Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-12-31 | CVE-2004-0789 | Denial Of Service vulnerability in Multiple Vendor DNS Response Flooding Multiple implementations of the DNS protocol, including (1) Poslib 1.0.2-1 and earlier as used by Posadis, (2) Axis Network products before firmware 3.13, and (3) Men & Mice Suite 2.2x before 2.2.3 and 3.5.x before 3.5.2, allow remote attackers to cause a denial of service (CPU and network bandwidth consumption) by triggering a communications loop via (a) DNS query packets with localhost as a spoofed source address, or (b) a response packet that triggers a response packet. | 5.0 |
| 2004-12-31 | CVE-2004-0592 | Denial-Of-Service vulnerability in Suse Linux 2.6.5 The tcp_find_option function of the netfilter subsystem for IPv6 in the SUSE Linux 2.6.5 kernel with USAGI patches, when using iptables and TCP options rules, allows remote attackers to cause a denial of service (CPU consumption by infinite loop) via a large option length that produces a negative integer after a casting operation to the char type, a similar flaw to CVE-2004-0626. | 5.0 |
| 2004-12-31 | CVE-2004-0498 | Denial-Of-Service vulnerability in Firewall Engine The H.323 protocol agent in StoneSoft firewall engine 2.2.8 and earlier allows remote attackers to cause a denial of service (crash) via crafted H.323 packets. | 5.0 |
| 2004-12-31 | CVE-2004-0467 | Remote Denial Of Service vulnerability in Juniper Networks JUNOS Juniper JUNOS 5.x through JUNOS 7.x allows remote attackers to cause a denial of service (routing disabled) via a large number of MPLS packets, which are not filtered or verified before being sent to the Routing Engine, which reduces the speed at which other packets are processed. | 5.0 |
| 2004-12-31 | CVE-2004-0465 | Unspecified vulnerability in Openconnect Webconnect 6.4.4/6.5 Directory traversal vulnerability in jretest.html in WebConnect 6.5 and 6.4.4, and possibly earlier versions, allows remote attackers to read keys within arbitrary INI formatted files via "..//" sequences in the WCP_USER parameter. | 5.0 |
| 2004-12-30 | CVE-2004-1376 | Unspecified vulnerability in Microsoft Internet Explorer 5.01/5.5/6.0 Directory traversal vulnerability in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote malicious FTP servers to overwrite arbitrary files via .. | 5.0 |
| 2004-12-29 | CVE-2004-1316 | Remote Heap Overflow vulnerability in Mozilla Browser Network News Transport Protocol Heap-based buffer overflow in MSG_UnEscapeSearchUrl in nsNNTPProtocol.cpp for Mozilla 1.7.3 and earlier allows remote attackers to cause a denial of service (application crash) via an NNTP URL (news:) with a trailing '\' (backslash) character, which prevents a string from being NULL terminated. | 5.0 |
| 2004-12-28 | CVE-2004-1062 | Unspecified vulnerability in Viewcvs 0.9.2 Multiple cross-site scripting (XSS) vulnerabilities in ViewCVS 0.9.2 allow remote attackers to inject arbitrary HTML and web script via certain error messages. network viewcvs | 4.3 |
| 2004-12-23 | CVE-2004-2130 | Cross-Site Scripting vulnerability in PHPbb Group PHPbb 2.0.6 Multiple cross-site scripting (XSS) vulnerabilities in privmsg.php in phpBB 2.0.6 allow remote attackers to execute arbitrary script or HTML via the (1) folder or (2) mode variables. network phpbb-group | 4.3 |
| 2004-12-23 | CVE-2004-1375 | Privilege Escalation vulnerability in HP-UX System Administration Manager Unknown vulnerability in System Administration Manager (SAM) in HP-UX B.11.00, B.11.11, B.11.22, and B.11.23 allows local users to gain privileges. | 4.6 |