Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-12-31 | CVE-2004-2334 | Multiple vulnerability in Emumail EMU Webmail 5.2.7 Multiple cross-site scripting (XSS) vulnerabilities in EMU Webmail 5.2.7 allow remote attackers to inject arbitrary web script or HTML via (1) a hex-encoded value to the variable parameter in emumail.fcgi, (2) the folder parameter in emumail.fcgi, or Javascript in the (3) username or (4) password field in the login page. network emumail | 4.3 |
| 2004-12-31 | CVE-2004-2333 | Unspecified vulnerability in Bodington 2.1.0Rc1/2.1.0Rc2/2.1.0Rc3 Bodington 2.1.0 RC1 and earlier does not secure the file upload area, which allows remote attackers to read uploaded files. | 5.0 |
| 2004-12-31 | CVE-2004-2332 | HTML Injection vulnerability in Cpan WWW Form 1.12 Multiple cross-site scripting (XSS) vulnerabilities in CPAN WWW::Form before 1.13 allow remote attackers to inject arbitrary web script or HTML via unknown vectors. network cpan | 4.3 |
| 2004-12-31 | CVE-2004-2331 | Unsafe Reflection vulnerability in Macromedia Coldfusion 6.1 ColdFusion MX 6.1 and 6.1 J2EE allows local users to bypass sandbox security restrictions and obtain sensitive information by using Java reflection methods to access trusted Java objects without using the CreateObject function or cfobject tag. | 5.5 |
| 2004-12-31 | CVE-2004-2330 | Denial of Service vulnerability in Macromedia Coldfusion 6.1 ColdFusion MX 6.1 and 6.1 J2EE allows remote attackers to cause a denial of service via an HTTP request containing a large number of form fields. | 5.0 |
| 2004-12-31 | CVE-2004-2328 | Denial Of Service vulnerability in Clearswift MAILsweeper For SMTP RAR Archive Clearswift MAILsweeper for SMTP before 4.3_13 allows remote attackers to cause a denial of service (infinite loop) via an e-mail with a crafted RAR archive attached. | 5.0 |
| 2004-12-31 | CVE-2004-2327 | Remote Denial of Service vulnerability in Vizer web Server Vizer web Server 1.9.1 Vizer Web Server 1.9.1 allows remote attackers to cause a denial of service (crash) via multiple malformed requests including (1) requests without GET, (2) GET requests without HTTP, (3) or long GET requests. | 5.0 |
| 2004-12-31 | CVE-2004-2325 | Multiple vulnerability in DotNetNuke Cross-site scripting (XSS) vulnerability in EditModule.aspx for DotNetNuke (formerly IBuySpy Workshop) 1.0.6 through 1.0.10d allows remote attackers to inject arbitrary web script or HTML. network dotnetnuke | 4.3 |
| 2004-12-31 | CVE-2004-2323 | Multiple vulnerability in DotNetNuke DotNetNuke (formerly IBuySpy Workshop) 1.0.6 through 1.0.10d allows remote attackers to obtain sensitive information, including the SQL server username and password, via a GET request for source or configuration files such as Web.config. | 5.0 |
| 2004-12-31 | CVE-2004-2320 | Information Exposure vulnerability in BEA Weblogic Server The default configuration of BEA WebLogic Server and Express 8.1 SP2 and earlier, 7.0 SP4 and earlier, 6.1 through SP6, and 5.1 through SP13 responds to the HTTP TRACE request, which can allow remote attackers to steal information using cross-site tracing (XST) attacks in applications that are vulnerable to cross-site scripting. | 5.8 |