Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2004-12-31 | CVE-2004-2525 | Remote Cross-Site Scripting vulnerability in S9Y Serendipity Cross-site scripting (XSS) vulnerability in compat.php in Serendipity before 0.7.1 allows remote attackers to inject arbitrary web script or HTML via the searchTerm variable. network s9y | 4.3 |
2004-12-31 | CVE-2004-2524 | Information Disclosure vulnerability in WHM Autopilot WHM Autopilot 2.4.5 clogin.php in Benchmark Designs' WHM AutoPilot 2.4.5 and earlier allows remote attackers to obtain plaintext username and password credentials by using the clogin_e and base64_encode functions to encode the desired user ID in the c parameter, then read the plaintext values in the resulting form. | 5.0 |
2004-12-31 | CVE-2004-2523 | Remote Message Format String vulnerability in Openftpd FTP Server 0.29.4/0.30/0.30.1 Format string vulnerability in the msg command (cat_message function in msg.c) in OpenFTPD 0.30.2 and earlier allows remote authenticated users to execute arbitrary code via format string specifiers in the message argument. | 6.5 |
2004-12-31 | CVE-2004-2517 | Denial-Of-Service vulnerability in Myserver 0.7.1 myServer 0.7.1 allows remote attackers to cause a denial of service (crash) via a long HTTP POST request in a View=Logon operation to index.html. | 5.0 |
2004-12-31 | CVE-2004-2516 | Directory Traversal vulnerability in MyServer Directory traversal vulnerability in myServer 0.7 allows remote attackers to list arbitrary directories via an HTTP GET command with a large number of "./" sequences followed by "../" sequences. | 5.0 |
2004-12-31 | CVE-2004-2514 | HTML Injection vulnerability in Powerportal 1.1B/1.3/1.3B Cross-site scripting (XSS) vulnerability in modules/private_messages/index.php in PowerPortal 1.x allows remote attackers to inject arbitrary web script or HTML via the (1) SUBJECT or (2) MESSAGE field. network powerportal | 4.3 |
2004-12-31 | CVE-2004-2512 | Unspecified vulnerability in Codeworx Technologies Dcp-Portal CRLF injection vulnerability in calendar.php in DCP-Portal 5.3.2 and earlier allows remote attackers to conduct HTTP response splitting attacks to spoof web content and poison web caches via CRLF ("%0d%0a") sequences in the PHPSESSID parameter. network codeworx-technologies | 4.3 |
2004-12-31 | CVE-2004-2511 | Cross-Site Scripting vulnerability in DCP-Portal Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal 5.3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the year, (2) month, and (3) day parameters in calendar.php; (4) the cid and (5) url parameters in index.php; (6) the cid parameter in annoucement.php; (7) the cid parameter in news.php; (8) the cid parameter in contents.php; (9) the q parameter in search.php; and (10) the country parameter in register.php. network codeworx-technologies | 4.3 |
2004-12-31 | CVE-2004-2510 | Cross-Site Scripting vulnerability in UBBCentral UBB.threads Cross-site scripting (XSS) vulnerability in showflat.php in Infopop UBB.Threads before 6.5 allows remote attackers to inject arbitrary web script or HTML via the Cat parameter. network ubbcentral | 4.3 |
2004-12-31 | CVE-2004-2509 | Cross-Site Scripting vulnerability in Ubbcentral Ubb.Threads 6.2.3/6.5 Cross-site scripting (XSS) vulnerabilities in (1) calendar.php, (2) login.php, and (3) online.php in Infopop UBB.Threads 6.2.3 and 6.5 allow remote attackers to inject arbitrary web script or HTML via the Cat parameter. network ubbcentral | 4.3 |