Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-12-31 | CVE-2004-1431 | Remote File Access vulnerability in Joe Lumbroso FormMail.php Arbitrary FormMail.php 5.0, and possibly other versions, allows remote attackers to read arbitrary files via a full pathname in the ar_file (auto-reply) parameter. | 5.0 |
| 2004-12-31 | CVE-2004-1426 | Remote File Include vulnerability in Korweblog 1.6.1/1.6.2Cvs Directory traversal vulnerability in index.php in KorWeblog 1.6.2-cvs and earlier allows remote attackers to read arbitrary files and execute arbitrary PHP files via .. | 5.0 |
| 2004-12-31 | CVE-2004-1425 | Unspecified vulnerability in Moodle Directory traversal vulnerability in file.php in Moodle 1.4.2 and earlier allows remote attackers to read arbitrary session files for known session IDs via a .. | 5.0 |
| 2004-12-31 | CVE-2004-1424 | Cross-Site Scripting vulnerability in Moodle Cross-site scripting (XSS) vulnerability in view.php in Moodle 1.4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter. | 4.3 |
| 2004-12-31 | CVE-2004-1422 | Remote vulnerability in WHM Autopilot 2.4.5/2.4.6/2.4.6.5 WHM AutoPilot 2.4.6.5 and earlier allows remote attackers to gain sensitive information via phpinfo, which reveals php settings. | 5.0 |
| 2004-12-31 | CVE-2004-1420 | Remote vulnerability in WHM Autopilot 2.4.5/2.4.6/2.4.6.5 Multiple cross-site scripting (XSS) vulnerabilities in header.php in WHM AutoPilot 2.4.6.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) site_title or (2) http_images parameter. network whm | 4.3 |
| 2004-12-31 | CVE-2004-1419 | Code Injection vulnerability in Zeroboard 4.1Pl2/4.1Pl3/4.1Pl4 PHP remote file inclusion vulnerability in ZeroBoard 4.1pl4 and earlier allows remote attackers to execute arbitrary PHP code by modifying the (1) _zb_path parameter to outlogin.php or (2) dir parameter to write.php to reference a URL on a remote web server that contains the code. | 6.8 |
| 2004-12-31 | CVE-2004-1418 | Remote Script Execution vulnerability in Wirtualna Polska WPKontakt Cross-site scripting (XSS) vulnerability in WPKontakt 3.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via an e-mail address, which is not quoted when a parsing error is generated. network wirtualna-polska | 4.3 |
| 2004-12-31 | CVE-2004-1416 | pnxr3260.dll in the RealOne 2.0 build 6.0.11.868 browser plugin, as used in Internet Explorer, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted embed tag. network high complexity | 5.1 |
| 2004-12-31 | CVE-2004-1415 | Remote SQL Injection vulnerability in 2Bgal 2.4/2.5.1 SQL injection vulnerability in (1) disp_album.php and possibly (2) disp_img.php in 2Bgal 2.4 and 2.5.1 allows remote attackers to execute arbitrary SQL commands via the id_album parameter. | 5.0 |