Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-12-31 | CVE-2004-1551 | Cross-Site Scripting vulnerability in PHP Arena Pafiledb 3.1 Cross-site scripting (XSS) vulnerability in the (1) email or (2) file modules in paFileDB 3.1 Final allows remote attackers to execute arbitrary web script or HTML via the id parameter. network php-arena | 4.3 |
| 2004-12-31 | CVE-2004-1549 | Remote vulnerability in Onnuri Infotek Activepost Standard 3.1 The conference menu in ActivePost Standard 3.1 sends passwords of password-protected rooms in cleartext, which could allow remote attackers to gain sensitive information by sniffing the network connection. | 5.0 |
| 2004-12-31 | CVE-2004-1548 | Remote vulnerability in Onnuri Infotek Activepost Standard 3.1 Directory traversal vulnerability in the file server in ActivePost Standard 3.1 allows remote authenticated users to upload arbitrary files via a .. | 5.0 |
| 2004-12-31 | CVE-2004-1547 | Remote vulnerability in ActivePost Messenger The file server in ActivePost Standard 3.1 and earlier allows remote authenticated users to cause a denial of service (application crash) via a long filename, possibly triggering a buffer overflow. | 5.0 |
| 2004-12-31 | CVE-2004-1546 | Remote Buffer Overflow vulnerability in Alt-N Mdaemon 6.5.1 Multiple buffer overflows in MDaemon 6.5.1 allow remote attackers to cause a denial of service (application crash) via a long (1) SAML, SOML, SEND, or MAIL command to the SMTP server or (2) LIST command to the IMAP server. | 5.0 |
| 2004-12-31 | CVE-2004-1545 | Remote Server-Side Script Execution vulnerability in Moniwiki 1.0.8/1.0.9/1.0.9.1 UploadFile.php in MoniWiki 1.0.9.2 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.hwp, which allows remote attackers to upload and execute arbitrary code. | 5.0 |
| 2004-12-31 | CVE-2004-1544 | Cross-Site Scripting vulnerability in Jspwiki 2.1.120/2.1.121/2.1.122 Cross-site scripting (XSS) vulnerability in Search.jsp in JSPWiki 2.1.120-cvs and earlier allows remote attackers to execute arbitrary web script as other users via the query parameter. network jspwiki | 4.3 |
| 2004-12-31 | CVE-2004-1543 | Remote Directory Listing vulnerability in Korweblog 1.6.2Cvs Directory traversal vulnerability in viewimg.php in KorWeblog 1.6.2-cvs and earlier allows remote attackers to list arbitrary directories via a .. | 5.0 |
| 2004-12-31 | CVE-2004-1542 | Buffer Overflow vulnerability in Raven Software Soldier Of Fortune 2 Buffer overflow in Soldier of Fortune II 1.03 Gold and earlier allows remote attackers to cause a denial of service (server or client crash) via a long (1) query or (2) reply. | 5.0 |
| 2004-12-31 | CVE-2004-1540 | Remote Administration Configuration Reset vulnerability in Zyxel Prestige and Zynos ZyXEL Prestige 623, 650, and 652 HW Routers, and possibly other versions, with HTTP Remote Administration enabled, does not require a password to access rpFWUpload.html, which allows remote attackers to reset the router configuration file. | 5.0 |