Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-01-10 | CVE-2004-1148 | Unspecified vulnerability in PHPmyadmin phpMyAdmin before 2.6.1, when configured with UploadDir functionality, allows remote attackers to read arbitrary files via the sql_localfile parameter. | 5.0 |
| 2005-01-10 | CVE-2004-1136 | Denial-Of-Service vulnerability in Globalscape Cuteftp 6.0 Buffer overflow in CuteFTP Professional 6.0, and possibly other versions, allows remote FTP servers to cause a denial of service (application crash) via large replies to FTP commands. | 5.0 |
| 2005-01-10 | CVE-2004-1135 | Denial-Of-Service vulnerability in Ipswitch WS FTP Server 5.03 Multiple buffer overflows in WS_FTP Server 5.03 2004.10.14 allow remote attackers to cause a denial of service (service crash) via long (1) SITE, (2) XMKD, (3) MKD, and (4) RNFR commands. | 5.0 |
| 2005-01-10 | CVE-2004-1133 | Unspecified vulnerability in Microsoft W3Who.Dll Multiple cross-site scripting (XSS) vulnerabilities in Microsoft W3Who ISAPI (w3who.dll) allow remote attackers to inject arbitrary HTML and web script via (1) HTTP headers such as "Connection" or (2) invalid parameters whose values are echoed in the resulting error message. network microsoft | 6.8 |
| 2005-01-10 | CVE-2004-1130 | Remote vulnerability in Youngzsoft Cmailserver 5.2.0 Cross-site scripting (XSS) vulnerability in admin.asp in CMailServer 5.2 allows remote attackers to execute arbitrary web script or HTML via personal information fields, such as (1) username, (2) name, or (3) comments. network youngzsoft | 6.8 |
| 2005-01-10 | CVE-2004-1123 | Unspecified vulnerability in Apple products Darwin Streaming Server 5.0.1, and possibly earlier versions, allows remote attackers to cause a denial of service (server crash) via a DESCRIBE request with a location that contains a null byte. | 5.0 |
| 2005-01-10 | CVE-2004-1112 | Buffer Overflow Protection Bypass vulnerability in Cisco Security Agent The buffer overflow trigger in Cisco Security Agent (CSA) before 4.0.3 build 728 waits five minutes for a user response before terminating the process, which could allow remote attackers to bypass the buffer overflow protection by sending additional buffer overflow attacks within the five minute timeout period. | 5.1 |
| 2005-01-10 | CVE-2004-1111 | Denial-Of-Service vulnerability in 7600 Cisco IOS 2.2(18)EW, 12.2(18)EWA, 12.2(14)SZ, 12.2(18)S, 12.2(18)SE, 12.2(18)SV, 12.2(18)SW, and other versions without the "no service dhcp" command, keep undeliverable DHCP packets in the queue instead of dropping them, which allows remote attackers to cause a denial of service (dropped traffic) via multiple undeliverable DHCP packets that exceed the input queue size. | 5.0 |
| 2005-01-10 | CVE-2004-1109 | Denial Of Service vulnerability in Kerio Personal Firewall IP Options The FWDRV.SYS driver in Kerio Personal Firewall 4.1.1 and earlier allows remote attackers to cause a denial of service (CPU consumption and system freeze from infinite loop) via a (1) TCP, (2) UDP, or (3) ICMP packet with a zero length IP Option field. | 5.0 |
| 2005-01-10 | CVE-2004-1105 | Unspecified vulnerability in Nortel Contivity 4.91 Nortel Networks Contivity VPN Client displays a different error message depending on whether the username is valid or invalid, which could allow remote attackers to gain sensitive information. | 5.0 |