Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-08-17 | CVE-2004-1721 | Multiple vulnerability in Merak Mail Server 5.2.7 The (1) function.php or (2) function.view.php scripts in Merak Mail Server 5.2.7 allow remote attackers to read arbitrary PHP files via a direct HTTP request to port 32000. | 5.0 |
| 2004-08-17 | CVE-2004-1720 | Multiple vulnerability in Merak Mail Server 7.4.5 The (1) address.html and possibly (2) calendar.html pages in Merak Mail Server 5.2.7 allow remote attackers to gain sensitive information via an invalid HTTP request, which reveals the installation path. | 5.0 |
| 2004-08-17 | CVE-2004-1719 | Multiple vulnerability in Merak Mail Server 7.4.5 Multiple cross-site scripting (XSS) vulnerabilities in Merak Webmail Server 5.2.7 allow remote attackers to inject arbitrary web script or HTML via the (1) category, (2) cserver, (3) ext, (4) global, (5) showgroups, (6) or showlite parameters to address.html, or the (7) spage or (8) autoresponder parameters to settings.html, the (9) folder parameter to readmail.html, or the (10) attachmentpage_text_error parameter to attachment.html, (11) folder, (12) ct, or (13) cv parameters to calendar.html, (14) an <img> tag, or (15) the subject of an e-mail message. network merak | 4.3 |
| 2004-08-16 | CVE-2004-1716 | HTML Injection vulnerability in PScript PForum User Profile Cross-site scripting (XSS) vulnerability in PForum before 1.26 allows remote attackers to inject arbitrary web script or HTML via the (1) IRC Server or (2) AIM ID fields in the user profile. network powie | 6.8 |
| 2004-08-11 | CVE-2004-1715 | Directory Traversal vulnerability in Clearswift MIMEsweeper For web 4.0/5.0.1 Directory traversal vulnerability in MIMEsweeper for Web before 5.0.4 allows remote attackers or local users to read arbitrary files via "..\\", "..\", and similar dot dot sequences in the URL. | 5.0 |
| 2004-08-10 | CVE-2004-1347 | Denial Of Service vulnerability in Sun Solaris XDMCP X Display Manager (XDM) on Solaris 8 allows remote attackers to cause a denial of service (XDM crash) via an invalid X Display Manager Control Protocol (XDMCP) request. | 5.0 |
| 2004-08-09 | CVE-2004-1702 | Remote Denial Of Service vulnerability in GNU CFEngine AuthenticationDialogue The AuthenticationDialogue function in cfservd for Cfengine 2.0.0 to 2.1.7p1 does not properly check the return value of the ReceiveTransaction function, which leads to a failed malloc call and triggers to a null dereference, which allows remote attackers to cause a denial of service (crash). | 5.0 |
| 2004-08-06 | CVE-2004-1712 | Cross-Site Scripting vulnerability in TypePad Cross-site scripting (XSS) vulnerability in TypePad allows remote attackers to inject arbitrary Javascript via the name parameter. network typepad | 4.3 |
| 2004-08-06 | CVE-2004-1711 | Unspecified vulnerability in Moodle Cross-site scripting (XSS) vulnerability in post.php in Moodle before 1.3 allows remote attackers to inject arbitrary web script or HTML via the reply parameter. network moodle | 4.3 |
| 2004-08-06 | CVE-2004-0684 | Denial-Of-Service vulnerability in IBM products WebSphere Edge Component Caching Proxy in WebSphere Edge Server 5.02, with the JunctionRewrite directive enabled, allows remote attackers to cause a denial of service via an HTTP GET request without any parameters. | 5.0 |