Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-09-05 | CVE-2004-1665 | Cross-Site Scripting vulnerability in Psnews 1.1 Cross-site scripting (XSS) vulnerability in index.php in PsNews 1.1 allows remote attackers to inject arbitrary web script or HTML via the no parameter. network psnews | 4.3 |
| 2004-09-05 | CVE-2004-1664 | Remote Denial of Service vulnerability in Call of Duty Call of Duty 1.4 and earlier allows remote attackers to cause a denial of service (game end) via a large (1) query or (2) reply packet, which is not properly handled by the buffer overflow protection mechanism. | 5.0 |
| 2004-09-04 | CVE-2004-1663 | Engenio/LSI Logic storage controllers, as used in products such as Storagetek D280, and IBM DS4100 (formerly FastT 100) and Brocade SilkWorm Switches, allow remote attackers to cause a denial of service (freeze and possible data corruption) via crafted TCP packets. | 5.0 |
| 2004-09-02 | CVE-2004-1659 | Cross-Site Scripting vulnerability in CuteNews 'index.php' Cross-site scripting (XSS) vulnerability in index.php in CuteNews 1.3.6 and earlier allows remote attackers with Administrator, Editor, Journalist or Commenter privileges to inject arbitrary web script or HTML via the mod parameter. network cutephp | 4.3 |
| 2004-09-02 | CVE-2004-1658 | Unspecified vulnerability in Kerio Personal Firewall Kerio Personal Firewall 4.0 (KPF4) allows local users with administrative privileges to bypass the Application Security feature and execute arbitrary processes by directly writing to \device\physicalmemory to restore the running kernel's SDT ServiceTable. | 4.6 |
| 2004-09-02 | CVE-2004-0637 | Code Injection vulnerability in Oracle Oracle8I and Oracle9I Oracle Database Server 8.1.7.4 through 9.2.0.4 allows local users to execute commands with additional privileges via the ctxsys.driload package, which is publicly accessible. | 6.5 |
| 2004-09-01 | CVE-2004-1657 | HTML Injection vulnerability in Newtelligence DasBlog Request Log Cross-site scripting (XSS) vulnerability in the Activity and Events Viewer for Newtelligence DasBlog allows remote attackers to inject arbitrary web script or HTML via the (1) User Agent or (2) Referrer HTTP headers. network newtelligence | 4.3 |
| 2004-09-01 | CVE-2004-1656 | Unspecified vulnerability in Comersus Open Technologies Comersus Cart 5.0.991 CRLF injection vulnerability in Comersus Shopping Cart 5.0991 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the redirecturl parameter. | 5.0 |
| 2004-09-01 | CVE-2004-1655 | Input Validation vulnerability in PHPWebSite Cross-site scripting (XSS) vulnerability in phpWebsite 0.9.3-4 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) CM_pid parameter in the comments module or (2) the subject or message fields in the notes module. network phpwebsite | 4.3 |
| 2004-08-31 | CVE-2004-1653 | Remote Security vulnerability in OpenSSH The default configuration for OpenSSH enables AllowTcpForwarding, which could allow remote authenticated users to perform a port bounce, when configured with an anonymous access program such as AnonCVS. | 6.4 |