Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-04-15 | CVE-2003-0905 | Remote Denial of Service vulnerability in Microsoft Windows Media Services 4.1 Unknown vulnerability in Windows Media Station Service and Windows Media Monitor Service components of Windows Media Services 4.1 allows remote attackers to cause a denial of service (disallowing new connections) via a certain sequence of TCP/IP packets. | 5.0 |
| 2004-04-15 | CVE-2003-0202 | Local File Creation vulnerability in Brian Renaud Metrics 1.0 The (1) halstead and (2) gather_stats scripts in metrics 1.0 allow local users to overwrite arbitrary files via a symlink attack on temporary files. | 4.6 |
| 2004-04-15 | CVE-2002-1579 | Denial of Service vulnerability in SAP SAPgui SAP GUI (Sapgui) 4.6D allows remote attackers to cause a denial of service (crash) via a connection to a high-numbered port, which generates an "unknown connection data" error. | 5.0 |
| 2004-04-14 | CVE-2004-1944 | Denial of Service vulnerability in Qualcomm Eudora MIME Message Nesting Eudora 6.1 and 6.0.3 for Windows allows remote attackers to cause a denial of service (crash) via a deeply nested multipart MIME message. | 5.0 |
| 2004-04-14 | CVE-2004-1939 | Cross-Site Scripting vulnerability in Rhino Software Zaep Antispam 2.0/2.0.0.1 Cross-site scripting (XSS) vulnerability in Zaep AntiSpam 2.0 allows remote attackers to inject arbitrary web script or HTML via double encoded slashes (%252F) in the key parameter. network rhinosoft | 4.3 |
| 2004-04-13 | CVE-2004-1758 | Unspecified vulnerability in BEA Weblogic Server 6.1/7.0/8.1 BEA WebLogic Server and WebLogic Express version 8.1 up to SP2, 7.0 up to SP4, and 6.1 up to SP6 may store the database username and password for an untargeted JDBC connection pool in plaintext in config.xml, which allows local users to gain privileges. | 4.6 |
| 2004-04-13 | CVE-2004-1756 | Unspecified vulnerability in BEA Weblogic Server 7.0/8.1 BEA WebLogic Server and WebLogic Express 8.1 SP2 and earlier, and 7.0 SP4 and earlier, when using 2-way SSL with a custom trust manager, may accept a certificate chain even if the trust manager rejects it, which allows remote attackers to spoof other users or servers. | 5.0 |
| 2004-04-12 | CVE-2004-1930 | Cross-Site Scripting vulnerability in PHP-Nuke CookieDecode Cross-site scripting (XSS) vulnerability in the cookiedecode function in mainfile.php for PHP-Nuke 6.x through 7.2, when themes are used, allows remote attackers to inject arbitrary web script or HTML via a base64-encoded user parameter or cookie. network francisco-burzi | 4.3 |
| 2004-04-12 | CVE-2004-1060 | Remote Denial Of Service vulnerability in Multiple Vendor TCP/IP Implementation ICMP Multiple TCP/IP and ICMP implementations, when using Path MTU (PMTU) discovery (PMTUD), allow remote attackers to cause a denial of service (network throughput reduction for TCP connections) via forged ICMP ("Fragmentation Needed and Don't Fragment was Set") packets with a low next-hop MTU value, aka the "Path MTU discovery attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. | 5.0 |
| 2004-04-11 | CVE-2004-1927 | Path Traversal vulnerability in Tiki Tikiwiki Cms/Groupware 1.6.1/1.8.1 Directory traversal vulnerability in the map feature (tiki-map.phtml) in Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote attackers to determine the existence of arbitrary files via .. | 5.0 |