Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-11-23 | CVE-2004-0743 | Unspecified vulnerability in Apple mac OS X and mac OS X Server Safari in Mac OS X before 10.3.5, after sending form data using the POST method, may re-send the data to a GET method URL if that URL is redirected after the POST data and the user uses the forward or backward buttons, which may cause an information leak. | 5.0 |
| 2004-11-23 | CVE-2004-0599 | Remote vulnerability in LibPNG Graphics Library Multiple integer overflows in the (1) png_read_png in pngread.c or (2) png_handle_sPLT functions in pngrutil.c or (3) progressive display image reading capability in libpng 1.2.5 and earlier allow remote attackers to cause a denial of service (application crash) via a malformed PNG image. | 5.0 |
| 2004-11-23 | CVE-2004-0598 | Remote vulnerability in LibPNG Graphics Library The png_handle_iCCP function in libpng 1.2.5 and earlier allows remote attackers to cause a denial of service (application crash) via a certain PNG image that triggers a null dereference. | 5.0 |
| 2004-11-23 | CVE-2004-0361 | Denial Of Service vulnerability in Apple Safari Large JavaScript Array Handling The Javascript engine in Safari 1.2 and earlier allows remote attackers to cause a denial of service (segmentation fault) by creating a new Array object with a large size value, then writing into that array. | 5.0 |
| 2004-11-23 | CVE-2004-0359 | Cross-Site Scripting vulnerability in Invision Power Board Cross-site scripting (XSS) vulnerability in index.php for Invision Power Board 1.3 final allows remote attackers to execute arbitrary script as other users via the (1) c, (2) f, (3) showtopic, (4) showuser, or (5) username parameters. network invision-power-services | 6.8 |
| 2004-11-23 | CVE-2004-0358 | Module Cross-Site Scripting vulnerability in VirtuaSystems VirtuaNews Cross-site scripting (XSS) vulnerability in VirtuaNews Admin Panel Pro 1.0.3 allows remote attackers to execute arbitrary script as other users via (1) the mainnews parameter in admin.php, (2) the expand parameter in admin.php, (3) the id parameter in admin.php, (4) the catid parameter in admin.php, or (5) an unnamed parameter during the newslogo_upload action in admin.php. network virtuasystems | 6.8 |
| 2004-11-23 | CVE-2004-0355 | Path Disclosure vulnerability in Invision Power Services Invision Board 1.3 Invision Power Board 1.3 Final allows remote attackers to gain sensitive information by selecting a file for "Personal Photo" that is not an image file, which displays the installation path in an error message. | 5.0 |
| 2004-11-23 | CVE-2004-0352 | Denial Of Service vulnerability in Cisco Content Service Switch Management Port UDP Cisco 11000 Series Content Services Switches (CSS) running WebNS 5.0(x) before 05.0(04.07)S, and 6.10(x) before 06.10(02.05)S allow remote attackers to cause a denial of service (device reset) via a malformed packet to UDP port 5002. | 5.0 |
| 2004-11-23 | CVE-2004-0349 | Directory Traversal vulnerability in Gweb Http Server 0.5/0.6 Directory traversal vulnerability in GWeb HTTP Server 0.6 allows remote attackers to view arbitrary files via a .. | 5.0 |
| 2004-11-23 | CVE-2004-0347 | Cross-Site Scripting vulnerability in NetScreen SA 5000 Series delhomepage.cgi Cross-site scripting (XSS) vulnerability in delhomepage.cgi in NetScreen-SA 5000 Series running firmware 3.3 Patch 1 (build 4797) allows remote authenticated users to execute arbitrary script as other users via the row parameter. network netscreen | 6.0 |