Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-12-31 | CVE-2004-2297 | Input Validation vulnerability in PHP-Nuke The Reviews module in PHP-Nuke 6.0 to 7.3 allows remote attackers to cause a denial of service (CPU and memory consumption) via a large, out-of-range score parameter. | 5.0 |
| 2004-12-31 | CVE-2004-2296 | Input Validation vulnerability in PHP-Nuke The preview_review function in the Reviews module in PHP-Nuke 6.0 to 7.3, when running on Windows systems, allows remote attackers to obtain sensitive information via an invalid date parameter, which generates an error message. | 5.0 |
| 2004-12-31 | CVE-2004-2294 | Input Validation vulnerability in PHP-Nuke Canonicalize-before-filter error in the send_review function in the Reviews module for PHP-Nuke 6.0 to 7.3 allows remote attackers to inject arbitrary web script or HTML via hex-encoded XSS sequences in the text parameter, which is checked for dangerous sequences before it is canonicalized, leading to a cross-site scripting (XSS) vulnerability. network francisco-burzi | 4.3 |
| 2004-12-31 | CVE-2004-2293 | Input Validation vulnerability in PHP-Nuke Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.0 to 7.3 allow remote attackers to inject arbitrary web script or HTML via the (1) eid parameter or (2) query parameter to the Encyclopedia module, (3) preview_review function in the Reviews module as demonstrated by the url, cover, rlanguage, and hits parameters, or (4) savecomment function in the Reviews module, as demonstrated using the uname parameter. network francisco-burzi | 4.3 |
| 2004-12-31 | CVE-2004-2292 | Remote Status Command Buffer Overflow vulnerability in Alt-N MDaemon Buffer overflow in Alt-N MDaemon 7.0.1 allows remote attackers to cause a denial of service (application crash) via a long STATUS command to the IMAP server. | 5.0 |
| 2004-12-31 | CVE-2004-2288 | Unspecified vulnerability in Jelsoft Vbulletin Cross-site scripting (XSS) vulnerability in index.php in Jelsoft vBulletin allows remote attackers to spoof parts of a website via the loc parameter. network jelsoft | 4.3 |
| 2004-12-31 | CVE-2004-2287 | Directory Traversal vulnerability in DSM Light web File Browser 2.0 Directory traversal vulnerability in explorer.php in DSM Light Web File Browser 2.0 allows remote attackers to read arbitrary files via .. | 5.0 |
| 2004-12-31 | CVE-2004-2283 | Unspecified vulnerability in Daniel Barron Dansguardian Unknown vulnerability in DansGuardian before 2.6.1-13 allows remote attackers to bypass URL filters via a crafted request that causes a page to be added to the clean page cache. | 5.0 |
| 2004-12-31 | CVE-2004-2282 | Security Bypass vulnerability in Dansguardian DansGuardian before 2.7.7-2 allows remote attackers to bypass URL filters via a ".." in the request. | 5.0 |
| 2004-12-31 | CVE-2004-2280 | Java Applet vulnerability in IBM Lotus Notes Buffer overflow in IBM Lotus Notes 6.5.x before 6.5.3 and 6.0.x before 6.0.5 allows remote attackers to cause a denial of service (crash) via unknown vectors related to Java applets, as identified by KSPR62F4KN. | 5.0 |