Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-12-31 | CVE-2004-2628 | Directory Traversal vulnerability in Acme Labs Thttpd 2.0.7Beta0.4 Multiple directory traversal vulnerabilities in thttpd 2.07 beta 0.4, when running on Windows, allow remote attackers to read arbitrary files via a URL that contains (1) a hex-encoded backslash dot-dot sequence ("%5C..") or (2) a drive letter (such as "C:"). | 5.0 |
| 2004-12-31 | CVE-2004-2625 | HTML Injection vulnerability in Outblaze Webmail Cross-site scripting (XSS) vulnerability in Outblaze Email allows remote attackers to inject arbitrary web script or HTML via Javascript in an attribute of an IMG tag. | 5.1 |
| 2004-12-31 | CVE-2004-2624 | Cross-Site Scripting vulnerability in Wackowiki R3/R3.5 Cross-site scripting (XSS) vulnerability in "TextSearch" in WackoWiki 3.5 allows remote attackers to inject arbitrary web script or HTML via the "phrase" parameter. network wackowiki | 4.3 |
| 2004-12-31 | CVE-2004-2621 | Unspecified vulnerability in Nortel Contivity Nortel Contivity VPN Client 2.1.7, 3.00, 3.01, 4.91, and 5.01, when opening a VPN tunnel, does not check the gateway certificate until after a dialog box has been displayed to the user, which creates a race condition that allows remote attackers to perform a man-in-the-middle (MITM) attack. | 4.0 |
| 2004-12-31 | CVE-2004-2620 | Remote Security vulnerability in Paul L Daniels Ripmime 1.3.1.0 The MIMEH_read_headers function in ripMIME 1.3.1.0 does not properly handle trailing "\r" and "\n" characters in headers, which leads to a buffer underflow. | 5.0 |
| 2004-12-31 | CVE-2004-2618 | Input Validation vulnerability in Pegasi web Server Pegasi web Server 0.2.2 Cross-site scripting (XSS) vulnerability in Pegasi Web Server (PWS) 0.2.2 allows remote attackers to inject arbitrary web script or HTML via the URI, directly after the initial '/' (slash). network pegasi-web-server | 4.3 |
| 2004-12-31 | CVE-2004-2617 | Input Validation vulnerability in Pegasi web Server Pegasi web Server 0.2.2 Directory traversal vulnerability in Pegasi Web Server (PWS) 0.2.2 allows remote attackers to read files outside of the web root via a .. | 5.0 |
| 2004-12-31 | CVE-2004-2615 | Local Security vulnerability in Cutephp Cutenews 1.3.6 The documentation for CuteNews 1.3.6 and possibly other versions specifies that files under cutenews/data must be manually given world-writable permissions, which allows local users to insert false news, delete news, and possibly gain privileges or have other unknown impact. | 4.6 |
| 2004-12-31 | CVE-2004-2611 | Denial-Of-Service vulnerability in Sophster The Change Permissions function in the Sophster suite before 0.9.6 28 May 2004 (aka 0.9.6-r5), possibly including Sophster, FreeSophster, and FreeSophsterPAM, removes the (1) setuid, (2) setgid, and (3) sticky bits when changing a file, which might allow attackers to gain privileges or conduct other unauthorized activities. | 4.6 |
| 2004-12-31 | CVE-2004-2610 | Local Security vulnerability in Mntd mntd_mount.c in mntd before 0.4.2 might allow local users to gain privileges via shell metacharacters in a remount option in the configuration file. | 4.6 |