Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2004-12-31 | CVE-2004-2752 | Cross-Site Scripting vulnerability in Postnuke Software Foundation Postnuke 0.726 Cross-site scripting (XSS) vulnerability in the Downloads module in PostNuke up to 0.726, and possibly later versions, allows remote attackers to inject arbitrary HTML and web script via the ttitle parameter in a viewdownloaddetails action. | 4.3 |
2004-12-31 | CVE-2004-2751 | SQL Injection vulnerability in Postnuke Software Foundation Postnuke 0.722/0.723/0.726 SQL injection vulnerability in the members_list module in PostNuke 0.726, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the sortby parameter. | 6.8 |
2004-12-31 | CVE-2004-2750 | Path Traversal vulnerability in Jbrowser 1.0/2.0/2.1 Directory traversal vulnerability in browser.php in JBrowser 1.0 through 2.1 allows remote attackers to read arbitrary files via the directory parameter. | 5.0 |
2004-12-31 | CVE-2004-2749 | Path Traversal vulnerability in 2Wire Homeportal Directory traversal vulnerability in wra/public/wralogin in 2Wire Gateway, possibly as used in HomePortal and other product lines, allows remote attackers to read arbitrary files via a .. | 4.3 |
2004-12-31 | CVE-2004-2748 | Information Exposure vulnerability in Webtrends Reporting Center 6.1A viewreport.pl in NetIQ WebTrends Reporting Center Enterprise Edition 6.1a allows remote attackers to determine the installation path via an invalid profileid parameter, which leaks the pathname in an error message. | 4.3 |
2004-12-31 | CVE-2004-2747 | Path Traversal vulnerability in Pablo Software Solutions Quick N Easy FTP Server 1.77 Directory traversal vulnerability in Pablo Software Solutions Quick 'n Easy FTP Server 1.77, and possibly earlier versions, allows remote authenticated users to determine the existence of arbitrary files via a .. | 4.0 |
2004-12-31 | CVE-2004-2744 | Remote Security vulnerability in Mailing List Manager Unspecified vulnerability in Tincan Limited PHPlist before 2.8.12 has unknown impact and attack vectors, related to a "security update release." | 5.0 |
2004-12-31 | CVE-2004-2743 | Permissions, Privileges, and Access Controls vulnerability in Raditha Dissanayake Mega Upload Progress BAR upload.cgi in Mega Upload Progress Bar before 1.45 allows remote attackers to copy or overwrite arbitrary files via unspecified parameters related to names of uploaded files. | 6.4 |
2004-12-31 | CVE-2004-2742 | Cross-Site Scripting vulnerability in Businessobjects Crystal Enterprise 10/8.5/9 Cross-site scripting (XSS) vulnerability in the report viewer in Crystal Enterprise 8.5, 9, and 10 allows remote attackers to inject arbitrary web script or HTML via script in the URL to a report (RPT) file. | 4.3 |
2004-12-31 | CVE-2004-2741 | Cross-Site Scripting vulnerability in Horde Application Framework Cross-site scripting (XSS) vulnerability in the "help window" (help.php) in Horde Application Framework 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) module, (2) topic, or (3) module parameters. | 4.3 |