Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-12-31 | CVE-2004-2125 | Local Buffer Overrun vulnerability in Internet Security Systems BlackICE PC Protection blackd.exe Buffer overflow in blackd.exe for BlackICE PC Protection 3.6 and other versions before 3.6.ccb, with application protection off, allows local users to gain system privileges by modifying the .INI file to contain a long packetLog.fileprefix value. | 4.6 |
| 2004-12-31 | CVE-2004-2124 | Remote Global Variable Injection vulnerability in Gallery The register_globals simulation capability in Gallery 1.3.1 through 1.4.1 allows remote attackers to modify the HTTP_POST_VARS variable and conduct a PHP remote file inclusion attack via the GALLERY_BASEDIR parameter, a different vulnerability than CVE-2002-1412. | 5.0 |
| 2004-12-31 | CVE-2004-2123 | Cross-Site Scripting vulnerability in E-Commerce Asp Engine Multiple cross-site scripting (XSS) vulnerabilities in Nextplace.com E-Commerce ASP Engine allow remote attackers to inject arbitrary web script or HTML via the (1) level parameter of productdetail.asp, (2) searchKey parameter of searchresults.asp, and possibly (3) level parameter of ListCategories.asp. network nextplace | 4.3 |
| 2004-12-31 | CVE-2004-2121 | Directory Traversal vulnerability in Borland Webserver for Corel Paradox Multiple directory traversal vulnerabilities in Borland Web Server (BWS) 1.0b3 and earlier allow remote attackers to read and download arbitrary files via (1) multi-dot "......" sequences, or (2) "%5c%2e%2e" (encoded "\..") sequences, in the URL. | 5.0 |
| 2004-12-31 | CVE-2004-2115 | Cross-Site Scripting vulnerability in Oracle Http Server 8.1.7/9.0.1/9.2.0 Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP Server 1.3.22, based on Apache, allow remote attackers to execute arbitrary script as other users via the (1) action, (2) username, or (3) password parameters in an isqlplus request. network oracle | 6.8 |
| 2004-12-31 | CVE-2004-2114 | Stack and Heap Overflow vulnerability in Internetnow Proxynow 2.6/2.75 Stack-based and heap-based buffer overflows in ProxyNow! 2.75 and earlier allow remote attackers to execute arbitrary code via a GET request with a long ftp:// URL. | 10.0 |
| 2004-12-31 | CVE-2004-2113 | Cross-Site Scripting vulnerability in Herberlin Bremsserver 1.2.4 Cross-site scripting (XSS) vulnerability in BremsServer 1.2.4 allows remote attackers to inject arbitrary web script or HTML via the URL. network herberlin | 4.3 |
| 2004-12-31 | CVE-2004-2112 | Directory Traversal vulnerability in Herberlin Bremsserver 1.2.4 Directory traversal vulnerability in BremsServer 1.2.4 allows remote attackers to read arbitrary files via ".." (dot dot) sequences in the URL. | 5.0 |
| 2004-12-31 | CVE-2004-2111 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Solarwinds Serv-U File Server Stack-based buffer overflow in the site chmod command in Serv-U FTP Server before 4.2 allows remote attackers to execute arbitrary code via a long filename. | 8.5 |
| 2004-12-31 | CVE-2004-2110 | SQL-Injection vulnerability in Phorum SQL injection vulnerability in register.php in Phorum before 3.4.6 allows remote attackers to execute arbitrary SQL commands via the hide_email parameter. | 7.5 |