Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-10-25 | CVE-2004-1632 | Cross-Site Scripting vulnerability in Moniwiki 1.0.8 Cross-site scripting (XSS) vulnerability in wiki.php in MoniWiki 1.0.8 and earlier allows remote attackers to inject arbitrary web script or HTML via the arguments to wiki.php. network moniwiki | 4.3 |
| 2004-10-25 | CVE-2004-1631 | Remote Cross-Site Scripting And Connection Proxy vulnerability in OpenWFE Open WorkFlow Engine (OpenWFE) 1.4.x allows remote attackers to conduct port scans of remote hosts by specifying the target in an rmi:// Worklist URL, then using the response times to infer the results. | 5.0 |
| 2004-10-25 | CVE-2004-1630 | Remote Cross-Site Scripting And Connection Proxy vulnerability in OpenWFE Cross-site scripting (XSS) vulnerability in the login form in Open WorkFlow Engine (OpenWFE) 1.4.x allows remote attackers to execute arbitrary web script or HTML via the url parameter. network openwfe | 4.3 |
| 2004-10-24 | CVE-2004-1635 | Authentication Bypass and Information Disclosure vulnerability in Mozilla Bugzilla Bugzilla 2.17.1 through 2.18rc2 and 2.19 from cvs, when using the insidergroup feature, does not sufficiently protect private attachments when there are changes to the metadata, such as filename, description, MIME type, or review flags, which allows remote authenticated users to obtain sensitive information when (1) viewing the bug activity log or (2) receiving bug change notification mails. | 5.0 |
| 2004-10-22 | CVE-2004-1626 | Remote Buffer Overflow vulnerability in Code-Crafters Ability Server 2.2.5/2.3.2/2.3.4 Buffer overflow in Ability Server 2.34, and possibly other versions, allows remote attackers to execute arbitrary code via a long STOR command. | 5.0 |
| 2004-10-22 | CVE-2004-1623 | Denial Of Service vulnerability in Microsoft Windows XP WAV File Handler The WAV file property handler in Windows XP SP1 allows remote attackers to cause a denial of service (infinite loop in Explorer) via a WAV file with an invalid file header whose fmt chunk length is set to 0xFFFFFFFF. | 5.0 |
| 2004-10-21 | CVE-2004-1620 | Unspecified vulnerability in S9Y Serendipity CRLF injection vulnerability in Serendipity before 0.7rc1 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the url parameter in (1) index.php and (2) exit.php, or (3) the HTTP Referer field in comment.php. | 5.0 |
| 2004-10-20 | CVE-2004-1381 | Remote Security vulnerability in Browser Firefox before 1.0 and Mozilla before 1.7.5 allow inactive (background) tabs to focus on input being entered in the active tab, as originally reported using form fields, which allows remote attackers to steal sensitive data that is intended for other sites, which could facilitate phishing attacks. | 5.0 |
| 2004-10-20 | CVE-2004-1380 | Unspecified vulnerability in Mozilla Firefox and Mozilla Firefox before 1.0 and Mozilla before 1.7.5 allows inactive (background) tabs to launch dialog boxes, which can allow remote attackers to spoof the dialog boxes from web sites in other windows and facilitate phishing attacks, aka the "Dialog Box Spoofing Vulnerability." | 5.0 |
| 2004-10-20 | CVE-2004-0796 | Remote Denial Of Service vulnerability in SpamAssassin Malformed Email SpamAssassin 2.5x, and 2.6x before 2.64, allows remote attackers to cause a denial of service via certain malformed messages. | 5.0 |