Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2004-12-31 | CVE-2004-2332 | HTML Injection vulnerability in Cpan WWW Form 1.12 Multiple cross-site scripting (XSS) vulnerabilities in CPAN WWW::Form before 1.13 allow remote attackers to inject arbitrary web script or HTML via unknown vectors. network cpan | 4.3 |
2004-12-31 | CVE-2004-2331 | Unsafe Reflection vulnerability in Macromedia Coldfusion 6.1 ColdFusion MX 6.1 and 6.1 J2EE allows local users to bypass sandbox security restrictions and obtain sensitive information by using Java reflection methods to access trusted Java objects without using the CreateObject function or cfobject tag. | 5.5 |
2004-12-31 | CVE-2004-2330 | Denial of Service vulnerability in Macromedia Coldfusion 6.1 ColdFusion MX 6.1 and 6.1 J2EE allows remote attackers to cause a denial of service via an HTTP request containing a large number of form fields. | 5.0 |
2004-12-31 | CVE-2004-2329 | Local Privilege Escalation vulnerability in Kerio Personal Firewall 2.1.5 Kerio Personal Firewall (KPF) 2.1.5 allows local users to execute arbitrary code with SYSTEM privileges via the Load button in the Firewall Configuration Files option, which does not drop privileges before opening the file loading dialog box. | 7.2 |
2004-12-31 | CVE-2004-2328 | Denial Of Service vulnerability in Clearswift MAILsweeper For SMTP RAR Archive Clearswift MAILsweeper for SMTP before 4.3_13 allows remote attackers to cause a denial of service (infinite loop) via an e-mail with a crafted RAR archive attached. | 5.0 |
2004-12-31 | CVE-2004-2327 | Remote Denial of Service vulnerability in Vizer web Server Vizer web Server 1.9.1 Vizer Web Server 1.9.1 allows remote attackers to cause a denial of service (crash) via multiple malformed requests including (1) requests without GET, (2) GET requests without HTTP, (3) or long GET requests. | 5.0 |
2004-12-31 | CVE-2004-2326 | SQL Injection vulnerability in IP3 Networks products SQL injection vulnerability in IP3 Networks NetAccess Appliance before firmware 3.1.18b13 allows remote attackers to bypass authentication via the (1) login or (2) password. | 7.5 |
2004-12-31 | CVE-2004-2325 | Multiple vulnerability in DotNetNuke Cross-site scripting (XSS) vulnerability in EditModule.aspx for DotNetNuke (formerly IBuySpy Workshop) 1.0.6 through 1.0.10d allows remote attackers to inject arbitrary web script or HTML. network dotnetnuke | 4.3 |
2004-12-31 | CVE-2004-2324 | Multiple vulnerability in DotNetNuke SQL injection vulnerability in DotNetNuke (formerly IBuySpy Workshop) 1.0.6 through 1.0.10d allows remote attackers to modify the backend database via the (1) table and (2) field parameters in LinkClick.aspx. | 7.5 |
2004-12-31 | CVE-2004-2323 | Multiple vulnerability in DotNetNuke DotNetNuke (formerly IBuySpy Workshop) 1.0.6 through 1.0.10d allows remote attackers to obtain sensitive information, including the SQL server username and password, via a GET request for source or configuration files such as Web.config. | 5.0 |