Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-12-31 | CVE-2004-2104 | Multiple vulnerability in Novell Netware 5.1/6.0 Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote attackers to obtain sensitive server information, including the internal IP address, via a direct request to (1) snoop.jsp, (2) SnoopServlet, (3) env.bas, or (4) lcgitest.nlm. | 5.0 |
| 2004-12-31 | CVE-2004-2103 | Cross-Site Scripting vulnerability in Novell Netware 5.1/6.0 Cross-site scripting (XSS) vulnerability in Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote attackers to process arbitrary script or HTML as other users via (1) a malformed request for a Perl program with script in the filename, (2) the User.id parameter to the webacc servlet, (3) the GWAP.version parameter to webacc, or (4) a URL request for a .bas file with script in the filename. network novell | 4.3 |
| 2004-12-31 | CVE-2004-2102 | Cross-Site Scripting vulnerability in FREESCO Cross-site scripting (XSS) vulnerability in FREESCO 2.05, a modified version of thttpd, allows remote attackers to inject arbitrary web script or HTML via the test parameter. network freesco | 4.3 |
| 2004-12-31 | CVE-2004-2101 | Denial-Of-Service vulnerability in Geohttpserver The sysinfo script in GeoHttpServer allows remote attackers to cause a denial of service (crash) via a long pwd parameter, possibly triggering a buffer overflow. | 5.0 |
| 2004-12-31 | CVE-2004-2100 | Security Bypass vulnerability in Geohttpserver GeoHttpServer, when configured to authenticate users, allows remote attackers to bypass authentication and access unauthorized files via a URL that contains %0a%0a (encoded newlines). | 5.0 |
| 2004-12-31 | CVE-2004-2099 | Remote Buffer Overflow vulnerability in EA Black Box Need For Speed Hot Pursuit 2 Game Client Buffer overflow in Need for Speed Hot Pursuit 2.0 client (NFSHP2), version 242 and earlier, allows remote attackers (servers) to execute arbitrary code via long (1) gamename, (2) gamever, (3) hostname, (4) gametype, (5) mapname or (6) gamemode commands. | 5.1 |
| 2004-12-31 | CVE-2004-2098 | Unspecified vulnerability in Native Solutions TBE Banner Engine 4.0/5.0 Cross-site scripting (XSS) vulnerability in the banner engine (TBE) 5.0 allows remote attackers to execute arbitrary script as other users via the HTML banner view/preview capability. network native-solutions | 4.3 |
| 2004-12-31 | CVE-2004-2096 | Cross-Site Scripting vulnerability in Mephistoles Internet Suite Mephistoles Httpd 0.6Final/0.6P1/0.6P2 Cross-site scripting (XSS) vulnerability in Mephistoles httpd 0.6.0 final allows remote attackers to execute arbitrary script as other users by injecting arbitrary HTML or script into the URL. network mephistoles-internet-suite | 4.3 |
| 2004-12-31 | CVE-2004-2095 | Remote Virtual Host Detection vulnerability in Honeyd Honeyd before 0.8 replies to TCP packets with the SYN and RST flags set, which allows remote attackers to identify IP addresses that are being simulated by Honeyd. | 5.0 |
| 2004-12-31 | CVE-2004-2094 | Cross-Site Scripting vulnerability in Darkwet Webcam XP 1.6.945 Cross-site scripting (XSS) vulnerability in WebcamXP 1.06.945 allows remote attackers to inject arbitrary HTML or web script as other users via a URL that contains the script. network darkwet | 4.3 |