Pigrelax

#13197of 53,625
20Total CVSS
Vulnerabilities · 3
Medium
1
High
2
PT-2004-2454
5.0
2004-12-31
Alt N · Mdaemon · CVE-2004-1546
**Name of the Vulnerable Software and Affected Versions** MDaemon version 6.5.1 **Description** The issue is related to multiple buffer overflows that can be triggered by remote attackers, leading to a denial of service (application crash). This can occur through a long command to the SMTP server, such as SAML, SOML, SEND, or MAIL, or via a long LIST command to the IMAP server. **Recommendations** For MDaemon version 6.5.1, update to a newer version that contains a fix for this issue.
PT-2004-2463
7.5
2004-12-31
Broadboard · Broadboard Instant Asp Message Board · CVE-2004-1555
**Name of the Vulnerable Software and Affected Versions** BroadBoard Instant ASP Message Board (affected versions not specified) **Description** The issue concerns multiple SQL injection vulnerabilities. These vulnerabilities allow remote attackers to execute arbitrary SQL commands through specific parameters in various ASP files. The affected parameters include the `keywords` parameter to "search.asp", the `handle` parameter to "profile.asp", the `txtUserHandle` parameter to "reg2.asp", and the `txtUserEmail` parameter to "forgot.asp". **Recommendations** For BroadBoard Instant ASP Message Board, consider restricting access to the affected ASP files until a fix is available. As a temporary workaround, avoid using the `keywords` parameter in "search.asp", the `handle` parameter in "profile.asp", the `txtUserHandle` parameter in "reg2.asp", and the `txtUserEmail` parameter in "forgot.asp" to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2004-3040
7.5
2004-12-31
Pd9 · Megabbs · CVE-2004-2145
**Name of the Vulnerable Software and Affected Versions** PD9 Software MegaBBS versions 2 and 2.1 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the `sortdir` or `criteria` parameter to "ladder-log.asp" or the `memberid` or `teamid` parameter to "view-profile.asp". **Recommendations** For PD9 Software MegaBBS versions 2 and 2.1, consider restricting access to the vulnerable parameters `sortdir` and `criteria` in "ladder-log.asp" and `memberid` and `teamid` in "view-profile.asp" until a patch is available.