Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-02-09 | CVE-2005-0362 | Local Security vulnerability in AWStats awstats.pl in AWStats 6.2 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) "pluginmode", (2) "loadplugin", or (3) "noloadplugin" parameters. | 4.6 |
| 2005-02-09 | CVE-2004-0961 | Attribute Decoding Denial Of Service vulnerability in FreeRADIUS Memory leak in FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (memory exhaustion) via a series of Access-Request packets with (1) Ascend-Send-Secret, (2) Ascend-Recv-Secret, or (3) Tunnel-Password attributes. | 5.0 |
| 2005-02-09 | CVE-2004-0960 | Attribute Decoding Denial Of Service vulnerability in FreeRADIUS FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (core dump) via malformed USR vendor-specific attributes (VSA) that cause a memcpy operation with a -1 argument. | 5.0 |
| 2005-02-09 | CVE-2004-0957 | Unknown vulnerability in MySQL 3.23.58 and earlier, when a local user has privileges for a database whose name includes a "_" (underscore), grants privileges to other databases that have similar names, which can allow the user to conduct unauthorized activities. | 6.8 |
| 2005-02-09 | CVE-2004-0950 | Information Disclosure vulnerability in Danware NetOp Remote Control NetOp Host before 7.65 build 2004278 allows remote attackers to obtain sensitive hostname, username and local IP address information via (1) a NetOp HELO request, or (2) when responses are disabled, a "custom" HELO request. | 5.0 |
| 2005-02-09 | CVE-2004-0939 | Denial-Of-Service vulnerability in Instant Virtual Extranet changepassword.cgi in Neoteris Instant Virtual Extranet (IVE) 3.x and 4.x, with LDAP authentication or NT domain authentication enabled, does not limit the number of times a bad password can be entered, which allows remote attackers to guess passwords via a brute force attack. | 5.0 |
| 2005-02-07 | CVE-2005-0175 | Unspecified vulnerability in Squid Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the cache via an HTTP response splitting attack. | 5.0 |
| 2005-02-07 | CVE-2005-0174 | Remote vulnerability in Squid Proxy Oversize HTTP Headers Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the cache or conduct certain attacks via headers that do not follow the HTTP specification, including (1) multiple Content-Length headers, (2) carriage return (CR) characters that are not part of a CRLF pair, and (3) header names containing whitespace characters. | 5.0 |
| 2005-01-31 | CVE-2005-0224 | Denial-Of-Service vulnerability in HP Virtualvault 4.5/4.6/4.7 Unknown vulnerability in HP-UX B.11.04 running Virtualvault 4.5 through 4.7, when running the TGA daemon, allows remote attackers to cause a denial of service via certain network traffic. | 5.0 |
| 2005-01-29 | CVE-2005-0104 | Unspecified vulnerability in Squirrelmail Cross-site scripting (XSS) vulnerability in webmail.php in SquirrelMail before 1.4.4 allows remote attackers to inject arbitrary web script or HTML via certain integer variables. network squirrelmail | 4.3 |