Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-12-31 | CVE-2004-2213 | Multiple vulnerability in Mbedthis Software AppWeb HTTP Server Mbedthis AppWeb HTTP server before 1.1.3 allows remote attackers to obtain the source code for scripts via a (1) trailing dot (".") or (2) trailing space in an HTTP request. | 5.0 |
| 2004-12-31 | CVE-2004-2211 | Remote Input Validation vulnerability in Alivesites Forum 2.0 Cross-site scripting (XSS) vulnerability in AliveSites Forums 2.0 allows remote attackers to inject arbitrary web script or HTML via the (1) forum_id, (2) method, or (3) forum_title parameters to post.asp, (4) the forum_title parameter to forum.asp, or (5) the id parameter to post.asp. network alivesites | 4.3 |
| 2004-12-31 | CVE-2004-2210 | Cross-Site Scripting vulnerability in Express-Web Content Management System Multiple cross-site scripting (XSS) vulnerabilities in Express-Web Content Management System (CMS) allow remote attackers to steal cookie-based authentication information and possibly perform other exploits via the (1) n, (2) b, (3) e, or (4) a parameters to default.asp, (5) the Referer header in an HTTP request to login.asp, or (6) the email parameter to subscribe/default.asp. network express-web | 4.3 |
| 2004-12-31 | CVE-2004-2208 | Remote Input Validation vulnerability in Ideal Science IdealBB CRLF injection vulnerability in Ideal Science IdealBB 1.4.9 through 1.5.3 allows remote attackers to conduct HTTP response splitting attacks via unknown vectors. | 5.0 |
| 2004-12-31 | CVE-2004-2207 | Remote Input Validation vulnerability in Ideal Science IdealBB Cross-site scripting (XSS) vulnerability in Ideal Science IdealBB 1.4.9 through 1.5.3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. network ideal-science | 4.3 |
| 2004-12-31 | CVE-2004-2200 | Remote vulnerability in DUware Software Cross-site scripting (XSS) vulnerability in DUware DUforum 3.0 through 3.1 allows remote attackers to inject arbitrary web script or HTML via via the message text. network duware | 4.3 |
| 2004-12-31 | CVE-2004-2199 | Remote vulnerability in Duware Duclassified 4.0 Cross-site scripting (XSS) vulnerability in DUware DUclassified 4.0 allows remote attackers to inject arbitrary web script or HTML via the message text. network duware | 4.3 |
| 2004-12-31 | CVE-2004-2198 | Remote vulnerability in DUware Software account.asp in DUware DUclassmate 1.0 through 1.1 allows remote attackers to change the passwords for arbitrary users by modifying the MM_recordId parameter on the "My Account" page. | 6.4 |
| 2004-12-31 | CVE-2004-2196 | Remote Security vulnerability in Zanfi Solutions Zanfi CMS Lite 1.1 Zanfi CMS lite 1.1 allows remote attackers to obtain the full path of the web server via direct requests without required arguments to (1) adm_pages.php, (2) corr_pages.php, (3) del_block.php, (4) del_page.php, (5) footer.php, (6) home.php, and others. | 5.0 |
| 2004-12-31 | CVE-2004-2195 | Remote File Include vulnerability in Zanfi Solutions Zanfi CMS Lite 1.1 PHP remote file inclusion vulnerability in index.php in Zanfi CMS lite 1.1 allows remote attackers to execute arbitrary PHP code via the inc parameter. | 5.0 |