Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2004-01-20 | CVE-2004-0032 | Cross-Site Scripting vulnerability in PHPgedview 2.61 Cross-site scripting (XSS) vulnerability in search.php in PHPGEDVIEW 2.61 allows remote attackers to inject arbitrary HTML and web script via the firstname parameter. network phpgedview | 6.8 |
2004-01-20 | CVE-2003-1028 | Unspecified vulnerability in Microsoft IE and Internet Explorer The download function of Internet Explorer 6 SP1 allows remote attackers to obtain the cache directory name via an HTTP response with an invalid ContentType and a .htm file, which could allow remote attackers to bypass security mechanisms that rely on random names, as demonstrated by threadid10008. | 5.0 |
2004-01-20 | CVE-2003-1025 | Improper Input Validation vulnerability in Microsoft Internet Explorer 6.0 Internet Explorer 5.01 through 6 SP1 allows remote attackers to spoof the domain of a URL via a "%01" character before an @ sign in the user@domain portion of the URL, which hides the rest of the URL, including the real site, in the address bar, aka the "Improper URL Canonicalization Vulnerability." | 4.3 |
2004-01-20 | CVE-2003-0904 | Information Exposure vulnerability in Microsoft products Microsoft Exchange 2003 and Outlook Web Access (OWA), when configured to use NTLM authentication, does not properly reuse HTTP connections, which can cause OWA users to view mailboxes of other users when Kerberos has been disabled as an authentication method for IIS 6.0, e.g. | 6.0 |
2004-01-20 | CVE-2003-0696 | Unspecified vulnerability in IBM AIX 5.1/5.2 The getipnodebyname() API in AIX 5.1 and 5.2 does not properly close sockets, which allows attackers to cause a denial of service (resource exhaustion). | 5.0 |
2004-01-15 | CVE-2005-1247 | Denial-Of-Service vulnerability in Novell Nsure Audit 1.0.1 webadmin.exe in Novell Nsure Audit 1.0.1 allows remote attackers to cause a denial of service via malformed ASN.1 packets in corrupt client certificates to an SSL server, as demonstrated using an exploit for the OpenSSL ASN.1 parsing vulnerability. | 5.0 |
2004-01-14 | CVE-2004-1124 | CHRoot Breakout vulnerability in SCO UnixWare/OpenServer Unknown vulnerability in chroot on SCO UnixWare 7.1.1 through 7.1.4 allows local users to escape the chroot jail and conduct unauthorized activities. | 4.6 |
2004-01-05 | CVE-2003-1020 | Denial-Of-Service vulnerability in irssi The format_send_to_gui function in formats.c for irssi before 0.8.9 allows remote IRC users to cause a denial of service (crash). | 5.0 |
2004-01-05 | CVE-2003-1017 | Unspecified vulnerability in Macromedia Director and Flash Player Macromedia Flash Player before 7,0,19,0 stores a Flash data file in a predictable location that is accessible to web browsers such as Internet Explorer and Opera, which allows remote attackers to read restricted files via vulnerabilities in web browsers whose exploits rely on predictable names. | 5.0 |
2004-01-05 | CVE-2003-1004 | Denial-Of-Service vulnerability in Cisco PIX Firewall and PIX Firewall Software Cisco PIX firewall 6.2.x through 6.2.3, when configured as a VPN Client, allows remote attackers to cause a denial of service (dropped IPSec tunnel connection) via an IKE Phase I negotiation request to the outside interface of the firewall. | 5.0 |