Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-04-23 | CVE-2004-1963 | nqt.php in Network Query Tool (NQT) 1.6 allows remote attackers to obtain sensitive information via a string in the portNum parameter, which reveals the full path in an error message. | 5.0 |
| 2004-04-23 | CVE-2004-1959 | Unspecified vulnerability in Protector System Protector System 1.15B1 blocker_query.php in Protector System 1.15b1 for PHP-Nuke allows remote attackers to gain sensitive information via a string in the portNum parameter, which reveals the full path in an error message. | 5.0 |
| 2004-04-21 | CVE-2004-1956 | Cross-Site Scripting And Path Disclosure vulnerability in Postnuke Software Foundation Postnuke 0.726 PostNuke 0.7.2.6 allows remote attackers to gain information via a direct HTTP request to files in the (1) includes/blocks directory, (2) pnadodb directory, (3) NS-NewUser module, (4) NS-Your_Account, (5) NS-LostPassword module, or (6) NS-User module which reveals the path to the web server in a PHP error message. | 5.0 |
| 2004-04-21 | CVE-2004-1954 | Multiple vulnerability in PHProfession 2.5 Cross-site scripting (XSS) vulnerability in modules.php in phProfession 2.5 allows remote attackers to inject arbitrary web script or HTML via the jcode parameter. network phprofession | 4.3 |
| 2004-04-20 | CVE-2004-1992 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Solarwinds Serv-U File Server Buffer overflow in Serv-U FTP server before 5.0.0.6 allows remote attackers to cause a denial of service (crash) via a long -l parameter, which triggers an out-of-bounds read. | 5.0 |
| 2004-04-20 | CVE-2004-1948 | Local Information Disclosure vulnerability in NcFTP NcFTP client 3.1.6 and 3.1.7, when the username and password are included in an FTP URL that is provided on the command line, allows local users to obtain sensitive information via "ps aux," which displays the URL in the process list. | 4.6 |
| 2004-04-19 | CVE-2004-1950 | Unspecified vulnerability in PHPbb Group PHPbb phpBB 2.0.8a and earlier trusts the IP address that is in the X-Forwarded-For in the HTTP header, which allows remote attackers to spoof IP addresses. | 5.0 |
| 2004-04-19 | CVE-2004-1947 | Remote File Upload And Execution vulnerability in Softwin BitDefender AvxScanOnlineCtrl COM Object The AVXSCANONLINE.AvxScanOnlineCtrl.1 ActiveX control in BitDefender Scan Online allows remote attackers to (1) obtain sensitive information such as system drives and contents or (2) use the RequestFile method to download and execute arbitrary code via an object codebase that uses bitdefender.cab. | 5.0 |
| 2004-04-19 | CVE-2004-1946 | Local Security vulnerability in Cherokee Httpd 0.4.16 Format string vulnerability in the PRINT_ERROR function in common.c for Cherokee Web Server 0.4.16 and earlier allows local users to execute arbitrary code via format string specifiers in the -C command line argument. | 4.6 |
| 2004-04-19 | CVE-2004-1941 | Denial Of Service vulnerability in Fastream Netfile FTP web Server 6.5.1.980 Fastream NETFile FTP/Web Server 6.5.1.980 allows remote attackers to cause a denial of service via a username that does not exist. | 5.0 |