Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-08-04 | CVE-2004-1679 | Directory Traversal vulnerability in Jigunet Twinftp Enterprise and Twinftp Standard Directory traversal vulnerability in TwinFTP 1.0.3 R2 allows remote attackers to create arbitrary files via a .../ (triple dot) in the (1) CWD, (2) STOR, or (3) RETR commands. | 5.0 |
| 2004-08-04 | CVE-2004-1369 | Multiple Unspecified vulnerability in Oracle The TNS Listener in Oracle 10g allows remote attackers to cause a denial of service (listener crash) via a malformed service_register_NSGR request containing a value that is used as an invalid offset for a pointer that references incorrect memory. | 5.0 |
| 2004-08-04 | CVE-2004-1367 | Information Exposure vulnerability in Oracle products Oracle 10g Database Server, when installed with a password that contains an exclamation point ("!") for the (1) DBSNMP or (2) SYSMAN user, generates an error that logs the password in the world-readable postDBCreation.log file, which could allow local users to obtain that password and use it against SYS or SYSTEM accounts, which may have been installed with the same password. | 4.4 |
| 2004-08-04 | CVE-2004-1366 | Credentials Management vulnerability in Oracle products Oracle 10g Database Server stores the password for the SYSMAN account in cleartext in the world-readable emoms.properties file, which could allow local users to gain DBA privileges. | 4.6 |
| 2004-08-04 | CVE-2004-1365 | Multiple Unspecified vulnerability in Oracle Extproc in Oracle 9i and 10g does not require authentication to load a library or execute a function, which allows local users to execute arbitrary commands as the Oracle user. | 4.6 |
| 2004-08-02 | CVE-2004-1708 | Denial Of Service vulnerability in Shawn Webb Webbsyte Chat 0.9 Webbsyte Chat 0.9.0 allows remote attackers to cause a denial of service (crash) via a large number of connections. | 5.0 |
| 2004-07-30 | CVE-2004-1705 | Buffer Overflow vulnerability in Citadel/UX Username Buffer overflow in Citadel/UX 6.23 and earlier allows remote attackers to cause a denial of service via a long username. | 5.0 |
| 2004-07-29 | CVE-2004-2064 | HTML Injection vulnerability in Verylost LostBook Message Entry Cross-site scripting (XSS) vulnerability in lostBook 1.1 and earlier allows remote attackers to inject arbitrary web script via the (1) Email or (2) Website fields. network verylost | 4.3 |
| 2004-07-27 | CVE-2004-0741 | Denial-Of-Service vulnerability in WWW File Share Pro LionMax Software WWW File Share Pro 2.60 allows remote attackers to cause a denial of service (crash or hang) via a long URL, possibly triggering a buffer overflow. | 5.0 |
| 2004-07-27 | CVE-2004-0740 | Denial-Of-Service vulnerability in T522 Network Printer The HTTP server in Lexmark T522 and possibly other models allows remote attackers to cause a denial of service (server crash, reload, or hang) via an HTTP header with a long Host field, possibly triggering a buffer overflow. | 5.0 |