Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-12-31 | CVE-2004-2109 | Cross-Site Scripting vulnerability in QuadComm Q-Shop Multiple cross-site scripting (XSS) vulnerabilities in (1) imagezoom.asp or (2) recommend.asp in Q-Shop allow remote attackers to execute arbitrary script and steal the user session ID via Javascript in a URL. network quadcomm | 6.8 |
| 2004-12-31 | CVE-2004-2108 | SQL Injection vulnerability in QuadComm Q-Shop Multiple SQL injection vulnerabilities in QuadComm Q-Shop allow remote attackers to execute arbitrary SQL commands via certain parameters to (1) search.asp, (2) browse.asp, (3) details.asp, (4) showcat.asp, (5) users.asp, (6) addtomylist.asp, (7) modline.asp, (8) cart.asp, or (9) newuser.asp. | 7.5 |
| 2004-12-31 | CVE-2004-2107 | Unspecified vulnerability in Finjan Software Surfingate Finjan SurfinGate 6.0 and 7.0, when running in proxy mode, does not authenticate FHTTP commands on TCP port 3141, which allows remote attackers to use the finjan-parameter-type header to (1) restart the service, (2) use the getlastmsg command to view log information, or (3) use the online command to force a policy update from the database server. | 7.5 |
| 2004-12-31 | CVE-2004-2106 | Remote Security vulnerability in Novell Netware 5.1/6.0 Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote attackers to list directories via a direct request to (1) /com/, (2) /com/novell/, (3) /com/novell/webaccess, or (4) /ns-icons/. | 5.0 |
| 2004-12-31 | CVE-2004-2105 | Remote Security vulnerability in Novell Netware 5.1/6.0 The webacc servlet in Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote attackers to read arbitrary .htt files via a full pathname in the error parameter. | 5.0 |
| 2004-12-31 | CVE-2004-2104 | Multiple vulnerability in Novell Netware 5.1/6.0 Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote attackers to obtain sensitive server information, including the internal IP address, via a direct request to (1) snoop.jsp, (2) SnoopServlet, (3) env.bas, or (4) lcgitest.nlm. | 5.0 |
| 2004-12-31 | CVE-2004-2103 | Cross-Site Scripting vulnerability in Novell Netware 5.1/6.0 Cross-site scripting (XSS) vulnerability in Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote attackers to process arbitrary script or HTML as other users via (1) a malformed request for a Perl program with script in the filename, (2) the User.id parameter to the webacc servlet, (3) the GWAP.version parameter to webacc, or (4) a URL request for a .bas file with script in the filename. network novell | 4.3 |
| 2004-12-31 | CVE-2004-2102 | Cross-Site Scripting vulnerability in FREESCO Cross-site scripting (XSS) vulnerability in FREESCO 2.05, a modified version of thttpd, allows remote attackers to inject arbitrary web script or HTML via the test parameter. network freesco | 4.3 |
| 2004-12-31 | CVE-2004-2101 | Denial-Of-Service vulnerability in Geohttpserver The sysinfo script in GeoHttpServer allows remote attackers to cause a denial of service (crash) via a long pwd parameter, possibly triggering a buffer overflow. | 5.0 |
| 2004-12-31 | CVE-2004-2100 | Security Bypass vulnerability in Geohttpserver GeoHttpServer, when configured to authenticate users, allows remote attackers to bypass authentication and access unauthorized files via a URL that contains %0a%0a (encoded newlines). | 5.0 |