Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-12-31 | CVE-2004-1584 | Unspecified vulnerability in Wordpress 1.2 CRLF injection vulnerability in wp-login.php in WordPress 1.2 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the text parameter. | 5.0 |
| 2004-12-31 | CVE-2004-1583 | Directory Traversal vulnerability in TriDComm Built-in FTP Server Directory traversal vulnerability in the FTP server in TriDComm 1.3 and earlier allows remote attackers to read or write arbitrary files via a .. | 6.4 |
| 2004-12-31 | CVE-2004-1581 | Information Disclosure vulnerability in Blackboard 1.5.1 BlackBoard 1.5.1 allows remote attackers to gain sensitive information via a direct request to (1) checkdb.inc.php, (2) admin.inc.php or (3) cp.inc.php, which reveals the path in a PHP error message. | 5.0 |
| 2004-12-31 | CVE-2004-1579 | Information Disclosure vulnerability in Devellion Cubecart 2.0.1 index.php in CubeCart 2.0.1 allows remote attackers to gain sensitive information via an HTTP request with an invalid cat_id parameter, which reveals the full path in a PHP error message. | 5.0 |
| 2004-12-31 | CVE-2004-1578 | Cross-Site Scripting vulnerability in Invision Power Services Invision Power Board 2.0.0 Cross-site scripting (XSS) vulnerability in index.php in Invision Power Board 2.0.0 allows remote attackers to execute arbitrary web script or HTML via the Referer field in the HTTP header. network invision-power-services | 4.3 |
| 2004-12-31 | CVE-2004-1577 | Information Disclosure vulnerability in Phplinks index.php in PHP Links allows remote attackers to gain sensitive information via an invalid show parameter, which reveals the full path in an error message. | 5.0 |
| 2004-12-31 | CVE-2004-1576 | Format string vulnerability in Judge Dredd: Dredd vs. | 5.0 |
| 2004-12-31 | CVE-2004-1575 | Denial Of Service vulnerability in Apache Xerces-C++ 2.5.0 The XML parser in Xerces-C++ 2.5.0 allows remote attackers to cause a denial of service (CPU consumption) via XML attributes in a crafted XML document. | 5.0 |
| 2004-12-31 | CVE-2004-1572 | Unspecified vulnerability in Aj-Fork 167 AJ-Fork 167 does not restrict access to directories such as (1) data, (2) inc, (3) plugins, (4) skins, or (5) tools, which allows remote attackers to list files in those directories via a direct HTTP request. | 5.0 |
| 2004-12-31 | CVE-2004-1571 | Information Disclosure vulnerability in Aj-Fork 167 AJ-Fork 167 allows remote attackers to gain sensitive information via a direct request to (1) auto-acronyms.php, (2) auto-archive.php, (3) ount-article-views.php, (4) kses.php, (5) custom-quick-tags.php, (6) disable-all-comments.php, (7) easy-date-format.php, (8) enable-disable-comments.php, (9) filter-by-author.php, (10) format-switcher.php, (11) long-to-short.php, (12) prospective-posting.php, or (13) sort-by-xfield.php, which displays the full path in an error message. | 5.0 |