Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-12-31 | CVE-2004-2058 | Multiple vulnerability in XLineSoft ASPRunner ASPRunner 2.4 allows remote attackers to gain sensitive information via (1) hidden form fields or (2) error messages. | 5.0 |
| 2004-12-31 | CVE-2004-2054 | HTTP Response Splitting vulnerability in PHPBB CRLF injection vulnerability in PhpBB 2.0.4 and 2.0.9 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via (1) the mode parameter to privmsg.php or (2) the redirect parameter to login.php. | 5.0 |
| 2004-12-31 | CVE-2004-2050 | Multiple vulnerability in eSeSIX Thintune Thin Client Devices eSeSIX Thintune thin clients running firmware 2.4.38 and earlier allow local users to gain privileges by pressing CTRL-SHIFT-ALT-DEL and entering the "maertsJ" password, which is hard-coded into lshell. | 4.6 |
| 2004-12-31 | CVE-2004-2049 | Multiple vulnerability in eSeSIX Thintune Thin Client Devices eSeSIX Thintune thin clients running firmware 2.4.38 and earlier store sensitive usernames and passwords in cleartext in configuration files for the keeper library, which allows attackers to gain access. | 4.6 |
| 2004-12-31 | CVE-2004-2046 | Denial Of Service vulnerability in APC Powerchute 6.0/7.1 Unknown vulnerability in APC PowerChute Business Edition 6.0 through 7.0.1 allows remote attackers to cause a denial of service via unknown attack vectors. | 5.0 |
| 2004-12-31 | CVE-2004-2045 | Denial Of Service vulnerability in Conceptronic Cadslr1 Adsl Router 3.04N The HTTP administration interface on Conceptronic CADSLR1 ADSL router running firmware 3.04n allows remote attackers to cause a denial of service (device reboot) via an HTTP request with a long username. | 5.0 |
| 2004-12-31 | CVE-2004-2020 | Input Validation vulnerability in PHP-Nuke Multiple cross-site scripting (XSS) vulnerabilities in Php-Nuke 6.x through 7.3 allow remote attackers to inject arbitrary HTML or web script into the (1) optionbox parameter in the News module, (2) date parameter in the Statistics module, (3) year, month, and month_1 parameters in the Stories_Archive module, (4) mode, order, and thold parameters in the Surveys module, or (5) a SQL statement to index.php, as processed by mainfile.php. network francisco-burzi | 4.3 |
| 2004-12-31 | CVE-2004-2019 | Input Validation vulnerability in PHP-Nuke The WebLinks module in Php-Nuke 6.x through 7.3 allows remote attackers to obtain sensitive information via an invalid show parameter, which displays the full path in a PHP error message. | 5.0 |
| 2004-12-31 | CVE-2004-2017 | Cross-Site Scripting and HTML Injection vulnerability in Turbotraffictrader C 1.0 Multiple cross-site scripting (XSS) vulnerabilities in Turbo Traffic Trader C (TTT-C) 1.0 allow remote attackers to inject arbitrary HTML or web script, as demonstrated via (1) the link parameter to ttt-out, (2) the X-Forwarded-For header in a GET request to ttt-in, (3) the Referer header in a GET request to ttt-in, or the (4) site name or (5) site URL fields in the main control panel. network turbotraffictrader | 4.3 |
| 2004-12-31 | CVE-2004-2015 | HTML Injection vulnerability in WebCT Campus Edition HTML Tags Cross-site scripting (XSS) vulnerability in WebCT Campus Edition allows remote attackers to inject arbitrary HTML or web script via (1) iframe, (2) img, or (3) object tags. network webct | 4.3 |