Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2004-12-31 CVE-2004-2196 Remote Security vulnerability in Zanfi Solutions Zanfi CMS Lite 1.1
Zanfi CMS lite 1.1 allows remote attackers to obtain the full path of the web server via direct requests without required arguments to (1) adm_pages.php, (2) corr_pages.php, (3) del_block.php, (4) del_page.php, (5) footer.php, (6) home.php, and others.
network
low complexity
zanfi-solutions
5.0
5.0
2004-12-31 CVE-2004-2195 Remote File Include vulnerability in Zanfi Solutions Zanfi CMS Lite 1.1
PHP remote file inclusion vulnerability in index.php in Zanfi CMS lite 1.1 allows remote attackers to execute arbitrary PHP code via the inc parameter.
network
low complexity
zanfi-solutions
5.0
5.0
2004-12-31 CVE-2004-2194 Remote Denial Of Service vulnerability in MailEnable
MailEnable Professional Edition before 1.53 and Enterprise Edition before 1.02 allows remote attackers to cause a denial of service (crash) via malformed (1) SMTP or (2) IMAP commands.
network
low complexity
mailenable
5.0
5.0
2004-12-31 CVE-2004-2193 Cross-Site Scripting vulnerability in Cjoverkill 4.0.3
Cross-site scripting (XSS) vulnerability in trade.php for CJOverkill 4.0.3 allows remote attackers to inject arbitrary web script or HTML via the (1) tms[0] or (2) url parameters.
network
cjoverkill
4.3
4.3
2004-12-31 CVE-2004-2191 Input Validation vulnerability in Turbotraffictrader PHP 1.0
Cross-site scripting (XSS) vulnerability in ttt-webmaster.php in Turbo Traffic Trader PHP 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) msg[0] or (2) siteurl parameters. 		4.3
4.3
2004-12-31 CVE-2004-2190 Directory Traversal vulnerability in Unzoo 4.42
Directory traversal vulnerability in Unzoo 4.4-2 has unknown impact and attack vectors.
network
low complexity
unzoo
5.0
5.0
2004-12-31 CVE-2004-2188 Cross-Site Scripting And SQL Injection vulnerability in DMXReady Site Chassis Manager
Cross-site scripting (XSS) vulnerability in DMXReady Site Chassis Manager allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
network
dmxready
4.3
4.3
2004-12-31 CVE-2004-2187 Remote Input Validation vulnerability in Mediawiki 1.3.5
Unknown vulnerability in ImagePage for MediaWiki 1.3.5, related to "filename validation," has unknown impact and attack vectors.
network
low complexity
mediawiki
5.0
5.0
2004-12-31 CVE-2004-2185 Remote Input Validation vulnerability in Mediawiki 1.3.5
Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki 1.3.5 allow remote attackers to execute arbitrary scripts and/or SQL queries via (1) the UnicodeConverter extension, (2) raw page views, (3) SpecialIpblocklist, (4) SpecialEmailuser, (5) SpecialMaintenance, and (6) ImagePage.
network
mediawiki
6.8
6.8
2004-12-31 CVE-2004-2184 Directory Traversal vulnerability in Yak! Chat Client FTP Server
Directory traversal vulnerability in Digicraft Yak! server 2.0 through 2.1.2 allows remote attackers to read or write arbitrary files via "../" or "..\" sequences in commands such as (1) dir or (2) put.
network
low complexity
digicraft-software
6.4
6.4