CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 3CVE-2004-2480 – National Science Foundation Squid Proxy 2.3 - Internet Access Control Bypass
https://notcve.org/view.php?id=CVE-2004-2480
Squid Web Proxy Cache 2.3.STABLE5 allows remote attackers to bypass security controls and access arbitrary websites via "@@" sequences in a URL within Internet Explorer. • https://www.exploit-db.com/exploits/24105 http://archives.neohapsis.com/archives/bugtraq/2004-05/0070.html http://www.securityfocus.com/bid/10315 https://exchange.xforce.ibmcloud.com/vulnerabilities/16153 •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 1CVE-2004-1949
https://notcve.org/view.php?id=CVE-2004-1949
SQL injection vulnerability in PostNuke 7.2.6 and earlier allows remote attackers to execute arbitrary SQL via (1) the sif parameter to index.php in the Comments module or (2) timezoneoffset parameter to changeinfo.php in the Your_Account module. • http://lists.grok.org.uk/pipermail/full-disclosure/2004-April/020154.html http://marc.info/?l=bugtraq&m=108256503718978&w=2 http://news.postnuke.com/Article2580.html http://secunia.com/advisories/11386 http://securitytracker.com/id?1009801 http://www.osvdb.org/5368 http://www.osvdb.org/5369 http://www.securityfocus.com/bid/10146 https://exchange.xforce.ibmcloud.com/vulnerabilities/15869 https://exchange.xforce.ibmcloud.com/vulnerabilities/15875 •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2004-2752
https://notcve.org/view.php?id=CVE-2004-2752
Cross-site scripting (XSS) vulnerability in the Downloads module in PostNuke up to 0.726, and possibly later versions, allows remote attackers to inject arbitrary HTML and web script via the ttitle parameter in a viewdownloaddetails action. • http://securitytracker.com/id?1008629 http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2004-01/0015.html http://www.gulftech.org/01032004.php • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2004-1787
https://notcve.org/view.php?id=CVE-2004-1787
SQL injection vulnerability in PostCalendar 4.0.0 allows remote attackers to execute arbitrary SQL commands via search queries. • http://news.postnuke.com/modules.php?op=modload&name=News&file=article&sid=2537 http://secunia.com/advisories/10554 http://securitytracker.com/id?1008621 http://www.osvdb.org/3336 http://www.securityfocus.com/bid/9372 https://exchange.xforce.ibmcloud.com/vulnerabilities/14111 •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 1CVE-2004-2751
https://notcve.org/view.php?id=CVE-2004-2751
SQL injection vulnerability in the members_list module in PostNuke 0.726, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the sortby parameter. • http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0117.html http://community.postnuke.com/Article2535.htm http://lists.postnuke.com/pipermail/postnuke-security/2004q1/000001.html http://securitytracker.com/id?1008629 http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2004-01/0015.html http://www.gulftech.org/01032004.php http://www.osvdb.org/3334 https://exchange.xforce.ibmcloud.com/vulnerabilities/11500 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •