Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-12-31 | CVE-2004-2081 | Denial Of Service vulnerability in Karjasoft Sami FTP Server 1.1.3 The samiftp.dll library in Sami FTP Server 1.1.3 allows local users to cause a denial of service (pmsystem.exe crash) by issuing (1) a CD command with a tilde (~) character or dot dot (/../) or (2) a GET command for an unavailable file. | 5.0 |
| 2004-12-31 | CVE-2004-2076 | Cross-Site Scripting vulnerability in Jelsoft Vbulletin 3.0.0Rc4 Cross-site scripting (XSS) vulnerability in search.php for Jelsoft vBulletin 3.0.0 RC4 allows remote attackers to inject arbitrary web script or HTML via the query parameter. network jelsoft | 4.3 |
| 2004-12-31 | CVE-2004-2075 | Denial Of Service vulnerability in Sophos Anti-Virus MIME Header Handling Sophos Anti-Virus 3.78 allows remote attackers to cause a denial of service (infinite loop) via a MIME header that is not properly terminated. | 5.0 |
| 2004-12-31 | CVE-2004-2074 | Unspecified vulnerability in Bolintech Dream FTP Server 1.02 Format string vulnerability in Dream FTP 1.02 allows local users to cause a denial of service (crash) via format string specifiers in the (1) PASS or (2) RETR commands. | 5.0 |
| 2004-12-31 | CVE-2004-2072 | Cross-Site Scripting vulnerability in Mambo Open Source 4.6 Cross-site scripting (XSS) vulnerability in index.php for Mambo Open Source 4.6, and possibly earlier versions, allows remote attackers to execute script on other clients via the Itemid parameter. network mambo | 6.8 |
| 2004-12-31 | CVE-2004-2069 | Remote Denial Of Service vulnerability in OpenSSH LoginGraceTime sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly other versions, when using privilege separation, does not properly signal the non-privileged process when a session has been terminated after exceeding the LoginGraceTime setting, which leaves the connection open and allows remote attackers to cause a denial of service (connection consumption). | 5.0 |
| 2004-12-31 | CVE-2004-2068 | Denial-Of-Service vulnerability in Leafnode fetchnews in leafnode 1.9.47 and earlier allows remote attackers to cause a denial of service (process hang) via an empty NNTP news article with missing mandatory headers. | 5.0 |
| 2004-12-31 | CVE-2004-2063 | Input Validation vulnerability in AntiBoard Cross-site scripting (XSS) vulnerability in antiboard.php in AntiBoard 0.7.2 and earlier allows remote attackers to inject arbitrary HTML or web script via the feedback parameter. network antiboard | 4.3 |
| 2004-12-31 | CVE-2004-2060 | Multiple vulnerability in XLineSoft ASPRunner ASPRunner 2.4 stores the database under the web root in the db directory, which may allow remote attackers to obtain the database via a direct request to the database filename, which is predictable based on table and field names. | 5.0 |
| 2004-12-31 | CVE-2004-2059 | Multiple vulnerability in XLineSoft ASPRunner Multiple cross-site scripting vulnerabilities in ASPRunner 2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) SearchFor parameter in [TABLE-NAME]_search.asp, (2) SQL parameter in [TABLE-NAME]_edit.asp, (3) SearchFor parameter in [TABLE]_list.asp, or (4) SQL parameter in export.asp. | 5.0 |