Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-12-31 | CVE-2004-2316 | Denial Of Service vulnerability in Mbedthis Software AppWeb HTTP Server Empty Options Request Mbedthis AppWeb HTTP server before 1.0.2 allows remote attackers to cause a denial of service (crash) via a GET request containing an MS-DOS device name such as COM1. | 5.0 |
| 2004-12-31 | CVE-2004-2315 | Denial Of Service vulnerability in Mbedthis Software AppWeb HTTP Server Empty Options Request Mbedthis AppWeb HTTP server before 1.0.2 allows remote attackers to cause a denial of service (crash) via an empty OPTIONS request. | 5.0 |
| 2004-12-31 | CVE-2004-2313 | Unspecified vulnerability in Inter7 Sqwebmail Inter7 SqWebMail 3.4.1 through 3.6.1 generates different error messages for incorrect passwords versus correct passwords on non-mail-enabled accounts (such as root), which allows remote attackers to guess the root password via brute force attacks. | 5.0 |
| 2004-12-31 | CVE-2004-2310 | Cross-Site Scripting vulnerability in IBM Lotus Domino 6.5.1 Cross-site scripting (XSS) vulnerability in webadmin.nsf in Lotus Domino R6 6.5.1 allows remote attackers to inject arbitrary web script or HTML via a Domino command in the Quick Console. network ibm | 4.3 |
| 2004-12-31 | CVE-2004-2308 | Cross-Site Scripting vulnerability in cPanel dir Parameter Cross-site scripting (XSS) vulnerability in cPanel 9.1.0 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the dir parameter in dohtaccess.html. network cpanel | 4.3 |
| 2004-12-31 | CVE-2004-2307 | Unspecified vulnerability in Microsoft Internet Explorer and Windows XP Microsoft Internet Explorer 6.0.2600 on Windows XP allows remote attackers to cause a denial of service (browser crash) via a shell: URI with double backslashes (\\) in an HTML tag such as IFRAME or A. | 5.0 |
| 2004-12-31 | CVE-2004-2306 | Unspecified vulnerability in SUN Solaris and Sunos Sun Solaris 7 through 9, when Basic Security Module (BSM) is enabled and the SUNWscpu package has been removed as a result of security hardening, disables mail alerts from the audit_warn script, which might allow attackers to escape detection. | 4.6 |
| 2004-12-31 | CVE-2004-2305 | Unspecified vulnerability in Broadcom Etrust Antivirus EE 6.0/7.0 Computer Associates eTrust Antivirus EE 6.0 through 7.0 allows remote attackers to bypass virus scanning by including a password-protected file in a ZIP file, which causes eTrust to scan only the password protected file and skip the other files. | 5.0 |
| 2004-12-31 | CVE-2004-2301 | Eudora before 6.1.1 allows remote attackers to cause a denial of service (crash) via an e-mail with a long "To:" field, possibly due to a buffer overflow. | 5.0 |
| 2004-12-31 | CVE-2004-2298 | Denial-Of-Service vulnerability in Internet Messaging System Novell Internet Messaging System (NIMS) 2.6 and 3.0, and NetMail 3.1 and 3.5, is installed with a default NMAP authentication credential, which allows remote attackers to read and write mail store data if the administrator does not change the credential by using the NMAP Credential Generator. | 6.4 |