Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2004-12-31 CVE-2004-2510 Cross-Site Scripting vulnerability in UBBCentral UBB.threads
Cross-site scripting (XSS) vulnerability in showflat.php in Infopop UBB.Threads before 6.5 allows remote attackers to inject arbitrary web script or HTML via the Cat parameter.
network
ubbcentral
4.3
4.3
2004-12-31 CVE-2004-2509 Cross-Site Scripting vulnerability in Ubbcentral Ubb.Threads 6.2.3/6.5
Cross-site scripting (XSS) vulnerabilities in (1) calendar.php, (2) login.php, and (3) online.php in Infopop UBB.Threads 6.2.3 and 6.5 allow remote attackers to inject arbitrary web script or HTML via the Cat parameter.
network
ubbcentral
4.3
4.3
2004-12-31 CVE-2004-2508 Cross-Site Scripting vulnerability in Linksys Wvc11B 2.10
Cross-site scripting (XSS) vulnerability in main.cgi in Linksys WVC11B Wireless-B Internet Video Camera allows remote attackers to inject arbitrary web script or HTML via the next_file parameter.
network
linksys
4.3
4.3
2004-12-31 CVE-2004-2507 Unspecified vulnerability in Linksys Wvc11B 2.10
Absolute path traversal vulnerability in main.cgi in Linksys WVC11B Wireless-B Internet Video Camera allows remote attackers to read arbitrary files via an absolute pathname in the next_file parameter.
network
low complexity
linksys
5.0
5.0
2004-12-31 CVE-2004-2506 Information Disclosure vulnerability in Wikindx
Unparsed web content delivery vulnerability in WIKINDX before 0.9.9g allows remote attackers to obtain sensitive information via a direct HTTP request to the config.inc file.
network
low complexity
wikindx
5.0
5.0
2004-12-31 CVE-2004-2505 Denial Of Service vulnerability in Macromedia ColdFusion MX Oversized Error Message
Macromedia ColdFusion MX before 6.1 does not restrict the size of error messages, which allows remote attackers to cause a denial of service (memory consumption and crash) by sending repeated GET or POST requests that trigger error messages that use long strings of data.
network
low complexity
macromedia
5.0
5.0
2004-12-31 CVE-2004-2503 Remote Denial Of Service vulnerability in Inweb Mail Server 2.40
INweb Mail Server 2.40 allows remote attackers to cause a denial of service (crash) via a large number of connect/disconnect actions to the (1) POP3 and (2) SMTP services.
network
low complexity
inweb
5.0
5.0
2004-12-31 CVE-2004-2498 Cross-Site Scripting and Information Disclosure vulnerability in Hitachi Web Page Generator
Unspecified vulnerability in the error handler in Hitachi Web Page Generator and Web Page Generator Enterprise 4.01 and earlier, when using the default error template and debug mode is set to ON, allows remote attackers to determine internal directory structures via unknown attack vectors.
network
low complexity
hitachi
5.0
5.0
2004-12-31 CVE-2004-2497 Cross-Site Scripting and Information Disclosure vulnerability in Hitachi Web Page Generator
Cross-site scripting (XSS) vulnerability in the error handler in Hitachi Web Page Generator and Web Page Generator Enterprise 4.01 and earlier, when using the default error template and debug mode is set to ON, allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors.
network
hitachi
4.3
4.3
2004-12-31 CVE-2004-2494 Multiple vulnerability in Code-Crafters Ability Mail Server
Cross-site scripting (XSS) vulnerability in _error in Ability Mail Server 1.18 allows remote attackers to inject arbitrary web script or HTML via the erromsg parameter.
network
code-crafters
4.3
4.3