Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-01-10 | CVE-2004-1228 | Denial-Of-Service vulnerability in Sugar Sales The install scripts in SugarCRM Sugar Sales 2.0.1c and earlier are not removed after installation, which allows attackers to obtain the MySQL administrative password in cleartext from an installation form, or to cause a denial of service by changing database settings to the default. | 6.4 |
| 2005-01-10 | CVE-2004-1226 | Information Disclosure vulnerability in SugarCRM SugarCRM Sugar Sales 2.0.1c and earlier allows remote attackers to gain sensitive information via certain requests to scripts that contain invalid input, which reveals the path in an error message, as demonstrated using phprint.php with an empty module parameter. | 5.0 |
| 2005-01-10 | CVE-2004-1224 | Local Security vulnerability in mtr Off-by-one error in the mtr_curses_keyaction function for mtr 0.55 through 0.65 allows local users to hijack raw sockets, as demonstrated using the "s" keybinding, which leaves a buffer without a NULL terminator. | 4.6 |
| 2005-01-10 | CVE-2004-1223 | Path Disclosure vulnerability in F-Secure Policy Manager 5.11 The Management Agent in F-Secure Policy Manager 5.11.2810 allows remote attackers to gain sensitive information, such as the absolute path for the web server, via an HTTP request to fsmsh.dll without any parameters. | 5.0 |
| 2005-01-10 | CVE-2004-1221 | Directory Traversal vulnerability in Darryl Burgdorf Weblibs 1.0 Directory traversal vulnerability in weblibs.pl in WebLibs 1.0 allows remote attackers to read arbitrary files via .. | 5.0 |
| 2005-01-10 | CVE-2004-1220 | Games Remote Denial of Service vulnerability in Digital Illusions Battlefield 1942 1.6.19 and earlier, and Battlefield Vietnam 1.2 and earlier, allows a remote master server to cause a denial of service (client crash) via a server reply that contains a large numplayers value, which triggers a null dereference. | 5.0 |
| 2005-01-10 | CVE-2004-1219 | Unspecified vulnerability in PHP Arena Pafiledb 3.1 paFileDB 3.1, when using sessions authentication and while the administrator logs on, allows remote attackers to read the administrator's password hash and conduct brute force password guessing attacks by listing the contents of the sessions directory and reading the associated file for the administrator session. | 5.0 |
| 2005-01-10 | CVE-2004-1218 | Remote Execute Remote Denial of Service vulnerability in Ibex Software Remote Execute 2.3 Remote Execute 2.30 allows remote attackers to cause a denial of service (application crash) by making 7 simultaneous connections. | 5.0 |
| 2005-01-10 | CVE-2004-1217 | Unspecified vulnerability in Hosting Controller Hosting Controller 6.1/6.1Hotfix1.4 Hosting Controller 6.1 Hotfix 1.4, and possibly other versions, allows remote attackers to view arbitrary directories by specifying the target pathname in the FilePath parameter to (1) Statsbrowse.asp or (2) Generalbrowse.asp. | 5.0 |
| 2005-01-10 | CVE-2004-1216 | Remote vulnerability in Burut Kreed 1.5 The scripts that handle players in Kreed 1.05 and earlier allow remote attackers to cause a denial of service (server freeze) via a long (1) nickname or (2) model type, which generates dialog boxes on the server that must be manually handled before the server continues the game. | 5.0 |