Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-12-31 | CVE-2004-1198 | Microsoft Internet Explorer allows remote attackers to cause a denial of service (application crash from memory consumption), as demonstrated using Javascript code that continuously creates nested arrays and then sorts the newly created arrays. network low complexity | 5.0 |
| 2004-12-31 | CVE-2004-1186 | Multiple vulnerability in GNU Enscript 1.6.3 Multiple buffer overflows in enscript 1.6.3 allow remote attackers or local users to cause a denial of service (application crash). | 5.0 |
| 2004-12-31 | CVE-2004-1156 | Unspecified vulnerability in Mozilla Firefox and Mozilla Mozilla before 1.7.6, and Firefox before 1.0.1, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability. network mozilla | 4.3 |
| 2004-12-31 | CVE-2004-1150 | Remote Buffer Overflow vulnerability in Nullsoft Winamp Variant Stack-based buffer overflow in the in_cdda.dll plugin for Winamp 5.0 through 5.08c allows attackers to execute arbitrary code via a cda:// URL with a long (1) device name or (2) sound track number, as demonstrated with a .m3u or .pls playlist file. | 5.1 |
| 2004-12-31 | CVE-2004-1146 | Cross-Site Scripting vulnerability in CVSTrac Multiple cross-site scripting (XSS) vulnerabilities in (1) main.c and (2) login.c for CVSTrac before 1.1.5 allow remote attackers to inject arbitrary HTML and web script. network cvstrac | 4.3 |
| 2004-12-31 | CVE-2004-1049 | Integer Overflow vulnerability in Microsoft Windows LoadImage API Function Integer overflow in the LoadImage API of the USER32 Lib for Microsoft Windows allows remote attackers to execute arbitrary code via a .bmp, .cur, .ico or .ani file with a large image size field, which leads to a buffer overflow, aka the "Cursor and Icon Format Handling Vulnerability." | 5.1 |
| 2004-12-31 | CVE-2004-1043 | Unspecified vulnerability in Microsoft Internet Explorer and Windows XP Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to execute arbitrary code by using the "Related Topics" command in the Help ActiveX Control (hhctrl.ocx) to open a Help popup window containing the PCHealth tools.htm file in the local zone and injecting Javascript to be executed, as demonstrated using "writehta.txt" and the ADODB recordset, which saves a .HTA file to the local system, aka the "HTML Help ActiveX control Cross Domain Vulnerability." | 5.0 |
| 2004-12-31 | CVE-2004-0997 | Local Privilege Escalation vulnerability in Linux Kernel MIPS Ptrace Unspecified vulnerability in the ptrace MIPS assembly code in Linux kernel 2.4 before 2.4.17 allows local users to gain privileges via unknown vectors. | 4.6 |
| 2004-12-31 | CVE-2004-0979 | Unspecified vulnerability in Microsoft IE, Internet Explorer and Windows XP Internet Explorer on Windows XP does not properly modify the "Drag and Drop or copy and paste files" setting when the user sets it to "Disable" or "Prompt," which may enable security-sensitive operations that are inconsistent with the user's intended configuration. | 4.6 |
| 2004-12-31 | CVE-2004-0952 | Unspecified vulnerability in HP Hp-Ux HP-UX B.11.00 through B.11.23, when running Ignite-UX and using the add_new_client command, causes the TFTP server to set world-writable permissions on part of the directory tree, which allows remote attackers to modify data or cause disk consumption. | 6.4 |