Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-12-31 | CVE-2004-2726 | Denial-Of-Service vulnerability in Mailenable 1.18 HTTPMail service in MailEnable Professional 1.18 does not properly handle arguments to the Authorization header, which allows remote attackers to cause a denial of service (null dereference and application crash). | 5.0 |
| 2004-12-31 | CVE-2004-2725 | Cross-Site Scripting vulnerability in Aztek Forum Aztek Forum 4.0 Multiple cross-site scripting (XSS) vulnerabilities in Aztek Forum 4.0 allow remote attackers to inject arbitrary web script or HTML via (1) the search parameter in (a) search.php, (2) the email parameter in (b) subscribe.php, and (3) the return and (4) title parameters in (c) forum_2.php. | 4.3 |
| 2004-12-31 | CVE-2004-2721 | Cryptographic Issues vulnerability in Heiko Stamer Openskat The CheckGroup function in openSkat VTMF before 2.1 generates public key pairs in which the "p" variable might not be prime, which allows remote attackers to determine the private key and decrypt messages. | 4.3 |
| 2004-12-31 | CVE-2004-2720 | Cross-Site Scripting vulnerability in Snitz Communications Snitz Forums 2000 Cross-site scripting (XSS) vulnerability in register.asp in Snitz Forums 2000 3.4.04 and earlier allows remote attackers to inject arbitrary web script or HTML via javascript events in the Email parameter. | 4.3 |
| 2004-12-31 | CVE-2004-2719 | Buffer Errors vulnerability in Foxmail 5.0.300 Buffer overflow in the UrlToLocal function in PunyLib.dll of Foxmail 5.0.300 allows remote attackers to execute arbitrary code via a mail message with a long From field, a different issue than CVE-2005-0339. | 6.8 |
| 2004-12-31 | CVE-2004-2718 | Permissions, Privileges, and Access Controls vulnerability in PHP Heaven PHPmychat 0.14.5 PHPMyChat 0.14.5 does not remove or protect setup.php3 after installation, which allows attackers to obtain sensitive information including database passwords via a direct request. | 4.3 |
| 2004-12-31 | CVE-2004-2714 | USE of Externally-Controlled Format String vulnerability in Windowmaker Unspecified vulnerability in Window Maker 0.80.2 and earlier allows attackers to perform unknown actions via format string specifiers in a font specification in WMGLOBAL, probably a format string vulnerability. | 6.0 |
| 2004-12-31 | CVE-2004-2712 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Phrozensmoke Gyach Enhanced Buffer overflow in Gyach Enhanced (Gyach-E) before 1.0.0-SneakPeek-3 allows remote attackers to cause a denial of service (crash) via unspecified vectors related to "URL data." | 5.0 |
| 2004-12-31 | CVE-2004-2708 | Credentials Management vulnerability in Phrozensmoke Gyach Enhanced Gyach Enhanced (Gyach-E) before 1.0.0 stores passwords in plaintext, which allows attackers to obtain user passwords by reading the configuration file. | 5.0 |
| 2004-12-31 | CVE-2004-2706 | Improper Input Validation vulnerability in Phrozensmoke Gyach Enhanced Unspecified vulnerability in Gyach Enhanced (Gyach-E) before 1.0.4 allows remote attackers to cause a denial of service (crash) via conference packets with error messages. | 5.0 |