Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-03-03 | CVE-2002-1574 | Unspecified vulnerability in Linux Kernel Buffer overflow in the ixj telephony card driver in Linux before 2.4.20 has unknown impact and attack vectors. | 4.6 |
| 2004-02-28 | CVE-2004-0944 | The web management interface for Mitel 3300 Integrated Communications Platform (ICP) before 4.2.2.11 generates easily predictable web session IDs, which allows remote attackers to hijack other sessions via the parentsessionid cookie. | 5.0 |
| 2004-02-23 | CVE-2004-0322 | Unspecified vulnerability in XMB Forum XMB 1.8/1.8Sp1/1.8Sp2 Multiple cross-site scripting (XSS) vulnerabilities in XMB 1.8 Final SP2 allow remote attackers to execute arbitrary script as other users via the (1) member parameter in member.php, (2) uid parameter in u2uadmin.php, (3) user parameter in editprofile.php, (4) an onmouseover event in an align tag when bbcode is allowed, or (5) img tag where bbcode is allowed. network xmb-forum | 4.3 |
| 2004-02-21 | CVE-2004-0466 | Unspecified vulnerability in Openconnect Webconnect 6.4.4/6.5 WebConnect 6.5, 6.4.4, and possibly earlier versions allows remote attackers to cause a denial of service (hang) via a URL containing an MS-DOS device name such as (1) AUX, (2) CON, (3) PRN, (4) COM1, or (5) LPT1. | 5.0 |
| 2004-02-17 | CVE-2004-0095 | Buffer Mismanagement vulnerability in Mcafee Epolicy Orchestrator 3.6.0 McAfee ePolicy Orchestrator agent allows remote attackers to cause a denial of service (memory consumption and crash) and possibly execute arbitrary code via an HTTP POST request with an invalid Content-Length value, possibly triggering a buffer overflow. | 5.0 |
| 2004-02-17 | CVE-2004-0074 | Local Buffer Overrun vulnerability in Michael Bischoff Xsok 1.02 Multiple buffer overflows in xsok 1.02 allows local users to gain privileges via (1) a long LANG environment variable, or (2) a long -xsokdir command line argument, a different vulnerability than CVE-2003-0949. | 4.6 |
| 2004-02-17 | CVE-2004-0072 | Remote File Disclosure vulnerability in Accipiter Direct Server 6.0 Directory traversal vulnerability in Accipiter Direct Server 6.0 allows remote attackers to read arbitrary files via encoded \.. | 5.0 |
| 2004-02-17 | CVE-2004-0071 | Information Disclosure vulnerability in Andy's PHP Projects Man Page Lookup Script Directory traversal vulnerability in buildManPage in class.manpagelookup.php for PHP Man Page Lookup 1.2.0 allows remote attackers to read arbitrary files via the command parameter ($cmd variable) to index.php. network low complexity | 5.0 |
| 2004-02-17 | CVE-2004-0067 | Cross-Site Scripting vulnerability in PHPgedview Multiple cross-site scripting (XSS) vulnerabilities in phpGedView before 2.65 allow remote attackers to inject arbitrary HTML or web script via (1) descendancy.php, (2) index.php, (3) individual.php, (4) login.php, (5) relationship.php, (6) source.php, (7) imageview.php, (8) calendar.php, (9) gedrecord.php, (10) login.php, and (11) gdbi_interface.php. | 4.3 |
| 2004-02-17 | CVE-2004-0066 | Remote Security vulnerability in PhpGedView phpGedView before 2.65 allows remote attackers to obtain the absolute path of the web server via malformed parameters to (1) indilist.php, (2) famlist.php, (3) placelist.php, (4) imageview.php, (5) timeline.php, (6) clippings.php, (7) login.php, and (8) gdbi.php. | 5.0 |