Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-04-25 | CVE-2004-1965 | Input Validation vulnerability in OpenBB Multiple cross-site scripting (XSS) vulnerabilities in Open Bulletin Board (OpenBB) 1.0.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) redirect parameter to member.php, (2) to parameter to myhome.php (3) TID parameter to post.php, or (4) redirect parameter to index.php. network openbb | 4.3 |
| 2004-04-23 | CVE-2004-1964 | Cross-Site Scripting vulnerability in Network Query Tool 1.0/1.6 Cross-site scripting (XSS) vulnerability in nqt.php in Network Query Tool (NQT) 1.6 allows remote attackers to inject arbitrary web script or HTML via the portNum parameter. network freshmeat | 4.3 |
| 2004-04-23 | CVE-2004-1963 | nqt.php in Network Query Tool (NQT) 1.6 allows remote attackers to obtain sensitive information via a string in the portNum parameter, which reveals the full path in an error message. | 5.0 |
| 2004-04-23 | CVE-2004-1959 | Unspecified vulnerability in Protector System Protector System 1.15B1 blocker_query.php in Protector System 1.15b1 for PHP-Nuke allows remote attackers to gain sensitive information via a string in the portNum parameter, which reveals the full path in an error message. | 5.0 |
| 2004-04-21 | CVE-2004-1956 | Cross-Site Scripting And Path Disclosure vulnerability in Postnuke Software Foundation Postnuke 0.726 PostNuke 0.7.2.6 allows remote attackers to gain information via a direct HTTP request to files in the (1) includes/blocks directory, (2) pnadodb directory, (3) NS-NewUser module, (4) NS-Your_Account, (5) NS-LostPassword module, or (6) NS-User module which reveals the path to the web server in a PHP error message. | 5.0 |
| 2004-04-21 | CVE-2004-1954 | Multiple vulnerability in PHProfession 2.5 Cross-site scripting (XSS) vulnerability in modules.php in phProfession 2.5 allows remote attackers to inject arbitrary web script or HTML via the jcode parameter. network phprofession | 4.3 |
| 2004-04-20 | CVE-2004-1992 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Solarwinds Serv-U File Server Buffer overflow in Serv-U FTP server before 5.0.0.6 allows remote attackers to cause a denial of service (crash) via a long -l parameter, which triggers an out-of-bounds read. | 5.0 |
| 2004-04-20 | CVE-2004-1948 | Local Information Disclosure vulnerability in NcFTP NcFTP client 3.1.6 and 3.1.7, when the username and password are included in an FTP URL that is provided on the command line, allows local users to obtain sensitive information via "ps aux," which displays the URL in the process list. | 4.6 |
| 2004-04-19 | CVE-2004-1950 | Unspecified vulnerability in PHPbb Group PHPbb phpBB 2.0.8a and earlier trusts the IP address that is in the X-Forwarded-For in the HTTP header, which allows remote attackers to spoof IP addresses. | 5.0 |
| 2004-04-19 | CVE-2004-1947 | Remote File Upload And Execution vulnerability in Softwin BitDefender AvxScanOnlineCtrl COM Object The AVXSCANONLINE.AvxScanOnlineCtrl.1 ActiveX control in BitDefender Scan Online allows remote attackers to (1) obtain sensitive information such as system drives and contents or (2) use the RequestFile method to download and execute arbitrary code via an object codebase that uses bitdefender.cab. | 5.0 |