Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2004-12-31 | CVE-2004-2204 | Unspecified vulnerability in Macromedia Coldfusion 6.0/6.1 Macromedia ColdFusion MX 6.0 and 6.1 application server, when running with the CreateObject function or CFOBJECT tag enabled, allows local users to conduct unauthorized activities and obtain administrative passwords by creating CFML scripts that use CreateObject or CFOBJECT. | 7.2 |
2004-12-31 | CVE-2004-2203 | Unspecified vulnerability in Ansel Ansel 1.2 through 2.0 uses insecure default permissions, which allows remote attackers to gain access to web readable directories. | 7.5 |
2004-12-31 | CVE-2004-2202 | Remote vulnerability in Duware Duclassified 4.0/4.1/4.2 Multiple SQL injection vulnerabilities in DUware DUclassified 4.0 through 4.2 allows remote attackers to bypass authentication and execute other commands on the server's underlying database via the (1) cat_id or (2) sub_id parameters in adDetail.asp, or (2) the password parameter in the login form. | 7.5 |
2004-12-31 | CVE-2004-2201 | Remote vulnerability in DUware Software SQL injection vulnerability in DUware DUforum 3.0 through 3.1 allows remote attackers to execute arbitrary SQL commands via the FOR_ID parameter in messages.asp, (2) MSG_ID parameter in messageDetail.asp, or (3) password parameter in the login form. | 7.5 |
2004-12-31 | CVE-2004-2200 | Remote vulnerability in DUware Software Cross-site scripting (XSS) vulnerability in DUware DUforum 3.0 through 3.1 allows remote attackers to inject arbitrary web script or HTML via via the message text. network duware | 4.3 |
2004-12-31 | CVE-2004-2199 | Remote vulnerability in Duware Duclassified 4.0 Cross-site scripting (XSS) vulnerability in DUware DUclassified 4.0 allows remote attackers to inject arbitrary web script or HTML via the message text. network duware | 4.3 |
2004-12-31 | CVE-2004-2198 | Remote vulnerability in DUware Software account.asp in DUware DUclassmate 1.0 through 1.1 allows remote attackers to change the passwords for arbitrary users by modifying the MM_recordId parameter on the "My Account" page. | 6.4 |
2004-12-31 | CVE-2004-2197 | Unspecified vulnerability in KDocker kdocker.cpp in kdocker 0.1 through 0.8 does not properly check the ownership of files, which could allow local users to execute arbitrary programs. | 7.2 |
2004-12-31 | CVE-2004-2196 | Remote Security vulnerability in Zanfi Solutions Zanfi CMS Lite 1.1 Zanfi CMS lite 1.1 allows remote attackers to obtain the full path of the web server via direct requests without required arguments to (1) adm_pages.php, (2) corr_pages.php, (3) del_block.php, (4) del_page.php, (5) footer.php, (6) home.php, and others. | 5.0 |
2004-12-31 | CVE-2004-2195 | Remote File Include vulnerability in Zanfi Solutions Zanfi CMS Lite 1.1 PHP remote file inclusion vulnerability in index.php in Zanfi CMS lite 1.1 allows remote attackers to execute arbitrary PHP code via the inc parameter. | 5.0 |