Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2004-09-18 | CVE-2004-1690 | Denial Of Service And Cross-Site Scripting vulnerability in Rhinosoft Dns4Me 3.0.0.4 Cross-site scripting (XSS) vulnerability in the Web Server in DNS4Me 3.0.0.4 allows remote attackers to execute arbitrary web script or HTML via the URL. network rhinosoft | 4.3 |
2004-09-17 | CVE-2004-0534 | Remote File Name HTML Injection vulnerability in Businessobjects Infoview and Webintelligence Cross-site scripting (XSS) vulnerability in Business Objects InfoView 5.1.4 through 5.1.8 for WebIntelligence 2.7.0 through 2.7.4 allows remote attackers to inject arbitrary web script or HTML via document names when uploading a document. network businessobjects | 4.3 |
2004-09-16 | CVE-2004-1688 | Remote Denial Of Service vulnerability in Tech-Noel Pigeon Server 3.02.0143 Pigeon Server 3.02.0143 and earlier allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a long login name sent to port 3103. | 5.0 |
2004-09-16 | CVE-2004-1687 | Unspecified vulnerability in Snitz Communications Snitz Forums 2000 CRLF injection vulnerability in down.asp for Snitz Forums 2000 3.4.04 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the location parameter. | 5.0 |
2004-09-16 | CVE-2004-0872 | Incorrect Resource Transfer Between Spheres vulnerability in Opera Browser 7.51 Opera does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (HTTPS/SSL) in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka "Cross Security Boundary Cookie Injection." | 5.0 |
2004-09-16 | CVE-2004-0871 | Remote Security vulnerability in Mozilla 0.9.2 Mozilla does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (HTTPS/SSL) in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka "Cross Security Boundary Cookie Injection." | 5.0 |
2004-09-16 | CVE-2004-0870 | Remote Security vulnerability in Konqueror KDE Konqueror does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (HTTPS/SSL) in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka "Cross Security Boundary Cookie Injection." | 5.0 |
2004-09-16 | CVE-2004-0869 | Remote Security vulnerability in Microsoft IE 6 Internet Explorer does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (HTTPS/SSL) in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka "Cross Security Boundary Cookie Injection." | 5.0 |
2004-09-15 | CVE-2004-1686 | Unspecified vulnerability in Microsoft IE 6.0 Internet Explorer 6.0 in Windows XP SP2 allows remote attackers to bypass the Information Bar prompt for ActiveX and Javascript via an XHTML page that contains an Internet Explorer formatted comment between the DOCTYPE tag and the HTML tag, as demonstrated using the DesignScience MathPlayer ActiveX plugin. | 5.0 |
2004-09-14 | CVE-2004-0905 | Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to perform cross-domain scripting and possibly execute arbitrary code by convincing a user to drag and drop javascript: links to a frame or page in another domain. | 4.6 |