Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2004-05-05 | CVE-2004-1999 | Cross-Site Scripting vulnerability in PHP-Nuke Cross-site scripting (XSS) vulnerability in the Downloads module in Php-Nuke 6.x through 7.2 allows remote attackers to inject arbitrary HTML and web script via the (1) ttitle or (2) sid parameters to modules.php. network francisco-burzi | 4.3 |
2004-05-05 | CVE-2004-1998 | Information Disclosure vulnerability in PHP-Nuke The Downloads module in Php-Nuke 6.x through 7.2 allows remote attackers to gain sensitive information via an invalid show parameter to modules.php, which reveals the full path in a PHP error message. | 5.0 |
2004-05-05 | CVE-2004-1997 | Kolab stores OpenLDAP passwords in plaintext in the slapd.conf file, which may be installed world-readable, which allows local users to gain privileges. | 4.6 |
2004-05-05 | CVE-2004-1996 | HTML Injection vulnerability in Simple Machines SMF 1.0Beta4.1/1.0Beta4P/1.0Beta5P Cross-site scripting (XSS) vulnerability in Simple Machines Forum (SMF) 1.0 allows remote attackers to inject arbitrary web script via the size tag. network simple-machines | 4.3 |
2004-05-05 | CVE-2004-1994 | Authentication Bypass vulnerability in E-Zone Media Inc. Fusetalk 2.0/3.0/4.0 FuseTalk 4.0 allows remote attackers to ban other users via a direct request to banning.cfm. | 5.0 |
2004-05-04 | CVE-2004-0379 | Unspecified vulnerability in Microsoft Sharepoint Portal Server 2001 Multiple cross-site scripting (XSS) vulnerabilities in Microsoft SharePoint Portal Server 2001 allow remote attackers to process arbitrary web content and steal cookies via certain server scripts. network microsoft | 6.8 |
2004-05-04 | CVE-2004-0376 | Denial Of Service vulnerability in OFTPD Port Argument oftpd 0.3.6 and earlier allows remote attackers to cause a denial of service (crash) via a PORT command with a large value. | 5.0 |
2004-05-04 | CVE-2004-0374 | Remote Information Disclosure vulnerability in Interchange Interchange before 5.0.1 allows remote attackers to "expose the content of arbitrary variables" and read or modify sensitive SQL information via an HTTP request ending with the "__SQLUSER__" string. | 6.4 |
2004-05-04 | CVE-2004-0371 | Unspecified vulnerability in KTH Heimdal Heimdal 0.6.x before 0.6.1 and 0.5.x before 0.5.3 does not properly perform certain consistency checks for cross-realm requests, which allows remote attackers with control of a realm to impersonate others in the cross-realm trust path. | 5.0 |
2004-05-04 | CVE-2004-0219 | Unspecified vulnerability in Openbsd isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a denial of service (crash) via an ISAKMP packet with a malformed IPSEC SA payload, as demonstrated by the Striker ISAKMP Protocol Test Suite. | 5.0 |