Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-11-03 | CVE-2004-0845 | Unspecified vulnerability in Microsoft IE and Internet Explorer Internet Explorer 5.01, 5.5, and 6 does not properly cache SSL content, which allows remote attackers to obtain information or spoof content via a web site with the same host name as the target web site, whose content is cached and reused when the user visits the target web site. | 6.4 |
| 2004-11-03 | CVE-2004-0844 | Unspecified vulnerability in Microsoft IE 6 Internet Explorer 6 on Double Byte Character Set (DBCS) systems allows remote attackers to alter displayed address bars and spoof web pages via a URL containing special characters, facilitating phishing attacks, aka the "Address Bar Spoofing on Double Byte Character Set Systems Vulnerability." | 5.0 |
| 2004-11-03 | CVE-2004-0843 | Unspecified vulnerability in Microsoft IE and Internet Explorer Internet Explorer 5.5 and 6 does not properly handle plug-in navigation, which allows remote attackers to alter displayed address bars and thereby spoof web pages, facilitating phishing attacks, aka the "Plug-in Navigation Address Bar Spoofing Vulnerability." | 5.0 |
| 2004-11-03 | CVE-2004-0832 | Denial Of Service vulnerability in Squid Proxy NTLM Authentication The (1) ntlm_fetch_string and (2) ntlm_get_string functions in Squid 2.5.6 and earlier, with NTLM authentication enabled, allow remote attackers to cause a denial of service (application crash) via an NTLMSSP packet that causes a negative value to be passed to memcpy. | 5.0 |
| 2004-11-03 | CVE-2004-0804 | Divide BY Zero vulnerability in Libtiff Vulnerability in tif_dirread.c for libtiff allows remote attackers to cause a denial of service (application crash) via a TIFF image that causes a divide-by-zero error when the number of row bytes is zero, a different vulnerability than CVE-2005-2452. | 4.3 |
| 2004-11-03 | CVE-2003-0718 | Unspecified vulnerability in Microsoft products The WebDAV Message Handler for Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows remote attackers to cause a denial of service (memory and CPU exhaustion, application crash) via a PROPFIND request with an XML message containing XML elements with a large number of attributes. | 5.0 |
| 2004-11-01 | CVE-2004-1121 | Unspecified vulnerability in Apple Safari Apple Safari 1.0 through 1.2.3 allows remote attackers to spoof the URL displayed in the status bar via TABLE tags. | 5.0 |
| 2004-10-26 | CVE-2004-1639 | Mozilla Firefox before 0.10, Mozilla 5.0, and Gecko 20040913 allows remote attackers to cause a denial of service (application crash or memory consumption) via a large binary file with a .html extension. | 5.0 |
| 2004-10-25 | CVE-2004-1634 | Authentication Bypass and Information Disclosure vulnerability in Mozilla Bugzilla show_bug.cgi in Bugzilla 2.17.1 through 2.18rc2 and 2.19 from CVS, when using the insidergroup feature and exporting a bug to XML, shows comments and attachment summaries which are marked as private, which allows remote attackers to gain sensitive information. | 5.0 |
| 2004-10-25 | CVE-2004-1633 | Remote Security vulnerability in Bugzilla process_bug.cgi in Bugzilla 2.9 through 2.18rc2 and 2.19 from CVS does not check edit permissions on the keywords field, which allows remote authenticated users to modify the keywords in a bug via the keywordaction parameter. | 5.0 |