Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-04-11 | CVE-2004-1924 | Cross-Site Scripting vulnerability in Tiki Tikiwiki Cms/Groupware 1.6.1/1.8.1 Multiple cross-site scripting (XSS) vulnerabilities in Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allow remote attackers to inject arbitrary web script or HTML via via the (1) theme parameter to tiki-switch_theme.php, (2) find and priority parameters to messu-mailbox.php, (3) flag, priority, flagval, sort_mode, or find parameters to messu-read.php, (4) articleId parameter to tiki-read_article.php, (5) parentId parameter to tiki-browse_categories.php, (6) comments_threshold parameter to tiki-index.php (7) articleId parameter to tiki-print_article.php, (8) galleryId parameter to tiki-list_file_gallery.php, (9) galleryId parameter to tiki-upload_file.php, (10) faqId parameter to tiki-view_faq.php, (11) chartId parameter to tiki-view_chart.php, or (12) surveyId parameter to tiki-survey_stats_survey.php. | 4.3 |
| 2004-04-11 | CVE-2004-1923 | Information Exposure vulnerability in Tiki Tikiwiki Cms/Groupware 1.6.1/1.8.1 Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote attackers to gain sensitive information via a direct request to (1) banner_click.php, (2) categorize.php, (3) tiki-admin_include_directory.php, (4) tiki-directory_search.php, which reveal the web server path in an error message. | 5.0 |
| 2004-04-09 | CVE-2004-1919 | Remote Denial of Service vulnerability in Crackalaka 1.0.8 The hash_strcmp function in hasch.c in Crackalaka 1.0.8 allows remote attackers to cause a denial of service (crash) via large malformed strings. | 5.0 |
| 2004-04-09 | CVE-2004-1918 | Remote Denial of Service vulnerability in Rsniff 1.0 RSniff 1.0 allows remote attackers to cause a denial of service (connection exhaustion) via a large number of connections with a command other than AUTHENTICATE, or without any data, which prevents the socket from being closed properly. | 5.0 |
| 2004-04-07 | CVE-2004-1357 | Unspecified vulnerability in SUN Solaris 9.0 The Secure Shell (SSH) Daemon (SSHD) in Sun Solaris 9 does not properly log IP addresses when SSHD is configured with the ListenAddress as 0.0.0.0, which makes it easier for remote attackers to hide the source of their activities. | 5.0 |
| 2004-04-04 | CVE-2004-1986 | Input Validation vulnerability in Coppermine Photo Gallery Directory traversal vulnerability in modules.php in Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 allows remote attackers with administrative privileges to read arbitrary files via a .. | 5.0 |
| 2004-04-02 | CVE-2004-1890 | Denial Of Service vulnerability in SGI IRIX ftpd Unknown vulnerability in ftpd in SGI IRIX 6.5.20 through 6.5.23 allows remote attackers to cause a denial of service (hang) via the PORT mode. | 5.0 |
| 2004-03-30 | CVE-2004-1878 | Remote Authentication Bypass vulnerability in LinBit Technologies LINBOX Officeserver LINBOX LIN:BOX allows remote attackers to bypass authentication, obtain sensitive information, or gain access via a direct request to admin/user.pl preceded by // (double leading slash). | 5.0 |
| 2004-03-30 | CVE-2004-1876 | Unspecified vulnerability in Clam Anti-Virus Clamav The "%f" feature in the VirusEvent directive in Clam AntiVirus daemon (clamd) before 0.70 allows local users to execute arbitrary commands via shell metacharacters in a file name. | 4.6 |
| 2004-03-29 | CVE-2004-1874 | Input Validation vulnerability in Alan Ward A-Cart 2.0 Multiple cross-site scripting (XSS) vulnerabilities in (1) deliver.asp and (2) billing.asp in A-CART Pro and A-CART 2.0 allow remote attackers to inject arbitrary web script or HTML via the user information forms. network alan-ward | 4.3 |