Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-04-19 | CVE-2004-1946 | Local Security vulnerability in Cherokee Httpd 0.4.16 Format string vulnerability in the PRINT_ERROR function in common.c for Cherokee Web Server 0.4.16 and earlier allows local users to execute arbitrary code via format string specifiers in the -C command line argument. | 4.6 |
| 2004-04-19 | CVE-2004-1941 | Denial Of Service vulnerability in Fastream Netfile FTP web Server 6.5.1.980 Fastream NETFile FTP/Web Server 6.5.1.980 allows remote attackers to cause a denial of service via a username that does not exist. | 5.0 |
| 2004-04-15 | CVE-2004-1935 | Unspecified vulnerability in SCT Corporation Campus Pipeline Cross-site scripting (XSS) vulnerability in SCT Campus Pipeline allows remote attackers to inject arbitrary web script or HTML via onload, onmouseover, and other Javascript events in an e-mail attachment. network sct-corporation | 4.3 |
| 2004-04-15 | CVE-2004-0173 | Directory Traversal vulnerability in Apache Cygwin Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (dot dot encoded backslash) sequences. | 5.0 |
| 2004-04-15 | CVE-2004-0122 | Information Disclosure vulnerability in Microsoft MSN Messenger 6.0/6.1 Microsoft MSN Messenger 6.0 and 6.1 does not properly handle certain requests, which allows remote attackers to read arbitrary files. | 5.0 |
| 2004-04-15 | CVE-2004-0111 | Bitmap Handling Denial Of Service vulnerability in GdkPixbuf gdk-pixbuf before 0.20 allows attackers to cause a denial of service (crash) via a malformed bitmap (BMP) file. | 5.0 |
| 2004-04-15 | CVE-2004-0108 | The isag utility, which processes sysstat data, allows local users to overwrite arbitrary files via a symlink attack on temporary files, a different vulnerability than CAN-2004-0107. | 4.6 |
| 2004-04-15 | CVE-2004-0107 | The (1) post and (2) trigger scripts in sysstat 4.0.7 and earlier allow local users to overwrite arbitrary files via symlink attacks on temporary files, a different vulnerability than CVE-2004-0108. | 4.6 |
| 2004-04-15 | CVE-2003-1038 | Information Disclosure vulnerability in Internet Transaction Server 4620.2.0.323011 The AGate component for SAP Internet Transaction Server (ITS) allows remote attackers to obtain sensitive information via a ~command parameter with an AgateInstallCheck value, which provides a list of installed DLLs and full pathnames. | 5.0 |
| 2004-04-15 | CVE-2003-1034 | The RPM installation of SAP DB 7.x creates the (1) dbmsrv or (2) lserver programs with world-writable permissions, which allows local users to gain privileges by modifying those programs. | 4.6 |