Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-02-06 | CVE-2004-2089 | Matrix FTP Server allows remote attackers to cause a denial of service (crash) by logging in using four spaces as the username and password and then issuing a LIST command. | 5.0 |
| 2004-02-06 | CVE-2004-2086 | Buffer Overflow vulnerability in Sambar Server 6.0 Stack-based buffer overflow in results.stm for Sambar Server before the 6.0 production release allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP POST request with a long query parameter. | 5.0 |
| 2004-02-04 | CVE-2004-2085 | HTML Injection vulnerability in Brad Fears PHPCodeCabinet comments.php Multiple cross-site scripting (XSS) vulnerabilities in Brad Fears phpCodeCabinet 0.4 and earlier allow remote attackers to inject arbitrary web script or HTML via multiple parameters, including (1) the sid parameter to comments.php, (2) the cid, cf, or rfd parameters to category.php, or the cid parameter to (3) input.php, (4) browse.php, (5) themes/facade/header.php, or (6) themes/phpcc/header.php. network brad-fears | 4.3 |
| 2004-02-03 | CVE-2004-0046 | Cross-Site Scripting vulnerability in SnapStream PVS Lite Cross-site scripting (XSS) vulnerability in SnapStream PVS LITE allows remote attackers to inject arbitrary web script or HTML via a GET request containing a terminating '"' (double quote) character. network snapstream | 4.3 |
| 2004-02-03 | CVE-2004-0042 | Remote Security vulnerability in Beasts Vsftpd 1.1.3 vsftpd 1.1.3 generates different error messages depending on whether or not a valid username exists, which allows remote attackers to identify valid usernames. | 5.0 |
| 2004-02-03 | CVE-2004-0013 | Denial of Service vulnerability in Jabber Server SSL Handling jabber 1.4.2, 1.4.2a, and possibly earlier versions, does not properly handle SSL connections, which allows remote attackers to cause a denial of service (crash). | 5.0 |
| 2004-02-03 | CVE-2003-0949 | Local Command Execution vulnerability in Michael Bischoff Xsok 1.02 xsok 1.02 does not properly drop privileges before finding and executing the "gunzip" program, which allows local users to execute arbitrary commands. | 4.6 |
| 2004-02-03 | CVE-2003-0368 | Improper Input Validation vulnerability in Nokia Ggsn Release1 Nokia Gateway GPRS support node (GGSN) allows remote attackers to cause a denial of service (kernel panic) via a malformed IP packet with a 0xFF TCP option. | 5.0 |
| 2004-02-01 | CVE-2003-1207 | Denial Of Service vulnerability in Crob FTP Server 3.5.1 Crob FTP Server 3.5.1 allows remote authenticated users to cause a denial of service (crash) via a dir command with a large number of "." characters followed by a "/*" string. | 5.0 |
| 2004-01-29 | CVE-2004-2133 | Unspecified vulnerability in Cvsup Cvsup16.1H2.I386.Rpm/Cvsup16.1H36.I586.Rpm/Cvsup16.1H43.I586.Rpm Certain third-party packages for CVSup 16.1h, such as SuSE Linux, contain untrusted paths in the ELF RPATH fields of certain executables, which could allow local users to execute arbitrary code by causing cvsup to link against malicious libraries that are created in world-writable directories such as /usr/src/packages. | 4.6 |