgeFTP Surgeftpmgr.CGI The administrative interface (surgeftpmgr.cgi) for SurgeFTP Server 1.0b through 2.2k1 allows remote attackers to cause a temporary denial of service (crash) via requests with two percent (%) signs in the CMD parameter. | 5.0 |
| 2004-12-31 | CVE-2004-2317 | Multiple vulnerability in Mbedthis Software AppWeb HTTP Server Information leak in Mbedthis AppWeb HTTP server 1.0 through 1.1.2 allows remote attackers to obtain sensitive information via a user message that is generated when Mbedthis denies access. | 5.0 |
| 2004-12-31 | CVE-2004-2316 | Denial Of Service vulnerability in Mbedthis Software AppWeb HTTP Server Empty Options Request Mbedthis AppWeb HTTP server before 1.0.2 allows remote attackers to cause a denial of service (crash) via a GET request containing an MS-DOS device name such as COM1. | 5.0 |
| 2004-12-31 | CVE-2004-2315 | Denial Of Service vulnerability in Mbedthis Software AppWeb HTTP Server Empty Options Request Mbedthis AppWeb HTTP server before 1.0.2 allows remote attackers to cause a denial of service (crash) via an empty OPTIONS request. | 5.0 |
| 2004-12-31 | CVE-2004-2314 | Remote Security vulnerability in Novell Ichain 2.1/2.2 The Telnet listener for Novell iChain Server before 2.2 Field Patch 3b 2.2.116 does not have a password by default, which allows remote attackers to gain access. | 7.5 |