Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-12-31 | CVE-2004-2360 | Remote Denial Of Service vulnerability in Targem Games Battle Mages 1.0 Targem Battle Mages 1.0 allows remote attackers to cause a denial of service (infinite loop) via a UDP packet with incomplete data, which causes the server to enter an infinite loop while waiting to read the rest of the data that is not sent. | 5.0 |
| 2004-12-31 | CVE-2004-2358 | Multiple vulnerability in PhpBB admin_words.php Cross-site scripting (XSS) vulnerability in admin_words.php for phpBB 2.0.6c allows remote attackers to inject arbitrary web script or HTML via the id parameter. network phpbb-group | 4.3 |
| 2004-12-31 | CVE-2004-2357 | Remote Security vulnerability in Proofpoint Protection Server The embedded MySQL 4.0 server for Proofpoint Protection Server does not require a password for the root user of MySQL, which allows remote attackers to read or modify the backend database. | 6.4 |
| 2004-12-31 | CVE-2004-2356 | Denial Of Service vulnerability in Fizmez web Server 1.0 Early termination vulnerability in Fizmez Web Server 1.0 allows remote attackers to cause a denial of service (crash) by connecting to the server and then disconnecting without sending any data, which triggers a null pointer dereference. | 5.0 |
| 2004-12-31 | CVE-2004-2355 | HTML Injection vulnerability in Crafty Syntax Live Help Crafty Syntax Live Help 2.7.3 Cross-site scripting (XSS) vulnerability in Crafty Syntax Live Help (CSLH) before 2.7.4 allows remote attackers to inject arbitrary web script or HTML via the name field of a livehelp or chat session. network crafty-syntax-live-help | 4.3 |
| 2004-12-31 | CVE-2004-2354 | Cross-Site Scripting vulnerability in 4Nguestbook SQL injection vulnerability in 4nGuestbook 0.92 for PHP-Nuke 6.5 through 6.9 allows remote attackers to modify SQL statements via the entry parameter to modules.php, which can also facilitate cross-site scripting (XSS) attacks when MySQL errors are triggered. | 6.8 |
| 2004-12-31 | CVE-2004-2353 | BugPort before 1.099 stores its configuration file (conf/config.conf) under the web document root with a file extension that is not normally parsed by web servers, which allows remote attackers to obtain sensitive information. | 5.0 |
| 2004-12-31 | CVE-2004-2352 | HTML Injection vulnerability in Martin Bauer Gbook 1.4 Cross-site scripting (XSS) vulnerability in GBook for PHP-Nuke 1.0 allows remote attackers to inject arbitrary web script or HTML via cookies that are stored in the $_COOKIE PHP variable, which is not cleansed by PHP-Nuke. network martin-bauer | 4.3 |
| 2004-12-31 | CVE-2004-2351 | HTML Injection vulnerability in Martin Bauer Gbook 1.4 Cross-site scripting (XSS) vulnerability in GBook for Php-Nuke 1.0 allows remote attackers to inject arbitrary web script or HTML via multiple parameters, including (1) name, (2) email, (3) city, and (4) message, which do not use the <script> and <style> tags, which are filtered by PHP-Nuke. network martin-bauer | 4.3 |
| 2004-12-31 | CVE-2004-2348 | Denial Of Service vulnerability in Sybari Antigen 7.0Build722(Sr2) Sybari AntiGen for Domino 7.0 Build 722 SR2 allows remote attackers to cause a denial of service (hang) via an encrypted ZIP file with the "include full path info" option set, as used by certain variants of the Beagle/Bagle worm. | 5.0 |