Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-12-31 | CVE-2004-2608 | Permissions, Privileges, and Access Controls vulnerability in Smartwebby Smart Guest Book 2 SmartWebby Smart Guest Book stores SmartGuestBook.mdb (aka the "news database") under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as the unencrypted username and password of the administrator's account. | 5.0 |
| 2004-12-31 | CVE-2004-2604 | Cross-Site Scripting vulnerability in PHProxy 0.1/0.2/0.3 Cross-site scripting (XSS) vulnerability in index.php in PHProxy allows remote attackers to inject arbitrary web script or HTML via the error parameter. network phproxy | 4.3 |
| 2004-12-31 | CVE-2004-2603 | Remote vulnerability in Help Center Live Cross-site scripting (XSS) vulnerability in the Search module in UberTec Help Center Live (HCL) allows remote attackers to inject arbitrary web script or HTML via the find parameter to index.php. network ubertec | 4.3 |
| 2004-12-31 | CVE-2004-2602 | Remote vulnerability in Help Center Live PHP remote file inclusion vulnerability in UberTec Help Center Live (HCL) before 1.2.7 allows remote attackers to execute arbitrary PHP code via a URL in the HCL_path parameter to pipe.php. network ubertec | 6.8 |
| 2004-12-31 | CVE-2004-2601 | Remote Security vulnerability in Ubertec Help Center Live 1.2.6 PHP remote file inclusion vulnerability in UberTec Help Center Live (HCL) allows remote attackers to read local files and possibly execute PHP code via a URL in the SKIN_inner parameter to inc/skin.php. | 6.4 |
| 2004-12-31 | CVE-2004-2600 | The firmware for Intelligent Platform Management Interface (IPMI) 1.5-based Intel Server Boards and Platforms is shipped with an Authentication Type Enables parameter set to an invalid None parameter, which allows remote attackers to obtain sensitive information when LAN management functionality is enabled. | 5.0 |
| 2004-12-31 | CVE-2004-2598 | Remote vulnerability in ID Software Quake II Server Quake II server before R1Q2, as used in multiple products, allows remote attackers to corrupt the server's client state data structure by exiting a session without a valid disconnect command, then reconnecting, which prevents a mod from being notified of changes in the client state. | 5.0 |
| 2004-12-31 | CVE-2004-2597 | Remote vulnerability in ID Software Quake II Server 3.20/3.21 Quake II server before R1Q2, as used in multiple products, allows remote attackers to bypass IP-based access control rules via a userinfo string that already contains an "ip" key/value pair but is also long enough to cause a new key/value pair to be truncated, which interferes with the server's ability to find the client's IP address. | 5.0 |
| 2004-12-31 | CVE-2004-2596 | Improper Input Validation vulnerability in ID Software Quake II Server 3.20/3.21 Quake II server before R1Q2, as used in multiple products, allows remote attackers to cause a denial of service (exhaustion of connection slots) via a large number of connections from the same IP address. | 5.0 |
| 2004-12-31 | CVE-2004-2595 | Remote vulnerability in ID Software Quake II Server Absolute path traversal vulnerability in Quake II server before R1Q2 on Linux, as used in multiple products, allows remote attackers to cause a denial of service (application crash) via a download command with a full pathname for a directory in the argument, which causes the server to crash when it cannot read data. | 5.0 |