Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-04-15 | CVE-2002-1579 | Denial of Service vulnerability in SAP SAPgui SAP GUI (Sapgui) 4.6D allows remote attackers to cause a denial of service (crash) via a connection to a high-numbered port, which generates an "unknown connection data" error. | 5.0 |
| 2004-04-14 | CVE-2004-1944 | Denial of Service vulnerability in Qualcomm Eudora MIME Message Nesting Eudora 6.1 and 6.0.3 for Windows allows remote attackers to cause a denial of service (crash) via a deeply nested multipart MIME message. | 5.0 |
| 2004-04-14 | CVE-2004-1939 | Cross-Site Scripting vulnerability in Rhino Software Zaep Antispam 2.0/2.0.0.1 Cross-site scripting (XSS) vulnerability in Zaep AntiSpam 2.0 allows remote attackers to inject arbitrary web script or HTML via double encoded slashes (%252F) in the key parameter. network rhinosoft | 4.3 |
| 2004-04-13 | CVE-2004-1758 | Unspecified vulnerability in BEA Weblogic Server 6.1/7.0/8.1 BEA WebLogic Server and WebLogic Express version 8.1 up to SP2, 7.0 up to SP4, and 6.1 up to SP6 may store the database username and password for an untargeted JDBC connection pool in plaintext in config.xml, which allows local users to gain privileges. | 4.6 |
| 2004-04-13 | CVE-2004-1756 | Unspecified vulnerability in BEA Weblogic Server 7.0/8.1 BEA WebLogic Server and WebLogic Express 8.1 SP2 and earlier, and 7.0 SP4 and earlier, when using 2-way SSL with a custom trust manager, may accept a certificate chain even if the trust manager rejects it, which allows remote attackers to spoof other users or servers. | 5.0 |
| 2004-04-12 | CVE-2004-1930 | Cross-Site Scripting vulnerability in PHP-Nuke CookieDecode Cross-site scripting (XSS) vulnerability in the cookiedecode function in mainfile.php for PHP-Nuke 6.x through 7.2, when themes are used, allows remote attackers to inject arbitrary web script or HTML via a base64-encoded user parameter or cookie. network francisco-burzi | 4.3 |
| 2004-04-12 | CVE-2004-1060 | Remote Denial Of Service vulnerability in Multiple Vendor TCP/IP Implementation ICMP Multiple TCP/IP and ICMP implementations, when using Path MTU (PMTU) discovery (PMTUD), allow remote attackers to cause a denial of service (network throughput reduction for TCP connections) via forged ICMP ("Fragmentation Needed and Don't Fragment was Set") packets with a low next-hop MTU value, aka the "Path MTU discovery attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. | 5.0 |
| 2004-04-11 | CVE-2004-1927 | Path Traversal vulnerability in Tiki Tikiwiki Cms/Groupware 1.6.1/1.8.1 Directory traversal vulnerability in the map feature (tiki-map.phtml) in Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote attackers to determine the existence of arbitrary files via .. | 5.0 |
| 2004-04-11 | CVE-2004-1924 | Cross-Site Scripting vulnerability in Tiki Tikiwiki Cms/Groupware 1.6.1/1.8.1 Multiple cross-site scripting (XSS) vulnerabilities in Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allow remote attackers to inject arbitrary web script or HTML via via the (1) theme parameter to tiki-switch_theme.php, (2) find and priority parameters to messu-mailbox.php, (3) flag, priority, flagval, sort_mode, or find parameters to messu-read.php, (4) articleId parameter to tiki-read_article.php, (5) parentId parameter to tiki-browse_categories.php, (6) comments_threshold parameter to tiki-index.php (7) articleId parameter to tiki-print_article.php, (8) galleryId parameter to tiki-list_file_gallery.php, (9) galleryId parameter to tiki-upload_file.php, (10) faqId parameter to tiki-view_faq.php, (11) chartId parameter to tiki-view_chart.php, or (12) surveyId parameter to tiki-survey_stats_survey.php. | 4.3 |
| 2004-04-11 | CVE-2004-1923 | Information Exposure vulnerability in Tiki Tikiwiki Cms/Groupware 1.6.1/1.8.1 Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote attackers to gain sensitive information via a direct request to (1) banner_click.php, (2) categorize.php, (3) tiki-admin_include_directory.php, (4) tiki-directory_search.php, which reveal the web server path in an error message. | 5.0 |