Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2005-01-05 | CVE-1999-1373 | Unspecified vulnerability in Fore Powerhub Software FORE PowerHub before 5.0.1 allows remote attackers to cause a denial of service (hang) via a TCP SYN scan with TCP/IP OS fingerprinting, e.g. | 5.0 |
2005-01-04 | CVE-2005-0283 | Remote Directory Traversal vulnerability in David Barrett Qwikiwiki 1.4.1 Directory traversal vulnerability in index.php in QwikiWiki allows remote attackers to read arbitrary files via a .. | 5.0 |
2005-01-04 | CVE-2004-1061 | Cross-Site Scripting vulnerability in Bugzilla Internal Error Cross-site scripting (XSS) vulnerability in Bugzilla before 2.18, including 2.16.x before 2.16.11, allows remote attackers to inject arbitrary HTML and web script via forced error messages, as demonstrated using the action parameter. network mozilla | 4.3 |
2005-01-03 | CVE-2005-0274 | Input Validation vulnerability in All Enthusiast PhotoPost Classifieds Multiple cross-site scripting (XSS) vulnerabilities in showgallery.php in PhotoPost before 4.86 allow remote attackers to inject arbitrary web script or HTML via the (1) cat, (2) si, (3) page, or (4) ppuser parameters. network photopost | 4.3 |
2005-01-01 | CVE-2005-0266 | Cross-Site Scripting vulnerability in SugarCRM Cross-site scripting (XSS) vulnerability in index.php in SugarCRM 1.X allows remote attackers to inject arbitrary web script or HTML via the (1) return_module, (2) return_action, (3) name, (4) module, or (5) record parameter. network sugarcrm | 4.3 |
2004-12-31 | CVE-2004-2760 | Configuration vulnerability in Openbsd Openssh 3.5/3.5P1 sshd in OpenSSH 3.5p1, when PermitRootLogin is disabled, immediately closes the TCP connection after a root login attempt with the correct password, but leaves the connection open after an attempt with an incorrect password, which makes it easier for remote attackers to guess the password by observing the connection state, a different vulnerability than CVE-2003-0190. | 6.8 |
2004-12-31 | CVE-2004-2757 | Cross-Site Scripting vulnerability in Novell Ichain 2.1/2.2 Cross-site scripting (XSS) vulnerability in the failed login page in Novell iChain before 2.2 build 2.2.113 and 2.3 First Customer Ship (FCS) allows remote attackers to inject arbitrary web script or HTML via url parameter. | 4.3 |
2004-12-31 | CVE-2004-2756 | Cross-Site Scripting vulnerability in Xoops Cross-site scripting (XSS) vulnerability in viewtopic.php in Xoops 2.x, possibly 2 through 2.0.5, allows remote attackers to inject arbitrary web script or HTML via the (1) forum and (2) topic_id parameters. | 4.3 |
2004-12-31 | CVE-2004-2755 | Cross-Site Scripting vulnerability in Symantec web Security 2.5/3.0/3.0.1 Cross-site scripting (XSS) vulnerability in Symantec Web Security 2.5, 3.0.0, and 3.0.1 before build 62 allows remote attackers to inject arbitrary web script or HTML via the query string in blocked URLs that are listed in (1) error or (2) block page messages. | 4.3 |
2004-12-31 | CVE-2004-2753 | Local Insecure File Access vulnerability in HP SharedX Unspecified vulnerability in SharedX in HP-UX B.11.00, B.11.11, and B.11.22 allows local users to access unspecified files or cause a denial of service via unknown vectors related to handling of "files in a potentially insecure manner." | 5.6 |