Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-12-31 | CVE-2004-2565 | Multiple vulnerability in Sambar Server 6.1 Multiple directory traversal vulnerabilities in Sambar Server 6.1 Beta 2 on Windows, and possibly other versions on Linux, when the administrative IP address restrictions have been modified from the default, allow remote authenticated users to read arbitrary files via (1) a "..\" (dot dot backslash) in the file parameter to showini.asp, or (2) an absolute path with drive letter in the log parameter to showlog.asp. | 5.0 |
| 2004-12-31 | CVE-2004-2564 | Multiple vulnerability in Sambar Server 6.1 Multiple cross-site scripting (XSS) vulnerabilities in Sambar Server 6.1 Beta 2 on Windows, and possibly other versions on Linux, allow remote attackers to inject arbitrary web script or HTML via (1) the show parameter in show.asp and (2) the title parameter in showperf.asp. network sambar | 4.3 |
| 2004-12-31 | CVE-2004-2563 | Remote Authentication Bypass vulnerability in Serena Software Serena Teamtrack 6.1.1 Serena TeamTrack 6.1.1 allows remote attackers to obtain sensitive information such as user names, versions, and database information, and conduct cross-site scripting (XSS) attacks, via a direct request to tmtrack.dll with modified LoginPage and Template parameters. network serena-software | 5.8 |
| 2004-12-31 | CVE-2004-2557 | Unspecified vulnerability in Netgear Wg602 1.7.14 NetGear WG602 (aka WG602v1) Wireless Access Point 1.7.14 has a hardcoded account of username "superman" and password "21241036", which allows remote attackers to modify the configuration. | 5.0 |
| 2004-12-31 | CVE-2004-2556 | Unspecified vulnerability in Netgear Wg602 1.04.0/1.5.67 NetGear WG602 (aka WG602v1) Wireless Access Point firmware 1.04.0 and 1.5.67 has a hardcoded account of username "super" and password "5777364", which allows remote attackers to modify the configuration. | 5.0 |
| 2004-12-31 | CVE-2004-2553 | Privilege Escalation vulnerability in the Ignition Project Ignitionserver 0.1.2/0.1.2R1/0.1.2R2 The Ignition Project ignitionServer 0.1.2 through 0.1.2-R2 allows remote authenticated users with local IRC operator privileges to obtain global IRC operator privileges by using the unofficial umode command with the +ORD argument. network the-ignition-project | 6.0 |
| 2004-12-31 | CVE-2004-2552 | Local Security vulnerability in Xboard Buffer overflow in XBoard 4.2.7 and earlier might allow local users to execute arbitrary code via a long -icshost command line argument. | 4.6 |
| 2004-12-31 | CVE-2004-2550 | Undisclosed Cross-Site Scripting vulnerability in SandSurfer Multiple cross-site scripting (XSS) vulnerabilities in unspecified Perl scripts in SandSurfer before 1.7.1 allow remote attackers to inject arbitrary web script or HTML, which is later executed by a target who views reports containing the injected data. network xperience | 4.3 |
| 2004-12-31 | CVE-2004-2549 | Denial Of Service vulnerability in Nortel products Nortel Wireless LAN (WLAN) Access Point (AP) 2220, 2221, and 2225 allow remote attackers to cause a denial of service (service crash) via a TCP request with a large string, followed by 8 newline characters, to (1) the Telnet service on TCP port 23 and (2) the HTTP service on TCP port 80, possibly due to a buffer overflow. | 5.0 |
| 2004-12-31 | CVE-2004-2548 | Input Validation vulnerability in Netwin Surgemail and Webmail Multiple cross-site scripting (XSS) vulnerabilities in NetWin (1) SurgeMail before 2.0c and (2) WebMail allow remote attackers to inject arbitrary web script or HTML via (a) a URI containing the script, or (b) the username field in the login form. network netwin | 4.3 |