Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-10-18 | CVE-2004-1611 | Remote vulnerability in Best Software SalesLogix SalesLogix 6.1 does not verify if a user is authenticated before performing sensitive operations, which could allow remote attackers to (1) execute arbitrary SLX commands on the server or spoof the server via a man-in-the-middle (MITM) attack, or (2) obtain the database password via a GetConnection request to TCP port 1707. | 5.1 |
| 2004-10-18 | CVE-2004-1609 | Remote vulnerability in Best Software SalesLogix SalesLogix 6.1 includes usernames, passwords, and other sensitive information in the headers of an HTTP response, which could allow remote attackers to gain access. | 5.0 |
| 2004-10-18 | CVE-2004-1607 | Remote vulnerability in Best Software SalesLogix slxweb.dll in SalesLogix 6.1 allows remote attackers to obtain sensitive information via a (1) Library or (2) Attachment request with an invalid file parameter, which reveals the path in an error message. | 5.0 |
| 2004-10-18 | CVE-2004-1606 | Remote vulnerability in Best Software SalesLogix slxweb.dll in SalesLogix 6.1 allows remote attackers to cause a denial service (application crash) via an invalid HTTP request, which might also leak sensitive information in the ErrorLogMsg cookie. | 6.4 |
| 2004-10-18 | CVE-2004-1603 | Link Following vulnerability in Cpanel 9.4.1 cPanel 9.4.1-RELEASE-64 follows hard links, which allows local users to (1) read arbitrary files via the backup feature or (2) chown arbitrary files via the .htaccess file when Front Page extensions are enabled or disabled. | 5.5 |
| 2004-10-16 | CVE-2004-1600 | Information Disclosure vulnerability in Coolphp 1.0Stable index.php in CoolPHP 1.0-stable allows remote attackers to gain sensitive information via an invalid op parameter, which reveals the path in an error message. | 5.0 |
| 2004-10-16 | CVE-2004-1599 | Remote Input Validation vulnerability in Coolphp Coolphpweb Portal 1.0Stable Cross-site scripting (XSS) vulnerability in index.php in CoolPHP 1.0-stable allows remote attackers to execute arbitrary web script or HTML via the (1) query or (2) nick parameters. network coolphp | 4.3 |
| 2004-10-14 | CVE-2004-1700 | Cross-Site Scripting vulnerability in Pinnacle Systems Showcenter 1.51Build121 Cross-site scripting (XSS) vulnerability in SettingsBase.php in Pinnacle ShowCenter 1.51 build 121 allows remote attackers to inject arbitrary HTML or web script via the Skin parameter, which is echoed in an error message. network pinnacle-systems | 4.3 |
| 2004-10-13 | CVE-2004-1594 | HTML Injection vulnerability in E-Zone Media Inc. Fusetalk 4.0 Cross-site scripting (XSS) vulnerability in FuseTalk 4.0 allows remote attackers to execute arbitrary web script via an img src tag. network e-zone-media-inc | 4.3 |
| 2004-10-12 | CVE-2004-1671 | Remote Input Validation vulnerability in IceWarp Web Mail 3.3.2/5.2.7/5.2.8 Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 and possibly other versions allows remote attackers to gain sensitive information via a direct request to (1) accountsettings_add.html or (2) topmenu.html. | 5.0 |