Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-03-22 | CVE-2004-1839 | Remote Path Disclosure vulnerability in PHP-Nuke MS-Analysis Module MS Analysis module 2.0 for PHP-Nuke allows remote attackers to obtain sensitive information via a direct request to (1) browsers.php, (2) mstrack.php, or (3) title.php, which reveal the full path in a PHP error message. | 5.0 |
| 2004-03-22 | CVE-2004-1838 | Directory Traversal vulnerability in Xweb 1.0 Directory traversal vulnerability in xweb 1.0 allows remote attackers to download arbitrary files via a .. | 5.0 |
| 2004-03-19 | CVE-2004-1853 | Remote Client Buffer Overflow vulnerability in Atari Terminator 3 WAR of the Machines 1.0 Buffer overflow in Terminator 3: War of the Machines 1.0 allows remote attackers to cause a denial of service via a long ServerInfo variable. | 5.0 |
| 2004-03-18 | CVE-2004-1830 | Multiple vulnerability in Francisco Burzi PHP-Nuke 6.0 error.php in Error Manager 2.1 for PHP-Nuke 6.0 allows remote attackers to obtain sensitive information via an invalid (1) language, (2) newlang, or (3) lang parameter, which leaks the pathname in a PHP error message. | 5.0 |
| 2004-03-18 | CVE-2004-1829 | Multiple vulnerability in Error Manager PHP-Nuke Module 2.1 Multiple cross-site scripting (XSS) vulnerabilities in error.php in Gijza.net Error Manager 2.1 for PHP-Nuke 6.0 allow remote attackers to inject arbitrary web script or HTML via the (1) pagetitle or (2) error parameters, or (3) certain parameters in the error log. network error-manager | 4.3 |
| 2004-03-16 | CVE-2004-1825 | Cross-Site Scripting vulnerability in Mambo Open Source 4.51.0.0/4.51.0.1 Cross-site scripting (XSS) vulnerability in index.php in Mambo Open Source 4.5 stable 1.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) return or (2) mos_change_template parameters. network mambo | 4.3 |
| 2004-03-15 | CVE-2004-1822 | Module Cross-Site Scripting vulnerability in Phorum Multiple cross-site scripting (XSS) vulnerabilities in Phorum 3.1 through 5.0.3 beta allow remote attackers to inject arbitrary web script or HTML via the (1) HTTP_REFERER parameter to login.php, (2) HTTP_REFERER parameter to register.php, or (3) target parameter to profile.php. network phorum | 4.3 |
| 2004-03-15 | CVE-2004-1819 | Multiple vulnerability in Warpspeed 4Nalbum Module 0.92 4nalbum 0.92 for PHP-Nuke 6.5 through 7.0 allows remote attackers to obtain sensitive information via a direct request to displaycategory.php, which reveals the path in an error message. | 5.0 |
| 2004-03-15 | CVE-2004-1818 | Multiple vulnerability in WarpSpeed 4nAlbum Module For PHPNuke Cross-site scripting (XSS) vulnerability in nmimage.php in 4nalbum 0.92 for PHP-Nuke 6.5 through 7.0 allows remote attackers to execute arbitrary script as other users by injecting arbitrary script into the z parameter. network warpspeed | 6.8 |
| 2004-03-15 | CVE-2004-1817 | Cross-Site Scripting vulnerability in Francisco Burzi PHP-Nuke 7.1 Cross-site scripting (XSS) vulnerability in modules.php in Php-Nuke 7.1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) Your Name field, (2) e-mail field, (3) nicname field, (4) fname parameter, (5) ratenum parameter, or (6) search field. network francisco-burzi | 4.3 |