Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-12-31 | CVE-2004-2439 | Unspecified vulnerability in HP products The remote upgrade capability in HP LaserJet 4200 and 4300 printers does not require a password, which allows remote attackers to upgrade firmware. | 5.0 |
| 2004-12-31 | CVE-2004-2438 | SQL and HTML Injection vulnerability in PHP Fusion PHP Fusion 4.01 Cross-site scripting (XSS) vulnerability in PHP-Fusion 4.01 allows remote attackers to inject arbitrary web script or HTML via the (1) Submit News, (2) Submit Link or (3) Submit Article field. network php-fusion | 4.3 |
| 2004-12-31 | CVE-2004-2435 | Cross-Site Scripting vulnerability in Peoplesoft Hrms 7.0 Cross-site scripting (XSS) vulnerability in PeopleSoft Human Resources Management System (HRMS) 7.0, when "web enabled" using HTML Access, allows remote attackers to inject arbitrary web script or HTML via unspecified (1) debugging or (2) utility scripts. network peoplesoft | 4.3 |
| 2004-12-31 | CVE-2004-2434 | Denial-Of-Service vulnerability in Microsoft IE 6.0 Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service (browser crash) via a link with "::{" (colon colon left brace), which triggers a null dereference when the user attempts to save the link using "Save As" and Internet Explorer prepares an error message with an attacker-controlled format string. | 5.0 |
| 2004-12-31 | CVE-2004-2432 | Remote Buffer Overrun vulnerability in WinAgents TFTP Server WinAgents TFTP Server 3.0 allows remote attackers to cause a denial of service (crash) via a request for a file with a long file name, possibly due to an off-by-one buffer overflow. | 5.0 |
| 2004-12-31 | CVE-2004-2428 | Information Disclosure vulnerability in Abczone.It Wwwguestbook 1.1 Abczone.it WWWguestbook 1.1 stores db/dbase.mdb under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as the plaintext username and password. | 5.0 |
| 2004-12-31 | CVE-2004-2426 | Multiple vulnerability in Axis Network Camera And Video Server Directory traversal vulnerability in Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to bypass authentication via a .. | 5.0 |
| 2004-12-31 | CVE-2004-2424 | Remote Denial of Service vulnerability in BEA Weblogic Server 8.1 BEA WebLogic Server and WebLogic Express 8.1 through 8.1 SP2 allow remote attackers to cause a denial of service (network port consumption) via unknown actions in HTTPS sessions, which prevents the server from releasing the network port when the session ends. | 5.0 |
| 2004-12-31 | CVE-2004-2423 | Buffer Overflow Denial Of Service vulnerability in Ipswitch IMail Server Unknown vulnerability in the Web calendaring component of Ipswitch IMail Server before 8.13 allows remote attackers to cause a denial of service (crash) via "specific content." | 5.0 |
| 2004-12-31 | CVE-2004-2422 | Buffer Overflow Denial Of Service vulnerability in Ipswitch IMail Server Multiple features in Ipswitch IMail Server before 8.13 allow remote attackers to cause a denial of service (crash) via (1) a long sender field to the Queue Manager or (2) a long To field to the Web Messaging component. | 5.0 |