Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-08-06 | CVE-2004-0651 | Remote Denial Of Service vulnerability in Sun Java Runtime Environment Unknown vulnerability in Sun Java Runtime Environment (JRE) 1.4.2 through 1.4.2_03 allows remote attackers to cause a denial of service (virtual machine hang). | 5.0 |
| 2004-08-06 | CVE-2004-0647 | Unspecified vulnerability in Shorewall shorewall 1.4.10c and earlier, and 2.0.x before 2.0.3a, allows local users to overwrite arbitrary files via a symlink attack on the chains-$$ temporary file. | 4.6 |
| 2004-08-06 | CVE-2004-0639 | HTML Injection vulnerability in SquirrelMail From Email Header Multiple cross-site scripting (XSS) vulnerabilities in Squirrelmail 1.2.10 and earlier allow remote attackers to inject arbitrary HTML or script via (1) the $mailer variable in read_body.php, (2) the $senderNames_part variable in mailbox_display.php, and possibly other vectors including (3) the $event_title variable or (4) the $event_text variable. | 6.8 |
| 2004-08-06 | CVE-2004-0591 | HTML Injection vulnerability in Inter7 Sqwebmail 4.0.4 Cross-site scripting (XSS) vulnerability in the print_header_uc function for SqWebMail 4.0.4 and earlier, and possibly 3.x, allows remote attackers to inject arbitrary web script or HRML via (1) e-mail headers or (2) a message with a "message/delivery-status" MIME Content-Type. network inter7 | 6.8 |
| 2004-08-06 | CVE-2004-0589 | Unspecified vulnerability in Cisco IOS Cisco IOS 11.1(x) through 11.3(x) and 12.0(x) through 12.2(x), when configured for BGP routing, allows remote attackers to cause a denial of service (device reload) via malformed BGP (1) OPEN or (2) UPDATE messages. network cisco | 4.3 |
| 2004-08-06 | CVE-2004-0588 | Unspecified vulnerability in Usermin 1.070 Cross-site scripting (XSS) vulnerability in the web mail module for Usermin 1.070 allows remote attackers to insert arbitrary HTML and script via e-mail messages. network usermin | 6.8 |
| 2004-08-06 | CVE-2004-0584 | HTML Injection vulnerability in Horde IMP Email Header Unknown vulnerability in Horde IMP 3.2.3 and earlier, before a "security fix," does not properly validate input, which allows remote attackers to execute arbitrary script as other users via script or HTML in an e-mail message, possibly triggering a cross-site scripting (XSS) vulnerability. network horde | 6.8 |
| 2004-08-06 | CVE-2004-0583 | Multiple Unspecified vulnerability in Webmin The account lockout functionality in (1) Webmin 1.140 and (2) Usermin 1.070 does not parse certain character strings, which allows remote attackers to conduct a brute force attack to guess user IDs and passwords. | 5.0 |
| 2004-08-06 | CVE-2004-0582 | Multiple Unspecified vulnerability in Webmin 1.1.40 Unknown vulnerability in Webmin 1.140 allows remote attackers to bypass access control rules and gain read access to configuration information for a module. | 5.0 |
| 2004-08-06 | CVE-2004-0581 | Symbolic Link vulnerability in KSymoops KSymoops-GZNM Insecure Temporary File Handling ksymoops-gznm script in Mandrake Linux 9.1 through 10.0, and Corporate Server 2.1, allows local users to delete arbitrary files via a symlink attack on files in /tmp. | 4.6 |