Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2004-12-31 | CVE-2004-2563 | Remote Authentication Bypass vulnerability in Serena Software Serena Teamtrack 6.1.1 Serena TeamTrack 6.1.1 allows remote attackers to obtain sensitive information such as user names, versions, and database information, and conduct cross-site scripting (XSS) attacks, via a direct request to tmtrack.dll with modified LoginPage and Template parameters. network serena-software | 5.8 |
2004-12-31 | CVE-2004-2557 | Unspecified vulnerability in Netgear Wg602 1.7.14 NetGear WG602 (aka WG602v1) Wireless Access Point 1.7.14 has a hardcoded account of username "superman" and password "21241036", which allows remote attackers to modify the configuration. | 5.0 |
2004-12-31 | CVE-2004-2556 | Unspecified vulnerability in Netgear Wg602 1.04.0/1.5.67 NetGear WG602 (aka WG602v1) Wireless Access Point firmware 1.04.0 and 1.5.67 has a hardcoded account of username "super" and password "5777364", which allows remote attackers to modify the configuration. | 5.0 |
2004-12-31 | CVE-2004-2553 | Privilege Escalation vulnerability in the Ignition Project Ignitionserver 0.1.2/0.1.2R1/0.1.2R2 The Ignition Project ignitionServer 0.1.2 through 0.1.2-R2 allows remote authenticated users with local IRC operator privileges to obtain global IRC operator privileges by using the unofficial umode command with the +ORD argument. network the-ignition-project | 6.0 |
2004-12-31 | CVE-2004-2552 | Local Security vulnerability in Xboard Buffer overflow in XBoard 4.2.7 and earlier might allow local users to execute arbitrary code via a long -icshost command line argument. | 4.6 |
2004-12-31 | CVE-2004-2550 | Undisclosed Cross-Site Scripting vulnerability in SandSurfer Multiple cross-site scripting (XSS) vulnerabilities in unspecified Perl scripts in SandSurfer before 1.7.1 allow remote attackers to inject arbitrary web script or HTML, which is later executed by a target who views reports containing the injected data. network xperience | 4.3 |
2004-12-31 | CVE-2004-2549 | Denial Of Service vulnerability in Nortel products Nortel Wireless LAN (WLAN) Access Point (AP) 2220, 2221, and 2225 allow remote attackers to cause a denial of service (service crash) via a TCP request with a large string, followed by 8 newline characters, to (1) the Telnet service on TCP port 23 and (2) the HTTP service on TCP port 80, possibly due to a buffer overflow. | 5.0 |
2004-12-31 | CVE-2004-2548 | Input Validation vulnerability in Netwin Surgemail and Webmail Multiple cross-site scripting (XSS) vulnerabilities in NetWin (1) SurgeMail before 2.0c and (2) WebMail allow remote attackers to inject arbitrary web script or HTML via (a) a URI containing the script, or (b) the username field in the login form. network netwin | 4.3 |
2004-12-31 | CVE-2004-2546 | Denial-Of-Service vulnerability in Samba Multiple memory leaks in Samba before 3.0.6 allow attackers to cause a denial of service (memory consumption). | 6.4 |
2004-12-31 | CVE-2004-2545 | Denial-Of-Service vulnerability in Securecomputing Sidewinder G2 6.1.0.01 Secure Computing Corporation Sidewinder G2 6.1.0.01 allows remote attackers to cause a denial of service (SMTP proxy failure) via unknown attack vendors involving an "extremely busy network." NOTE: this might not be a vulnerability because the embedded monitoring sub-system automatically restarts after the failure. | 5.0 |