Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-12-31 | CVE-2004-1995 | Cross-Site Request Forgery (CSRF) vulnerability in Fusetalk 2.0 Cross-Site Request Forgery (CSRF) vulnerability in FuseTalk 2.0 allows remote attackers to create arbitrary accounts via a link to adduser.cfm. | 6.5 |
| 2004-12-31 | CVE-2004-1960 | Unspecified vulnerability in Protector System Protector System 1.15B1 Cross-site scripting (XSS) vulnerability in blocker_query.php in Protector System 1.15b1 allows remote attackers to inject arbitrary web script or HTML via the (1) target or (2) portNum parameters. network protector-system | 4.3 |
| 2004-12-31 | CVE-2004-1958 | Remote Arbitrary File Overwrite vulnerability in Epic Games products Directory traversal vulnerability in manifest.ini in Unreal engine allows remote attackers to overwrite arbitrary files via .. | 5.0 |
| 2004-12-31 | CVE-2004-1953 | Multiple vulnerability in PHProfession 2.5 phProfession 2.5 allows remote attackers to gain sensitive information via a direct HTTP request to upload.php, which reveals the path in a PHP error message. | 5.0 |
| 2004-12-31 | CVE-2004-1951 | Remote File Overwrite vulnerability in Xine Xine, Xine-Lib and Xine-Ui xine 1.x alpha, 1.x beta, and 1.0rc through 1.0rc3a, and xine-ui 0.9.21 to 0.9.23 allows remote attackers to overwrite arbitrary files via the (1) audio.sun_audio_device or (2) dxr3.devicename options in an MRL link. | 5.0 |
| 2004-12-31 | CVE-2004-1937 | Multiple vulnerability in Nuked-Klan Multiple directory traversal vulnerabilities in Nuked-KlaN 1.4b and 1.5b allow remote attackers to read or include arbitrary files via .. | 5.0 |
| 2004-12-31 | CVE-2004-1913 | Multiple vulnerability in NukeCalendar Cross-site scripting (XSS) vulnerability in modules.php in NukeCalendar 1.1.a, as used in PHP-Nuke, allows remote attackers to inject arbitrary web script or HTML via the eid parameter. | 4.3 |
| 2004-12-31 | CVE-2004-1912 | Multiple vulnerability in NukeCalendar The (1) modules.php, (2) block-Calendar.php, (3) block-Calendar1.php, (4) block-Calendar_center.php scripts in NukeCalendar 1.1.a, as used in PHP-Nuke, allow remote attackers to obtain sensitive information via a URL with an invalid argument, which reveals the full path in an error message. | 5.0 |
| 2004-12-31 | CVE-2004-1911 | Cross-Site Scripting vulnerability in Azerbaijan Development Group Azdgdating 2.1.1 Cross-site scripting (XSS) vulnerability in AzDGDatingLite 2.1.1 allows remote attackers to inject arbitrary web script or HTML via the (1) l parameter (aka language variable) to index.php or (2) id parameter to view.php. network azerbaijan-development-group | 4.3 |
| 2004-12-31 | CVE-2004-1910 | Denial Of Service vulnerability in Symantec Security Check Virus Detection COM Object rufsi.dll in Symantec Virus Detection allows remote attackers to cause a denial of service (crash) via a long string to the GetPrivateProfileString function. | 5.0 |