Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-11-23 | CVE-2004-0244 | Improper Input Validation vulnerability in Cisco IOS 12.1E/12.2Sy/12.2Za Cisco 6000, 6500, and 7600 series systems with Multilayer Switch Feature Card 2 (MSFC2) and a FlexWAN or OSM module allow local users to cause a denial of service (hang or reset) by sending a layer 2 frame packet that encapsulates a layer 3 packet, but has inconsistent length values with that packet. | 4.7 |
| 2004-11-23 | CVE-2004-0242 | Remote Information Disclosure vulnerability in Qualiteam X-Cart X-Cart 3.4.3 allows remote attackers to gain sensitive information via a mode parameter with (1) phpinfo command or (2) perlinfo command. | 5.0 |
| 2004-11-23 | CVE-2004-0240 | Directory Traversal vulnerability in X-Cart Directory traversal vulnerability in X-Cart 3.4.3 allows remote attackers to view arbitrary files via a .. | 5.0 |
| 2004-11-23 | CVE-2004-0237 | Directory traversal vulnerability in index.php in Aprox PHP Portal allows remote attackers to read arbitrary files via a full pathname in the show parameter. | 5.0 |
| 2004-11-23 | CVE-2004-0203 | Cross-Site Scripting vulnerability in Microsoft Exchange Server 5.5 Cross-site scripting (XSS) vulnerability in Outlook Web Access for Exchange Server 5.5 Service Pack 4 allows remote attackers to insert arbitrary script and spoof content in HTML email or web caches via an HTML redirect query. | 4.3 |
| 2004-11-23 | CVE-2004-0081 | OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool. | 5.0 |
| 2004-11-03 | CVE-2004-0958 | Unspecified vulnerability in PHP php_variables.c in PHP before 5.0.2 allows remote attackers to read sensitive memory contents via (1) GET, (2) POST, or (3) COOKIE GPC variables that end in an open bracket character, which causes PHP to calculate an incorrect string length. | 5.0 |
| 2004-11-03 | CVE-2004-0938 | Attribute Decoding Denial Of Service vulnerability in FreeRADIUS FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (server crash) by sending an Ascend-Send-Secret attribute without the required leading packet. | 5.0 |
| 2004-11-03 | CVE-2004-0920 | Unspecified vulnerability in Symantec Norton Antivirus Symantec Norton AntiVirus 2004, and earlier versions, allows a virus or other malicious code to avoid detection or cause a denial of service (application crash) using a filename containing an MS-DOS device name. | 5.0 |
| 2004-11-03 | CVE-2004-0911 | Unspecified vulnerability in Debian Netkit 0.07/0.17 telnetd for netkit 0.17 and earlier, and possibly other versions, on Debian GNU/Linux allows remote attackers to cause a denial of service (free of an invalid pointer), a different vulnerability than CVE-2001-0554. | 5.0 |