Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-05-04 | CVE-2004-0371 | Unspecified vulnerability in KTH Heimdal Heimdal 0.6.x before 0.6.1 and 0.5.x before 0.5.3 does not properly perform certain consistency checks for cross-realm requests, which allows remote attackers with control of a realm to impersonate others in the cross-realm trust path. | 5.0 |
| 2004-05-04 | CVE-2004-0219 | Unspecified vulnerability in Openbsd isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a denial of service (crash) via an ISAKMP packet with a malformed IPSEC SA payload, as demonstrated by the Striker ISAKMP Protocol Test Suite. | 5.0 |
| 2004-05-04 | CVE-2004-0218 | Denial Of Service vulnerability in OpenBSD ISAKMPD Zero Payload Length isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a denial of service (infinite loop) via an ISAKMP packet with a zero-length payload, as demonstrated by the Striker ISAKMP Protocol Test Suite. | 5.0 |
| 2004-05-04 | CVE-2004-0149 | Local Buffer Overflow vulnerability in Xboing 2.4 Multiple buffer overflows in xboing before 2.4 allow local users to gain privileges. | 4.6 |
| 2004-05-03 | CVE-2004-1991 | Path Traversal vulnerability in Aldostools Aldo'S web Server 1.5 Directory traversal vulnerability in Aldo's Web Server (aweb) 1.5 allows remote attackers to view arbitrary files via a .. | 5.0 |
| 2004-05-03 | CVE-2004-0428 | Large Input vulnerability in Apple Mac OS X CoreFoundation Unknown vulnerability in CoreFoundation in Mac OS X 10.3.3 and Mac OS X 10.3.3 Server, related to "the handling of an environment variable," has unknown attack vectors and unknown impact. | 5.0 |
| 2004-05-02 | CVE-2004-1984 | Information Disclosure vulnerability in Coppermine Photo Gallery Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 allows remote attackers to obtain sensitive information via a direct HTTP request to (1) phpinfo.php, (2) addpic.php, (3) config.php, (4) db_input.php, (5) displayecard.php, (6) ecard.php, (7) crop.inc.php, which reveal the full path in a PHP error message. | 5.0 |
| 2004-05-02 | CVE-2004-1981 | Denial-Of-Service vulnerability in Businessobjects Crystal Enterprise and Crystal Reports The web interface for Crystal Reports allows remote attackers to cause a denial of service (disk exhaustion) by repeatedly requesting reports without retrieving the associated image files, which are not cleared from the image file folder. | 5.0 |
| 2004-05-01 | CVE-2004-2043 | Remote Pre-Authentication Database Name Buffer Overrun vulnerability in Firebird Buffer overflow in ibserver for Firebird Database 1.0 and other versions before 1.5, and possibly other products that use the InterBase codebase, allows remote attackers to cause a denial of service (crash) via a long database name, as demonstrated using the gsec command. | 5.0 |
| 2004-04-30 | CVE-2004-1985 | Input Validation vulnerability in Coppermine Photo Gallery Cross-site scripting (XSS) vulnerability in menu.inc.php in Coppermine Photo Gallery 1.2.2b allows remote attackers to inject arbitrary HTML or web script via the CPG_URL parameter. | 4.3 |