Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-12-31 | CVE-2004-2704 | Cross-Site Scripting vulnerability in multiple products Hastymail 1.0.1 and earlier (stable) and 1.1 and earlier (development) does not send the "attachment" parameter in the Content-Disposition field for attachments, which causes the attachment to be rendered inline by Internet Explorer when the victim clicks the download link, which facilitates cross-site scripting (XSS) and possibly other attacks. | 4.3 |
| 2004-12-31 | CVE-2004-2703 | Cryptographic Issues vulnerability in Clearswift products Clearswift MIMEsweeper 5.0.5, when it has been upgraded from MAILsweeper for SMTP version 4.3 or MAILsweeper Business Suite I or II, allows remote attackers to bypass scanning by including encrypted data in a mail message, which causes the message to be marked as "Clean" instead of "Encrypted". | 4.3 |
| 2004-12-31 | CVE-2004-2702 | Cross-Site Scripting vulnerability in Swsoft Plesk 7.0/7.1 Cross-site scripting (XSS) vulnerability in login_up.php3 in Plesk 7.0 and 7.1 Reloaded allows remote attackers to inject arbitrary web script or HTML via the login_name parameter. | 4.3 |
| 2004-12-31 | CVE-2004-2701 | Cross-Site Scripting vulnerability in Aspdotnetstorefront 3.3 Cross-site scripting (XSS) vulnerability in signin.aspx for AspDotNetStorefront 3.3 allows remote attackers to inject arbitrary web script or HTML via the returnurl parameter. | 4.3 |
| 2004-12-31 | CVE-2004-2699 | Permissions, Privileges, and Access Controls vulnerability in Aspdotnetstorefront 3.3 deleteicon.aspx in AspDotNetStorefront 3.3 allows remote attackers to delete arbitrary product images via a modified ProductID parameter. | 4.3 |
| 2004-12-31 | CVE-2004-2698 | Race Condition vulnerability in Imwheel Race condition in IMWheel 1.0.0pre11 and earlier, when running with the -k option, allows local users to cause a denial of service (IMWheel crash) and possibly modify arbitrary files via a symlink attack on the imwheel.pid file. | 6.9 |
| 2004-12-31 | CVE-2004-2697 | Race Condition vulnerability in IBM AIX 4.3.3/5.1/5.1L The Inventory Scout daemon (invscoutd) 1.3.0.0 and 2.0.2 for AIX 4.3.3 and 5.1 allows local users to gain privileges via a symlink attack on a command line argument (log file). | 6.9 |
| 2004-12-31 | CVE-2004-2696 | Credentials Management vulnerability in BEA Weblogic Server BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, when using Remote Method Invocation (RMI) over Internet Inter-ORB Protocol (IIOP), does not properly handle when multiple logins for different users coming from the same client, which could cause an "unexpected user identity" to be used in an RMI call. | 5.5 |
| 2004-12-31 | CVE-2004-2694 | Permissions, Privileges, and Access Controls vulnerability in Microsoft Outlook Express 6.0 Microsoft Outlook Express 6.0 allows remote attackers to bypass intended access restrictions, load content from arbitrary sources into the Outlook context, and facilitate phishing attacks via a "BASE HREF" with the target set to "_top". | 5.8 |
| 2004-12-31 | CVE-2004-2688 | Cross-Site Scripting vulnerability in Newsphp Cross-site scripting (XSS) vulnerability in index.php in NewsPHP allows remote attackers to inject arbitrary web script or HTML via the cat_id parameter. | 4.3 |