Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-12-31 | CVE-2004-2177 | Remote Input Validation vulnerability in Devoybb web Forum 1.0 Cross-site scripting (XSS) vulnerability in DevoyBB Web Forum 1.0.0 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. network devoybb | 4.3 |
| 2004-12-31 | CVE-2004-2176 | Unspecified vulnerability in Microsoft Windows XP The Internet Connection Firewall (ICF) in Microsoft Windows XP SP2 is configured by default to trust sessmgr.exe, which allows local users to use sessmgr.exe to create a local listening port that bypasses the ICF access controls. | 4.6 |
| 2004-12-31 | CVE-2004-2174 | Multiple vulnerability in EarlyImpact ProductCart Cross-site scripting (XSS) vulnerability in Custva.asp in EarlyImpact ProductCart allows remote attackers to inject arbitrary Javascript via the redirectUrl parameter. network early-impact | 4.3 |
| 2004-12-31 | CVE-2004-2171 | Cross-Site Scripting vulnerability in Cherokee Error Page Cross-site scripting (XSS) vulnerability in Cherokee before 0.4.8 allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly quoted in the resulting error page. network cherokee | 4.3 |
| 2004-12-31 | CVE-2004-2170 | Remote Directory Traversal vulnerability in Niti Telecom Caravan Business Server 2.0003D Directory traversal vulnerability in sample_showcode.html in Caravan 2.00/03d and earlier allows remote attackers to read arbitrary files via the fname parameter. | 5.0 |
| 2004-12-31 | CVE-2004-2168 | Denial-Of-Service vulnerability in Baardsen Software Basomail Server 1.24 BaSoMail 1.24 allows remote attackers to cause a denial of service (CPU consumption) via multiple connections to TCP port (1) 25 (SMTP) or (2) 110 (POP3). | 5.0 |
| 2004-12-31 | CVE-2004-2165 | Remote Denial Of Service vulnerability in Impressions Games Lords of the Realm III Nickname Lords of the Realm III 1.01 and earlier, when in the lobby stage, allows remote attackers to cause a denial of service (crash from unallocated memory write) via a long user nickname. | 5.0 |
| 2004-12-31 | CVE-2004-2164 | Denial Of Service vulnerability in Virtual Programming Vp-Asp 5.0 shoprestoreorder.asp in VP-ASP 5.0 does not close the database connection when a user restores a previous order, which allows remote attackers to cause a denial of service (connection consumption). | 5.0 |
| 2004-12-31 | CVE-2004-2162 | Remote Input Validation vulnerability in Tutos 1.120040414 Multiple cross-site scripting (XSS) vulnerabilities in TUTOS 1.1 allow remote attackers to inject arbitrary web script or HTML via (1) the search field of the Address Module or (2) the t parameter to app_new.php. network tutos | 4.3 |
| 2004-12-31 | CVE-2004-2160 | Denial-Of-Service vulnerability in Xmlstarlet Command Line XML Toolkit 0.9.3 Format string vulnerability in xml_elem.c for XMLStarlet Command Line XML Toolkit 0.9.3 may allow attackers to cause a denial of service or execute arbitrary code. | 6.4 |