Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-12-31 | CVE-2004-1539 | Remote Denial Of Service vulnerability in Gearbox Software Halo Game Client Halo: Combat Evolved 1.05 and earlier allows remote game servers to cause a denial of service (client crash) via a long value in a game server reply, which triggers a NULL dereference. | 5.0 |
| 2004-12-31 | CVE-2004-1537 | Input Validation vulnerability in PHPkit 1.6.02/1.6.03/1.6.1 Cross-site scripting (XSS) vulnerability in popup.php in PHPKIT 1.6.03 through 1.6.1 allows remote attackers to execute arbitrary web script via the img parameter. network phpkit | 4.3 |
| 2004-12-31 | CVE-2004-1534 | Remote Ad-Blocking Denial Of Service vulnerability in Zone Labs ZoneAlarm ZoneAlarm and ZoneAlarm Pro before 5.5.062, with ad-blocking enabled, allows remote web sites to cause a denial of service (application instability or system hang) via certain JavaScript. | 5.0 |
| 2004-12-31 | CVE-2004-1533 | Remote Buffer Overrun vulnerability in Digital Mappings Systems Pop3 Server 1.5.3Build37 Buffer overflow in pop3svr.exe for DMS POP3 1.5.3.27 and earlier allows remote attackers to cause a denial of service (service crash) via a long (1) username or (2) password. | 5.0 |
| 2004-12-31 | CVE-2004-1529 | Remote vulnerability in ROB Sutton PHP-Nuke Event Calendar 2.13 Cross-site scripting (XSS) vulnerability in the Event Calendar module 2.13 for PHP-Nuke allows remote attackers to execute arbitrary web script via the (1) type, (2) day, (3) month, or (4) year parameters in a Preview operation, or (5) event comments. network rob-sutton | 4.3 |
| 2004-12-31 | CVE-2004-1528 | Remote vulnerability in ROB Sutton PHP-Nuke Event Calendar 2.13 The Event Calendar module 2.13 for PHP-Nuke allows remote attackers to gain sensitive information via an HTTP request to (1) config.php, (2) index.php, or (3) submit.php, which reveal the full path in an error message. | 5.0 |
| 2004-12-31 | CVE-2004-1527 | Microsoft Internet Explorer 6.0 SP1 does not properly handle certain character strings in the Path attribute, which can cause it to modify cookies in other domains when the attacker's domain name is within the target's domain name or when wildcard DNS is being used, which allows remote attackers to hijack web sessions. network low complexity | 5.0 |
| 2004-12-31 | CVE-2004-1525 | Remote vulnerability in New Media Generation Hired Team: Trial Hired Team: Trial 2.0 and earlier and 2.200 allows remote attackers to cause a denial of service (application crash) via the status command. | 5.0 |
| 2004-12-31 | CVE-2004-1524 | Remote vulnerability in NEW Media Generation Hired Team Trial 2.1/2.2 Hired Team: Trial 2.0 and earlier and 2.200 allows remote attackers to cause a denial of service (game interruption) via a malformed UDP packet sent to a game port, such as port 29200. | 5.0 |
| 2004-12-31 | CVE-2004-1523 | Remote vulnerability in NEW Media Generation Hired Team Trial 2.0/2.1/2.2 Format string vulnerability in the game console in Hired Team: Trial 2.0 and earlier and 2.200 allows remote attackers to cause a denial of service (application crash) via format string specifiers in a message. | 5.0 |