Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-01-10 | CVE-2004-1164 | Remote Denial of Service vulnerability in Cisco CNS Network Registrar DNS and DHCP Server The lock manager in Cisco CNS Network Registrar 6.0 through 6.1.1.3 allows remote attackers to cause a denial of service (process crash) via a certain "unexpected packet sequence." | 5.0 |
| 2005-01-10 | CVE-2004-1163 | Denial-Of-Service vulnerability in CNS Network Registrar Cisco CNS Network Registrar Central Configuration Management (CCM) server 6.0 through 6.1.1.3 allows remote attackers to cause a denial of service (CPU consumption) by ending a connection after sending a certain sequence of packets. | 5.0 |
| 2005-01-10 | CVE-2004-1148 | Unspecified vulnerability in PHPmyadmin phpMyAdmin before 2.6.1, when configured with UploadDir functionality, allows remote attackers to read arbitrary files via the sql_localfile parameter. | 5.0 |
| 2005-01-10 | CVE-2004-1136 | Denial-Of-Service vulnerability in Globalscape Cuteftp 6.0 Buffer overflow in CuteFTP Professional 6.0, and possibly other versions, allows remote FTP servers to cause a denial of service (application crash) via large replies to FTP commands. | 5.0 |
| 2005-01-10 | CVE-2004-1135 | Denial-Of-Service vulnerability in Ipswitch WS FTP Server 5.03 Multiple buffer overflows in WS_FTP Server 5.03 2004.10.14 allow remote attackers to cause a denial of service (service crash) via long (1) SITE, (2) XMKD, (3) MKD, and (4) RNFR commands. | 5.0 |
| 2005-01-10 | CVE-2004-1133 | Unspecified vulnerability in Microsoft W3Who.Dll Multiple cross-site scripting (XSS) vulnerabilities in Microsoft W3Who ISAPI (w3who.dll) allow remote attackers to inject arbitrary HTML and web script via (1) HTTP headers such as "Connection" or (2) invalid parameters whose values are echoed in the resulting error message. network microsoft | 6.8 |
| 2005-01-10 | CVE-2004-1130 | Remote vulnerability in Youngzsoft Cmailserver 5.2.0 Cross-site scripting (XSS) vulnerability in admin.asp in CMailServer 5.2 allows remote attackers to execute arbitrary web script or HTML via personal information fields, such as (1) username, (2) name, or (3) comments. network youngzsoft | 6.8 |
| 2005-01-10 | CVE-2004-1123 | Unspecified vulnerability in Apple products Darwin Streaming Server 5.0.1, and possibly earlier versions, allows remote attackers to cause a denial of service (server crash) via a DESCRIBE request with a location that contains a null byte. | 5.0 |
| 2005-01-10 | CVE-2004-1112 | Buffer Overflow Protection Bypass vulnerability in Cisco Security Agent The buffer overflow trigger in Cisco Security Agent (CSA) before 4.0.3 build 728 waits five minutes for a user response before terminating the process, which could allow remote attackers to bypass the buffer overflow protection by sending additional buffer overflow attacks within the five minute timeout period. | 5.1 |
| 2005-01-10 | CVE-2004-1111 | Denial-Of-Service vulnerability in 7600 Cisco IOS 2.2(18)EW, 12.2(18)EWA, 12.2(14)SZ, 12.2(18)S, 12.2(18)SE, 12.2(18)SV, 12.2(18)SW, and other versions without the "no service dhcp" command, keep undeliverable DHCP packets in the queue instead of dropping them, which allows remote attackers to cause a denial of service (dropped traffic) via multiple undeliverable DHCP packets that exceed the input queue size. | 5.0 |