Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2004-12-31 | CVE-2004-1738 | Cross-Site Scripting vulnerability in Jshop E-Commerce Jshop Server 1.2 Cross-site scripting (XSS) vulnerability in page.php in JShop allows remote attackers to inject arbitrary web script or HTML via the xPage parameter. network jshop-e-commerce | 4.3 |
2004-12-31 | CVE-2004-1736 | Unspecified vulnerability in the Cacti Group Cacti 0.8.5A Cacti 0.8.5a allows remote attackers to gain sensitive information via an HTTP request to (1) auth.php, (2) auth_login.php, (3) auth_changepassword.php, and possibly other php files, which reveal the installation path in a PHP error message. | 5.0 |
2004-12-31 | CVE-2004-1730 | Cross-Site Scripting vulnerability in Mantis Cross-site scripting (XSS) vulnerability in Mantis bugtracker allows remote attackers to inject arbitrary web script or HTML via (1) the return parameter to login_page.php, (2) e-mail field in signup.php, (3) action parameter to login_select_proj_page.php, or (4) hide_status parameter to view_all_set.php. network mantis | 4.3 |
2004-12-31 | CVE-2004-1723 | Information Disclosure vulnerability in PHP Fusion PHP Fusion 4.00 The (1) updateuser.php and (2) forums_prune.php scripts in PHP-Fusion 4.00 allow remote attackers to obtain sensitive information via a direct HTTP request, which reveals the installation path in an error message. | 5.0 |
2004-12-31 | CVE-2004-1593 | Cross-Site Scripting vulnerability in SCT Campus Pipeline Render.UserLayoutRootNode.uP Cross-site scripting (XSS) vulnerability in render.UserLayoutRootNode.uP in SCT Campus Pipeline allows remote attackers to inject arbitrary web script or HTML via the utf parameter. network sct-corporation | 4.3 |
2004-12-31 | CVE-2004-1590 | Information Disclosure vulnerability in Clientexec 2.2.1 Clientexec allows remote attackers to gain sensitive information via an HTTP request to phpinfo.php, which calls the phpinfo function. | 5.0 |
2004-12-31 | CVE-2004-1589 | Input Validation vulnerability in Go Smart Inc GoSmart Message Board Cross-site scripting (XSS) vulnerability in GoSmart Message Board allows remote attackers to execute inject web script or HTML via the (1) Category parameter to Forum.asp or (2) MainMessageID parameter to ReplyToQuestion.asp. network gosmart | 4.3 |
2004-12-31 | CVE-2004-1587 | Remote Buffer Overflow vulnerability in Monolith Lithtech Game Engine Buffer overflow in Monolith games including (1) Alien versus Predator 2 1.0.9.6 and earlier, (2) Blood 2 2.1 and earlier, (3) No one lives forever 1.004 and earlier and (4) Shogo 2.2 and earlier allows remote attackers to cause a denial of service (application crash) via a long secure Gamespy query. | 5.0 |
2004-12-31 | CVE-2004-1585 | Remote Denial of Service vulnerability in Jera Technology Flash Messaging 5.2/5.2G Flash Messaging 5.2.0g (rev 1.1.2) and earlier allows remote attackers to cause a denial of service (application crash) via certain wide characters. | 5.0 |
2004-12-31 | CVE-2004-1584 | Unspecified vulnerability in Wordpress 1.2 CRLF injection vulnerability in wp-login.php in WordPress 1.2 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the text parameter. | 5.0 |