CVE-2004-1935
published 2004-04-15CVE-2004-1935: Cross-site scripting (XSS) vulnerability in SCT Campus Pipeline allows remote attackers to inject arbitrary web script or HTML via onload, onmouseover, and…
PriorityP417medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
1.81%
75.9th percentile
Cross-site scripting (XSS) vulnerability in SCT Campus Pipeline allows remote attackers to inject arbitrary web script or HTML via onload, onmouseover, and other Javascript events in an e-mail attachment.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sct_corporation | campus_pipeline | — | — |
| sct_corporation | campus_pipeline | — | — |
| sct_corporation | campus_pipeline | — | — |
| sct_corporation | campus_pipeline | — | — |
| sct_corporation | campus_pipeline | — | — |
| sct_corporation | campus_pipeline | — | — |
| sct_corporation | campus_pipeline | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
SCT Campus Pipeline 1.0/2.x/3.x - Email Attachment Script Injection
exploitdb·2004-04-15
CVE-2004-1935 SCT Campus Pipeline 1.0/2.x/3.x - Email Attachment Script Injection
SCT Campus Pipeline 1.0/2.x/3.x - Email Attachment Script Injection
---
source: https://www.securityfocus.com/bid/10154/info
It has been reported that Campus Pipeline is prone to a remote email attachment script injection vulnerability. This issue is due to a failure of the application to properly sanitize user supplied HTML and script code contained in email documents.
This issue may allow a remote attacker to gain control of an unsuspecting user's email account; by executing specific script code an attacker can manipulate the victim's email account. It may be possible for an attacker to steal cookie based authentication credentials as well, and due to the integrated nature of this software this may potentially lead to further compromise of the victim's account. It should be noted tha
Exploit-DB
Microsoft Windows - ASN.1 Remote (MS04-007)
exploitdb·2004-03-26·CVSS 7.5
CVE-2003-0818 [HIGH] Microsoft Windows - ASN.1 Remote (MS04-007)
Microsoft Windows - ASN.1 Remote (MS04-007)
---
# Microsoft ASN.1 remote exploit for CVE-2005-1935 // MS04-007
# Solar Eclipse
# solareclipse at phreedom dot org
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/3022.tar.gz (12262006-killbill.tar.gz)
# milw0rm.com [2004-03-26]
No writeups or analysis indexed.
http://marc.info/?l=bugtraq&m=108207280917231&w=2http://secunia.com/advisories/11396http://www.securityfocus.com/bid/10154https://exchange.xforce.ibmcloud.com/vulnerabilities/15878http://marc.info/?l=bugtraq&m=108207280917231&w=2http://secunia.com/advisories/11396http://www.securityfocus.com/bid/10154https://exchange.xforce.ibmcloud.com/vulnerabilities/15878
2004-04-15
Published