Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-01-10 | CVE-2004-1294 | Unspecified vulnerability in Luke Mewburn Tnftp 20030825 The mget function in cmds.c for tnftp 20030825 allows remote FTP servers to overwrite arbitrary files via FTP responses containing file names with / (slash) characters. | 5.0 |
| 2005-01-10 | CVE-2004-1281 | Remote Security vulnerability in Junkie FTP Client 0.3.1 The ftp_retr function in junkie 0.3.1 allows remote malicious FTP servers to overwrite arbitrary files via .. | 5.0 |
| 2005-01-10 | CVE-2004-1277 | Remote Security vulnerability in Iglooftp 0.6.1 The download_selection_recursive() function in ftplist.c for IglooFTP 0.6.1 allows remote malicious FTP servers to overwrite arbitrary files via filenames that contain / (slash) characters. | 5.0 |
| 2005-01-10 | CVE-2004-1269 | lppasswd in CUPS 1.1.22 does not remove the passwd.new file if it encounters a file-size resource limit while writing to passwd.new, which causes subsequent invocations of lppasswd to fail. | 5.0 |
| 2005-01-10 | CVE-2004-1267 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Buffer overflow in the ParseCommand function in hpgl-input.c in the hpgltops program for CUPS 1.1.22 allows remote attackers to execute arbitrary code via a crafted HPGL file. | 6.5 |
| 2005-01-10 | CVE-2004-1233 | Denial-Of-Service vulnerability in Gadu-Gadu Instant Messenger Integer overflow in Gadu-Gadu allows remote attackers to cause a denial of service (disk consumption) via a user packet to the DCC file transfer capability with an invalid file length. | 5.0 |
| 2005-01-10 | CVE-2004-1231 | Directory Traversal vulnerability in Gadu-Gadu Instant Messenger Directory traversal vulnerability in Gadu-Gadu allows remote attackers to read arbitrary files via .. | 5.0 |
| 2005-01-10 | CVE-2004-1230 | Information Disclosure vulnerability in Gadu-Gadu Instant Messenger Gadu-Gadu allows remote attackers to gain sensitive information and read files from the _cache directory of other users via a DCC connection and a CTCP packet that contains a 1 as the type and a 4 as the subtype. | 5.0 |
| 2005-01-10 | CVE-2004-1228 | Denial-Of-Service vulnerability in Sugar Sales The install scripts in SugarCRM Sugar Sales 2.0.1c and earlier are not removed after installation, which allows attackers to obtain the MySQL administrative password in cleartext from an installation form, or to cause a denial of service by changing database settings to the default. | 6.4 |
| 2005-01-10 | CVE-2004-1226 | Information Disclosure vulnerability in SugarCRM SugarCRM Sugar Sales 2.0.1c and earlier allows remote attackers to gain sensitive information via certain requests to scripts that contain invalid input, which reveals the path in an error message, as demonstrated using phprint.php with an empty module parameter. | 5.0 |