Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-11-23 | CVE-2004-0344 | Input Validation vulnerability in Yabb 1.5.5/1.5.5B Directory traversal vulnerability in ModifyMessage.php in YaBB SE 1.5.4 through 1.5.5b allows remote attackers to delete arbitrary files via a .. | 6.4 |
| 2004-11-23 | CVE-2004-0342 | Off-by-one Error vulnerability in Wftpd PRO Server Project Wftpd PRO Server 3.21 WFTPD Pro Server 3.21 Release 1, with the XeroxDocutech option enabled, allows local users to cause a denial of service (crash) via a (1) MKD or (2) XMKD command that causes an absolute path of 260 characters to be used, which overwrites a cookie with a null character, possibly due to an off-by-one error. | 5.5 |
| 2004-11-23 | CVE-2004-0339 | Cross-Site Scripting vulnerability in PHPBB Cross-site scripting (XSS) vulnerability in ViewTopic.php in phpBB, possibly 2.0.6c and earlier, allows remote attackers to execute arbitrary script or HTML as other users via the postorder parameter. network phpbb-group | 6.8 |
| 2004-11-23 | CVE-2004-0337 | Cross-Site Scripting vulnerability in Software602 602Pro LAN Suite Web Mail Cross-site scripting (XSS) vulnerability in LAN SUITE Web Mail 602Pro allows remote attackers to execute arbitrary script or HTML as other users via a URL to index.html, followed by a / (slash) and the desired script. network software602 | 6.8 |
| 2004-11-23 | CVE-2004-0336 | Path Disclosure vulnerability in Software602 602Pro LAN Suite Web Mail Installation LAN SUITE Web Mail 602Pro allows remote attackers to gain sensitive information via the mail login form, which contains the path to the mail directory. | 5.0 |
| 2004-11-23 | CVE-2004-0335 | Remote Security vulnerability in 602Pro Lan Suite LAN SUITE Web Mail 602Pro, when configured to use the "Directory browsing" feature, allows remote attackers to obtain a directory listing via an HTTP request to (1) index.html, (2) cgi-bin/, or (3) users/. | 5.0 |
| 2004-11-23 | CVE-2004-0334 | Security Bypass vulnerability in Innomedia Videophone Au75200Xvi04010X InnoMedia VideoPhone allows remote attackers to bypass Basic Authorization via an HTTP request to (1) videophone_admindetail.asp, (2) videophone_syscfg.asp, (3) videophone_upgrade.asp, or (4) videophone_sysctrl.asp that contains a trailing / (slash). | 5.0 |
| 2004-11-23 | CVE-2004-0331 | Heap Overflow vulnerability in Dell OpenManage Web Server POST Request Heap-based buffer overflow in Dell OpenManage Web Server 3.4.0 allows remote attackers to cause a denial of service (crash) via a HTTP POST with a long application variable. | 5.0 |
| 2004-11-23 | CVE-2004-0329 | Remote Denial Of Service vulnerability in Freechat 0.1.1A/1.1.1A FreeChat 1.1.1a allows remote attackers to cause a denial of service (crash) via certain unexpected strings, as demonstrated using "aaaaa". | 5.0 |
| 2004-11-23 | CVE-2004-0327 | Unspecified vulnerability in Skintech PHPnewsmanager 1.36 Directory traversal vulnerability in functions.php in PhpNewsManager 1.46 allows remote attackers to retrieve arbitrary files via .. | 5.0 |