Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-12-31 | CVE-2004-2493 | Cross-Site Scripting And Directory Traversal vulnerability in Hitachi products Directory traversal vulnerability in Groupmax World Wide Web (GmaxWWW) 2 and 3, and Desktop 5, 6, and Desktop for Jichitai allows remote authenticated users to read arbitrary .html files via the template name parameter. | 4.0 |
| 2004-12-31 | CVE-2004-2492 | Cross-Site Scripting And Directory Traversal vulnerability in Groupmax World Wide Web Cross-site scripting (XSS) vulnerability in Groupmax World Wide Web (GmaxWWW) Desktop 5, 6, and Desktop for Jichitai 6, allows remote attackers to inject arbitrary web script or HTML via the QUERY parameter. network hitachi | 4.3 |
| 2004-12-31 | CVE-2004-2490 | Local Privilege Escalation vulnerability in IBM products Buffer overflow in IBM Informix Dynamic Server (IDS) 9.40.xC1 and 9.40.xC2 allows local users to execute arbitrary code via a long GL_PATH environment variable. | 4.6 |
| 2004-12-31 | CVE-2004-2489 | Local Privilege Escalation vulnerability in IBM Informix Format string vulnerability in IBM Informix Dynamic Server (IDS) before 9.40.xC3 allows local users to execute arbitrary code via a modified INFORMIXDIR environment variable that points to a file with format string specifiers in the filename. | 4.6 |
| 2004-12-31 | CVE-2004-2485 | Remote Configuration File Include vulnerability in PHP Live! Unspecified vulnerability in PHP Live! before 2.8.2, due to a "major security problem," allows remote attackers to include arbitrary files and directories via unspecified attack vectors. | 5.0 |
| 2004-12-31 | CVE-2004-2484 | Cross-Site Scripting vulnerability in PHP Gift Registry Cross-site scripting (XSS) vulnerability in PHP Gift Registry 1.3.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the message parameter to (1) event.php or (2) index.php. network php-gift-registry | 4.3 |
| 2004-12-31 | CVE-2004-2483 | Remote vulnerability in Kerio WinRoute Firewall Kerio WinRoute Firewall before 6.0.9 uses information from PTR queries in response to A queries, which allows remote attackers to poison the DNS cache or cause a denial of service (connection loss). | 6.4 |
| 2004-12-31 | CVE-2004-2482 | Unspecified vulnerability in Microsoft Outlook 2000/2003 Microsoft Outlook 2000 and 2003, when configured to use Microsoft Word 2000 or 2003 as the e-mail editor and when forwarding e-mail, does not properly handle an opening OBJECT tag that does not have a closing OBJECT tag, which causes Outlook to automatically download the URI in the data property of the OBJECT tag and might allow remote attackers to execute arbitrary code. | 5.0 |
| 2004-12-31 | CVE-2004-2481 | Local Security vulnerability in Myproxy 6.58 MyProxy 6.58 allows remote authenticated users in the Users Tab to connect to arbitrary hosts from the MyProxy server, possibly bypassing access restrictions, by connecting to the proxy and issuing a CONNECT command. | 4.6 |
| 2004-12-31 | CVE-2004-2480 | Unspecified vulnerability in National Science Foundation Squid web Proxy Cache 2.3Stable5 Squid Web Proxy Cache 2.3.STABLE5 allows remote attackers to bypass security controls and access arbitrary websites via "@@" sequences in a URL within Internet Explorer. | 5.0 |