Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-12-31 | CVE-2004-1569 | Buffer Overflow vulnerability in Illustrate products Buffer overflow in (1) MusicConverter.exe, (2) playlist.exe, and (3) amp.exe in dBpowerAMP Audio Player 2.0 and dbPowerAmp Music Converter 10.0 allows remote attackers to cause a denial of service or execute arbitrary code via a .pls or .m3u playlist that contains long File1 (filename) fields. | 4.0 |
| 2004-12-31 | CVE-2004-1568 | Directory Traversal vulnerability in Parachat Server 5.5 Directory traversal vulnerability in ParaChat Server 5.5 allows remote attackers to read arbitrary files via a ..%5C (hex-encoded dot dot) in the URL. | 5.0 |
| 2004-12-31 | CVE-2004-1566 | Input Validation vulnerability in Silent-Storm Portal 2.1/2.2 Cross-site scripting (XSS) vulnerability in index.php in Silent Storm Portal 2.1 and 2.2 allows remote attackers to execute arbitrary web script or HTML via the module parameter. network silent-storm | 4.3 |
| 2004-12-31 | CVE-2004-1565 | Remote Input Validation vulnerability in W-Agora 4.1.6A list.php in w-Agora 4.1.6a allows remote attackers to reveal the full path via a crafted HTTP request, possibly involving a malformed id parameter. | 5.0 |
| 2004-12-31 | CVE-2004-1564 | Remote Input Validation vulnerability in W-Agora 4.1.6A CRLF injection vulnerability in subscribe_thread.php in w-Agora 4.1.6a allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the thread parameter. | 5.0 |
| 2004-12-31 | CVE-2004-1563 | Remote Input Validation vulnerability in W-Agora 4.1.6A Multiple cross-site scripting (XSS) vulnerabilities in w-Agora 4.1.6a allow remote attackers to execute arbitrary web script or HTML via the (1) thread parameter to download_thread.php, (2) loginuser parameter to login.php, or (3) userid parameter to forgot_password.php. network w-agora | 4.3 |
| 2004-12-31 | CVE-2004-1560 | Remote Denial Of Service vulnerability in Microsoft SQL Server 7.0 Microsoft SQL Server 7.0 allows remote attackers to cause a denial of service (mssqlserver service halt) via a long request to TCP port 1433, possibly triggering a buffer overflow. | 5.0 |
| 2004-12-31 | CVE-2004-1559 | Cross-Site Scripting vulnerability in Wordpress 1.2 Multiple cross-site scripting (XSS) vulnerabilities in Wordpress 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) redirect_to, text, popupurl, or popuptitle parameters to wp-login.php, (2) redirect_url parameter to admin-header.php, (3) popuptitle, popupurl, content, or post_title parameters to bookmarklet.php, (4) cat_ID parameter to categories.php, (5) s parameter to edit.php, or (6) s or mode parameter to edit-comments.php. network wordpress | 4.3 |
| 2004-12-31 | CVE-2004-1557 | Remote vulnerability in Mywebserver 1.0.3 MyWebServer 1.0.3 allows remote attackers to bypass authentication, modify configuration, and read arbitrary files via a direct HTTP request to (1) /admin or (2) ServerProperties.html. | 6.4 |
| 2004-12-31 | CVE-2004-1556 | Remote vulnerability in Mywebserver 1.0.3 MyWebServer 1.0.3 allows remote attackers to cause a denial of service (application crash) via a large number of connections within a short time. | 5.0 |