Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-05-22 | CVE-2004-2029 | Denial of Service vulnerability in Trevor Hogan Bnbt 7.5Betarelease2 The Util_DecodeHTTPAuth function in BNBT BitTorrent Tracker Beta 7.5 Release 2 and earlier allows remote attackers to cause a denial of service (crash) via a Basic Authorization HTTP request with a "A==" value. | 5.0 |
| 2004-05-21 | CVE-2004-2031 | HTML Injection vulnerability in e107 Website System Cross-site scripting (XSS) vulnerability in user.php in e107 allows remote attackers to inject arbitrary web script or HTML via the (1) URL, (2) MSN, or (3) AIM fields. network e107 | 4.3 |
| 2004-05-21 | CVE-2004-2028 | HTML Injection vulnerability in e107 Website System Cross-site scripting (XSS) vulnerability in stats.php in e107 allows remote attackers to inject arbitrary web script or HTML via the referer parameter to log.php. network e107 | 4.3 |
| 2004-05-14 | CVE-2004-1354 | Path Traversal vulnerability in SUN Solaris and Sunos The Solaris Management Console (SMC) in Sun Solaris 8 and 9 generates different 404 error messages when a file does not exist versus when a file exists but is otherwise inaccessible, which could allow remote attackers to obtain sensitive information in conjunction with a directory traversal (..) attack. | 5.0 |
| 2004-05-10 | CVE-2004-2027 | Remote Buffer Overflow vulnerability in Icecast Server Base64 Authorization Request Buffer overflow in Icecast 2.0.0 and earlier allows remote attackers to cause a denial of service (crash) via a long Basic Authorization header that triggers an out-of-bounds read. | 5.0 |
| 2004-05-08 | CVE-2004-2009 | NukeJokes 1.7 and 2 Beta allows remote attackers to obtain the full path of the server via (1) a direct call to mainfunctions.php, (2) an invalid jokeid parameter in a JokeView function or (3) an invalid cat parameter in a CatView function, which reveals the path in a PHP error message. | 5.0 |
| 2004-05-08 | CVE-2004-2008 | Input Validation vulnerability in Adam Webb NukeJokes Module For PHP-Nuke SQL injection vulnerability in modules.php in NukeJokes 1.7 and 2 Beta allows remote attackers to execute arbitrary SQL via the jokeid parameter. | 4.6 |
| 2004-05-08 | CVE-2004-2007 | Input Validation vulnerability in Adam Webb NukeJokes Module For PHP-Nuke Cross-site scripting (XSS) vulnerability in modules.php in NukeJokes 1.7 and 2 Beta allows remote attackers to inject arbitrary HTML or web script via the (1) cat parameter in a CatView function or (2) jokeid parameter in a JokeView function. network adam-webb | 4.3 |
| 2004-05-07 | CVE-2004-2006 | Unspecified vulnerability in Trend Micro Officescan Trend Micro OfficeScan 3.0 - 6.0 has default permissions of "Everyone Full Control" on the installation directory and registry keys, which allows local users to disable virus protection. | 4.6 |
| 2004-05-06 | CVE-2004-2005 | Buffer Overrun vulnerability in Qualcomm Eudora Embedded Hyperlink Buffer overflow in Eudora for Windows 5.2.1, 6.0.3, and 6.1 allows remote attackers to execute arbitrary code via an e-mail with (1) a link to a long URL to the C drive or (2) a long attachment name. | 5.1 |