Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2004-12-31 | CVE-2004-2259 | Denial of Service vulnerability in Beasts Vsftpd 1.2.0/1.2.1 vsftpd before 1.2.2, when under heavy load, allows attackers to cause a denial of service (crash) via a SIGCHLD signal during a malloc or free call, which is not re-entrant. | 5.0 |
2004-12-31 | CVE-2004-2256 | Directory Traversal vulnerability in phpMyFAQ Lang Parameter Directory traversal vulnerability in phpMyFAQ 1.4.0 alpha allows remote attackers to read arbitrary files, and possibly execute local PHP files, via .. | 5.0 |
2004-12-31 | CVE-2004-2255 | Unspecified vulnerability in PHPmyfaq 1.3.12 Directory traversal vulnerability in phpMyFAQ 1.3.12 allows remote attackers to read arbitrary files, and possibly execute local PHP files, via the action variable, which is used as part of a template filename. | 6.4 |
2004-12-31 | CVE-2004-2253 | Directory Traversal vulnerability in Netwin Surgeldap 1.0D/1.0E/1.0G Directory traversal vulnerability in user.cgi in SurgeLDAP 1.0g and earlier allows remote attackers to read arbitrary files via a .. | 5.0 |
2004-12-31 | CVE-2004-2251 | Remote Security vulnerability in Security Linux The PPTP server in Astaro Security Linux before 4.024 provides information about its version, which makes it easier for remote attackers to construct specialized attacks. | 5.0 |
2004-12-31 | CVE-2004-2246 | Cross-Site Scripting vulnerability in Goollery 0.3 Cross-site scripting (XSS) vulnerability in Goollery before 0.04b allows remote attackers to inject arbitrary HTML or web script via the conversation_id parameter to viewpic.php. network goollery | 4.3 |
2004-12-31 | CVE-2004-2245 | Cross-Site Scripting vulnerability in Goollery 0.3 Cross-site scripting (XSS) vulnerability in Goollery 0.03 allows remote attackers to inject arbitrary HTML or web script via the (1) page parameter to viewalbum.php or (2) btopage parameter to viewpic.php. network goollery | 4.3 |
2004-12-31 | CVE-2004-2244 | Denial Of Service vulnerability in Oracle Application Server and Oracle9I The XML parser in Oracle 9i Application Server Release 2 9.0.3.0 and 9.0.3.1, 9.0.2.3 and earlier, and Release 1 1.0.2.2 and 1.0.2.2.2, and Database Server Release 2 9.2.0.1 and later, allows remote attackers to cause a denial of service (CPU and memory consumption) via a SOAP message containing a crafted DTD. | 5.0 |
2004-12-31 | CVE-2004-2242 | Cross-Site Scripting vulnerability in Phorum 5.0.7Beta Cross-site scripting (XSS) vulnerability in search.php in Phorum, possibly 5.0.7 beta and earlier, allows remote attackers to inject arbitrary HTML or web script via the subject parameter. network phorum | 4.3 |
2004-12-31 | CVE-2004-2241 | Cross-Site Scripting and SQL Injection vulnerability in Phorum 5.0.11 Cross-site scripting (XSS) vulnerability in Phorum 5.0.11 and earlier allows remote attackers to inject arbitrary HTML or web script via search.php. network phorum | 4.3 |