Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-12-31 | CVE-2004-2148 | Local vulnerability in Slava Astashonok Fprobe Unknown local vulnerability in the "change user" feature of Slava Astashonok Fprobe 1.0.5 and earlier has unknown impact and attack vectors. | 7.2 |
| 2004-12-31 | CVE-2004-2147 | Denial Of Service vulnerability in Symantec Norton AntiVirus Malformed EMail Unknown versions of Symantec Norton AntiVirus and Microsoft Outlook allow attackers to cause a denial of service (crash) via malformed e-mail messages (1) without a body or (2) without a carriage return ("\n") separating the headers from the body. | 5.0 |
| 2004-12-31 | CVE-2004-2146 | Remote Security vulnerability in Megabbs 2/2.1 CRLF injection vulnerability in PD9 Software MegaBBS 2 and 2.1 allows attackers to conduct HTTP response splitting attacks via the fid parameter in a writenew action to thread-post.asp. | 5.0 |
| 2004-12-31 | CVE-2004-2145 | SQL-Injection vulnerability in Megabbs 2/2.1 SQL injection vulnerability in PD9 Software MegaBBS 2 and 2.1 allows remote attackers to execute arbitrary SQL commands via the (1) sortdir or (2) criteria parameter to ladder-log.asp or the (3) memberid or (4) teamid parameter to view-profile.asp. | 7.5 |
| 2004-12-31 | CVE-2004-2143 | SQL Injection vulnerability in ReMOSitory SQL injection vulnerability in the ReMOSitory Server add-on module to Mambo Portal 4.5.1 (1.09) and earlier allows remote attackers to execute arbitrary SQL commands via the filecatid parameter in the com_remository option. | 7.5 |
| 2004-12-31 | CVE-2004-2142 | Remote Security vulnerability in SDD 1.28/1.31 Unknown vulnerability in the remote tape support (remote.c) in the RMT client for Jorg Schilling sdd 1.28 and 1.31 has unknown impact and attack vectors. | 10.0 |
| 2004-12-31 | CVE-2004-2137 | Information Disclosure vulnerability in Microsoft Outlook Express 6.0 Outlook Express 6.0, when sending multipart e-mail messages using the "Break apart messages larger than" setting, leaks the BCC recipients of the message to the addresses listed in the To and CC fields, which may allow remote attackers to obtain sensitive information. | 5.0 |
| 2004-12-31 | CVE-2004-2129 | Remote HTTP GET Request Denial Of Service vulnerability in Loom Software SurfNow SurfNOW 2.2 allows remote attackers to cause a denial of service (crash) via a series of long HTTP GET requests, possibly triggering a buffer overflow. | 5.0 |
| 2004-12-31 | CVE-2004-2128 | Cross-Site Scripting vulnerability in BRS WebWeaver Cross-site scripting (XSS) vulnerability in BRS WebWeaver 1.07 allows remote attackers to execute arbitrary script as other users via the query string to ISAPISkeleton.dll. network brs | 6.8 |
| 2004-12-31 | CVE-2004-2126 | Unspecified vulnerability in ISS Blackice PC Protection The upgrade for BlackICE PC Protection 3.6 and earlier sets insecure permissions for .INI files such as (1) blackice.ini, (2) firewall.ini, (3) protect.ini, or (4) sigs.ini, which allows local users to modify BlackICE configuration or possibly execute arbitrary code by exploiting vulnerabilities in the .INI parsers. | 4.6 |