Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-04-30 | CVE-2004-1980 | Directory Traversal vulnerability in Props 0.6.1 Directory traversal vulnerability in glossary.php in PROPS 0.6.1 allows remote attackers to view arbitrary files via a .. | 5.0 |
| 2004-04-30 | CVE-2004-1979 | SQL Injection and Cross-Site Scripting vulnerability in Props 0.6.1 Cross-site scripting (XSS) vulnerability in do_search.php in PROPS 0.6.1 allows remote attackers to inject arbitrary HTML or web script via the search_string parameter. network props | 4.3 |
| 2004-04-30 | CVE-2004-1978 | Unspecified vulnerability in Moodle 1.1.1/1.2.0/1.2.1 Cross-site scripting (XSS) vulnerability in help.php in Moodle before 1.3 allows remote attackers to inject arbitrary HTML and web script via the text parameter. network moodle | 4.3 |
| 2004-04-29 | CVE-2004-1977 | Denial of Service vulnerability in 3Com SuperStack 3 NBX Netset Application Port Scan 3com NBX IP VOIP NetSet Configuration Manager allows remote attackers to cause a denial of service (crash) via a Nessus scan in safeChecks mode. | 5.0 |
| 2004-04-27 | CVE-2004-1975 | Cross-Site Scripting vulnerability in PAFileDB ID Variable Cross-site scripting (XSS) vulnerability in the category module in pafiledb.php for paFileDB 3.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter, a vulnerability that is closely related to CVE-2004-1551. network php-arena | 4.3 |
| 2004-04-27 | CVE-2004-1974 | Information Disclosure vulnerability in PHP Arena Pafiledb 3.1 paFileDB 3.1 allows remote attackers to gain sensitive information via a direct request to (1) login.php, (2) category.php, (3) search.php, (4) main.php, (5) viewall.php, (6) download.php, (7) email.php, (8) file.php, (9) rate.php, or (10) stats.php, which reveals the path in an error message. | 5.0 |
| 2004-04-27 | CVE-2004-1973 | Remote Denial Of Service vulnerability in Digi WWW Server Compieuw DiGi Web Server allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request that contains a large number of / (slash) characters, which consumes resources when DiGi converts the slashes to \ (backslash) characters. | 5.0 |
| 2004-04-26 | CVE-2004-1971 | modules.php in PHP-Nuke Video Gallery Module 0.1 Beta 5 allows remote attackers to gain sensitive information via an HTTP request with an invalid (1) catid or (2) clipid parameter, which reveals the full path in an error message. | 5.0 |
| 2004-04-26 | CVE-2004-1968 | Unspecified vulnerability in Openbb The readmsg action in myhome.php in Open Bulletin Board (OpenBB) 1.0.6 and earlier allows remote attackers to read arbitrary messages by modifying the id parameter. | 5.0 |
| 2004-04-26 | CVE-2004-1077 | Unspecified vulnerability in Citrix Metaframe Client and Program Neighborhood Agent Citrix Program Neighborhood Agent for Win32 8.00.24737 and earlier and MetaFrame Presentation Server client for WinCE before 8.33 allows remote servers to create arbitrary shortcuts on the client via a full UNC path in the AppInStartmenu directive. | 5.0 |