Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-04-15 | CVE-2004-1935 | Unspecified vulnerability in SCT Corporation Campus Pipeline Cross-site scripting (XSS) vulnerability in SCT Campus Pipeline allows remote attackers to inject arbitrary web script or HTML via onload, onmouseover, and other Javascript events in an e-mail attachment. network sct-corporation | 4.3 |
| 2004-04-15 | CVE-2004-0173 | Directory Traversal vulnerability in Apache Cygwin Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (dot dot encoded backslash) sequences. | 5.0 |
| 2004-04-15 | CVE-2004-0122 | Information Disclosure vulnerability in Microsoft MSN Messenger 6.0/6.1 Microsoft MSN Messenger 6.0 and 6.1 does not properly handle certain requests, which allows remote attackers to read arbitrary files. | 5.0 |
| 2004-04-15 | CVE-2004-0111 | Bitmap Handling Denial Of Service vulnerability in GdkPixbuf gdk-pixbuf before 0.20 allows attackers to cause a denial of service (crash) via a malformed bitmap (BMP) file. | 5.0 |
| 2004-04-15 | CVE-2004-0108 | The isag utility, which processes sysstat data, allows local users to overwrite arbitrary files via a symlink attack on temporary files, a different vulnerability than CAN-2004-0107. | 4.6 |
| 2004-04-15 | CVE-2004-0107 | The (1) post and (2) trigger scripts in sysstat 4.0.7 and earlier allow local users to overwrite arbitrary files via symlink attacks on temporary files, a different vulnerability than CVE-2004-0108. | 4.6 |
| 2004-04-15 | CVE-2003-1038 | Information Disclosure vulnerability in Internet Transaction Server 4620.2.0.323011 The AGate component for SAP Internet Transaction Server (ITS) allows remote attackers to obtain sensitive information via a ~command parameter with an AgateInstallCheck value, which provides a list of installed DLLs and full pathnames. | 5.0 |
| 2004-04-15 | CVE-2003-1034 | The RPM installation of SAP DB 7.x creates the (1) dbmsrv or (2) lserver programs with world-writable permissions, which allows local users to gain privileges by modifying those programs. | 4.6 |
| 2004-04-15 | CVE-2003-0905 | Remote Denial of Service vulnerability in Microsoft Windows Media Services 4.1 Unknown vulnerability in Windows Media Station Service and Windows Media Monitor Service components of Windows Media Services 4.1 allows remote attackers to cause a denial of service (disallowing new connections) via a certain sequence of TCP/IP packets. | 5.0 |
| 2004-04-15 | CVE-2003-0202 | Local File Creation vulnerability in Brian Renaud Metrics 1.0 The (1) halstead and (2) gather_stats scripts in metrics 1.0 allow local users to overwrite arbitrary files via a symlink attack on temporary files. | 4.6 |