Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-01-29 | CVE-2004-2132 | Directory Traversal vulnerability in PJ CGI Neo Review Directory traversal vulnerability in PJreview_Neo.cgi in PJ CGI Neo review allows remote attackers to read arbitrary files via a .. | 5.0 |
| 2004-01-28 | CVE-2004-2134 | Unspecified vulnerability in Oracle Application Server Oracle toplink mapping workBench uses a weak encryption algorithm for passwords, which allows local users to decrypt the passwords. | 4.6 |
| 2004-01-24 | CVE-2004-2122 | Cross-Site Scripting vulnerability in Intra Forum Cross-site scripting (XSS) vulnerability in intraforum_db.cgi in Intra Forum allows remote attackers to inject arbitrary web script or HTML via the (1) use_last_read or (2) forum parameters. network intra-forum | 4.3 |
| 2004-01-23 | CVE-2004-2120 | Remote Denial Of Service vulnerability in Reptile web Server Reptile web Server 20020105 Reptile Web Server allows remote attackers to cause a denial of service (CPU consumption) via multiple incomplete GET requests without the HTTP version. | 5.0 |
| 2004-01-21 | CVE-2004-1759 | Resource Management Errors vulnerability in multiple products Cisco voice products, when running the IBM Director Agent on IBM servers before OS 2000.2.6, allows remote attackers to cause a denial of service (CPU consumption) via arbitrary packets to TCP port 14247, as demonstrated using port scanning. | 5.0 |
| 2004-01-20 | CVE-2004-2127 | Unspecified vulnerability in Leif M. Wright web Blog 1.1 Directory traversal vulnerability in Web Blog 1.1 allows remote attackers to read arbitrary files via a .. | 5.0 |
| 2004-01-20 | CVE-2004-1766 | Remote Communication vulnerability in NetScreen Security Manager Insecure Default The default installation of NetScreen-Security Manager before Feature Pack 1 does not enable encryption for communication with devices running ScreenOS 5.0, which allows remote attackers to obtain sensitive information via sniffing. | 5.0 |
| 2004-01-20 | CVE-2004-0036 | SQL Injection vulnerability in Jelsoft Vbulletin 2.3.0 SQL injection vulnerability in calendar.php for vBulletin Forum 2.3.x before 2.3.4 allows remote attackers to steal sensitive information via the eventid parameter. | 5.0 |
| 2004-01-20 | CVE-2004-0034 | Cross-Site Scripting/HTML Injection vulnerability in Phorum Multiple cross-site scripting (XSS) vulnerabilities in Phorum 3.4.5 and earlier allow remote attackers to inject arbitrary HTML or web script via (1) the phorum_check_xss function in common.php, (2) the EditError variable in profile.php, and (3) the Error variable in login.php. network phorum | 4.3 |
| 2004-01-20 | CVE-2004-0033 | Unspecified vulnerability in PHPgedview 2.61 admin.php in PHPGEDVIEW 2.61 allows remote attackers to obtain sensitive information via an action parameter with a phpinfo command. | 5.0 |