Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-12-31 | CVE-2004-2624 | Cross-Site Scripting vulnerability in Wackowiki R3/R3.5 Cross-site scripting (XSS) vulnerability in "TextSearch" in WackoWiki 3.5 allows remote attackers to inject arbitrary web script or HTML via the "phrase" parameter. network wackowiki | 4.3 |
| 2004-12-31 | CVE-2004-2621 | Unspecified vulnerability in Nortel Contivity Nortel Contivity VPN Client 2.1.7, 3.00, 3.01, 4.91, and 5.01, when opening a VPN tunnel, does not check the gateway certificate until after a dialog box has been displayed to the user, which creates a race condition that allows remote attackers to perform a man-in-the-middle (MITM) attack. | 4.0 |
| 2004-12-31 | CVE-2004-2620 | Remote Security vulnerability in Paul L Daniels Ripmime 1.3.1.0 The MIMEH_read_headers function in ripMIME 1.3.1.0 does not properly handle trailing "\r" and "\n" characters in headers, which leads to a buffer underflow. | 5.0 |
| 2004-12-31 | CVE-2004-2618 | Input Validation vulnerability in Pegasi web Server Pegasi web Server 0.2.2 Cross-site scripting (XSS) vulnerability in Pegasi Web Server (PWS) 0.2.2 allows remote attackers to inject arbitrary web script or HTML via the URI, directly after the initial '/' (slash). network pegasi-web-server | 4.3 |
| 2004-12-31 | CVE-2004-2617 | Input Validation vulnerability in Pegasi web Server Pegasi web Server 0.2.2 Directory traversal vulnerability in Pegasi Web Server (PWS) 0.2.2 allows remote attackers to read files outside of the web root via a .. | 5.0 |
| 2004-12-31 | CVE-2004-2615 | Local Security vulnerability in Cutephp Cutenews 1.3.6 The documentation for CuteNews 1.3.6 and possibly other versions specifies that files under cutenews/data must be manually given world-writable permissions, which allows local users to insert false news, delete news, and possibly gain privileges or have other unknown impact. | 4.6 |
| 2004-12-31 | CVE-2004-2611 | Denial-Of-Service vulnerability in Sophster The Change Permissions function in the Sophster suite before 0.9.6 28 May 2004 (aka 0.9.6-r5), possibly including Sophster, FreeSophster, and FreeSophsterPAM, removes the (1) setuid, (2) setgid, and (3) sticky bits when changing a file, which might allow attackers to gain privileges or conduct other unauthorized activities. | 4.6 |
| 2004-12-31 | CVE-2004-2610 | Local Security vulnerability in Mntd mntd_mount.c in mntd before 0.4.2 might allow local users to gain privileges via shell metacharacters in a remount option in the configuration file. | 4.6 |
| 2004-12-31 | CVE-2004-2608 | Permissions, Privileges, and Access Controls vulnerability in Smartwebby Smart Guest Book 2 SmartWebby Smart Guest Book stores SmartGuestBook.mdb (aka the "news database") under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as the unencrypted username and password of the administrator's account. | 5.0 |
| 2004-12-31 | CVE-2004-2604 | Cross-Site Scripting vulnerability in PHProxy 0.1/0.2/0.3 Cross-site scripting (XSS) vulnerability in index.php in PHProxy allows remote attackers to inject arbitrary web script or HTML via the error parameter. network phproxy | 4.3 |