Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-12-31 | CVE-2004-1788 | Remote User Database Access vulnerability in ASP-Nuke 1.0/1.2/1.3 ASP-Nuke 1.3 and earlier places user credentials under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to main.mdb. | 5.0 |
| 2004-12-31 | CVE-2004-1781 | Denial Of Service vulnerability in Info Touch Surfnet 1.31 Info Touch Surfnet kiosk allows local users to crash Surfnet and access the underlying operating system via the CMD_CREDITCARD_CHARGE command. | 4.6 |
| 2004-12-31 | CVE-2004-1780 | Unspecified vulnerability in Info Touch Surfnet 1.31 Info Touch Surfnet kiosk allows local users to deposit extra time into Internet kiosk accounts via repeated authentication attempts. | 4.6 |
| 2004-12-31 | CVE-2004-1779 | Cross-Site Scripting vulnerability in ThWboard board.php Cross-site scripting (XSS) vulnerability in board.php for ThWboard before beta 2.84 allows remote attackers to inject arbitrary web script or HTML via the lastvisited parameter. network thwboard | 4.3 |
| 2004-12-31 | CVE-2004-1777 | Improper Input Validation vulnerability in Skype Technologies Skype 0.98.0.04 A "range check error" in Skype for Windows before 0.98.0.28 allows local and remote attackers to cause a denial of service (application crash) via long command line arguments or a long callto:// URL, a different vulnerability than CVE-2004-1114. | 5.0 |
| 2004-12-31 | CVE-2004-1775 | Unspecified vulnerability in Cisco Catos and IOS Cisco VACM (View-based Access Control MIB) for Catalyst Operating Software (CatOS) 5.5 and 6.1 and IOS 12.0 and 12.1 allows remote attackers to read and modify device configuration via the read-write community string. | 5.0 |
| 2004-12-31 | CVE-2004-1772 | Buffer Overflow vulnerability in GNU Sharutils 4.2/4.2.1 Stack-based buffer overflow in shar in GNU sharutils 4.2.1 allows local users to execute arbitrary code via a long -o command line argument. | 4.6 |
| 2004-12-31 | CVE-2004-1757 | Unspecified vulnerability in BEA Weblogic Server 6.1/7.0/8.1 BEA WebLogic Server and Express 8.1, SP1 and earlier, stores the administrator password in cleartext in config.xml, which allows local users to gain privileges. | 4.6 |
| 2004-12-31 | CVE-2004-1750 | Remote Denial of Service vulnerability in VNC Realvnc 4.0 RealVNC 4.0 and earlier allows remote attackers to cause a denial of service (crash) via a large number of connections to port 5900. | 5.0 |
| 2004-12-31 | CVE-2004-1747 | HTML Injection vulnerability in Network Everywhere Nr041 1.2Release03 Cross-site scripting (XSS) vulnerability in NetworkEverywhere NR041 running firmware 1.2 Release 03 allows remote attackers to inject arbitrary web script or HTML via the DHCP HOSTNAME option. network network-everywhere | 4.3 |