Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-12-31 | CVE-2004-2125 | Local Buffer Overrun vulnerability in Internet Security Systems BlackICE PC Protection blackd.exe Buffer overflow in blackd.exe for BlackICE PC Protection 3.6 and other versions before 3.6.ccb, with application protection off, allows local users to gain system privileges by modifying the .INI file to contain a long packetLog.fileprefix value. | 4.6 |
| 2004-12-31 | CVE-2004-2124 | Remote Global Variable Injection vulnerability in Gallery The register_globals simulation capability in Gallery 1.3.1 through 1.4.1 allows remote attackers to modify the HTTP_POST_VARS variable and conduct a PHP remote file inclusion attack via the GALLERY_BASEDIR parameter, a different vulnerability than CVE-2002-1412. | 5.0 |
| 2004-12-31 | CVE-2004-2123 | Cross-Site Scripting vulnerability in E-Commerce Asp Engine Multiple cross-site scripting (XSS) vulnerabilities in Nextplace.com E-Commerce ASP Engine allow remote attackers to inject arbitrary web script or HTML via the (1) level parameter of productdetail.asp, (2) searchKey parameter of searchresults.asp, and possibly (3) level parameter of ListCategories.asp. network nextplace | 4.3 |
| 2004-12-31 | CVE-2004-2121 | Directory Traversal vulnerability in Borland Webserver for Corel Paradox Multiple directory traversal vulnerabilities in Borland Web Server (BWS) 1.0b3 and earlier allow remote attackers to read and download arbitrary files via (1) multi-dot "......" sequences, or (2) "%5c%2e%2e" (encoded "\..") sequences, in the URL. | 5.0 |
| 2004-12-31 | CVE-2004-2115 | Cross-Site Scripting vulnerability in Oracle Http Server 8.1.7/9.0.1/9.2.0 Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP Server 1.3.22, based on Apache, allow remote attackers to execute arbitrary script as other users via the (1) action, (2) username, or (3) password parameters in an isqlplus request. network oracle | 6.8 |
| 2004-12-31 | CVE-2004-2113 | Cross-Site Scripting vulnerability in Herberlin Bremsserver 1.2.4 Cross-site scripting (XSS) vulnerability in BremsServer 1.2.4 allows remote attackers to inject arbitrary web script or HTML via the URL. network herberlin | 4.3 |
| 2004-12-31 | CVE-2004-2112 | Directory Traversal vulnerability in Herberlin Bremsserver 1.2.4 Directory traversal vulnerability in BremsServer 1.2.4 allows remote attackers to read arbitrary files via ".." (dot dot) sequences in the URL. | 5.0 |
| 2004-12-31 | CVE-2004-2109 | Cross-Site Scripting vulnerability in QuadComm Q-Shop Multiple cross-site scripting (XSS) vulnerabilities in (1) imagezoom.asp or (2) recommend.asp in Q-Shop allow remote attackers to execute arbitrary script and steal the user session ID via Javascript in a URL. network quadcomm | 6.8 |
| 2004-12-31 | CVE-2004-2106 | Remote Security vulnerability in Novell Netware 5.1/6.0 Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote attackers to list directories via a direct request to (1) /com/, (2) /com/novell/, (3) /com/novell/webaccess, or (4) /ns-icons/. | 5.0 |
| 2004-12-31 | CVE-2004-2105 | Remote Security vulnerability in Novell Netware 5.1/6.0 The webacc servlet in Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote attackers to read arbitrary .htt files via a full pathname in the error parameter. | 5.0 |