Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2004-04-09 | CVE-2004-1919 | Remote Denial of Service vulnerability in Crackalaka 1.0.8 The hash_strcmp function in hasch.c in Crackalaka 1.0.8 allows remote attackers to cause a denial of service (crash) via large malformed strings. | 5.0 |
2004-04-09 | CVE-2004-1918 | Remote Denial of Service vulnerability in Rsniff 1.0 RSniff 1.0 allows remote attackers to cause a denial of service (connection exhaustion) via a large number of connections with a command other than AUTHENTICATE, or without any data, which prevents the socket from being closed properly. | 5.0 |
2004-04-07 | CVE-2004-1357 | Unspecified vulnerability in SUN Solaris 9.0 The Secure Shell (SSH) Daemon (SSHD) in Sun Solaris 9 does not properly log IP addresses when SSHD is configured with the ListenAddress as 0.0.0.0, which makes it easier for remote attackers to hide the source of their activities. | 5.0 |
2004-04-04 | CVE-2004-1986 | Input Validation vulnerability in Coppermine Photo Gallery Directory traversal vulnerability in modules.php in Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 allows remote attackers with administrative privileges to read arbitrary files via a .. | 5.0 |
2004-04-02 | CVE-2004-1890 | Denial Of Service vulnerability in SGI IRIX ftpd Unknown vulnerability in ftpd in SGI IRIX 6.5.20 through 6.5.23 allows remote attackers to cause a denial of service (hang) via the PORT mode. | 5.0 |
2004-03-30 | CVE-2004-1878 | Remote Authentication Bypass vulnerability in LinBit Technologies LINBOX Officeserver LINBOX LIN:BOX allows remote attackers to bypass authentication, obtain sensitive information, or gain access via a direct request to admin/user.pl preceded by // (double leading slash). | 5.0 |
2004-03-30 | CVE-2004-1876 | Unspecified vulnerability in Clam Anti-Virus Clamav The "%f" feature in the VirusEvent directive in Clam AntiVirus daemon (clamd) before 0.70 allows local users to execute arbitrary commands via shell metacharacters in a file name. | 4.6 |
2004-03-29 | CVE-2004-1874 | Input Validation vulnerability in Alan Ward A-Cart 2.0 Multiple cross-site scripting (XSS) vulnerabilities in (1) deliver.asp and (2) billing.asp in A-CART Pro and A-CART 2.0 allow remote attackers to inject arbitrary web script or HTML via the user information forms. network alan-ward | 4.3 |
2004-03-29 | CVE-2004-1872 | HTML Injection vulnerability in WebCT Campus Edition Cross-site scripting (XSS) vulnerability in WebCT Campus Edition 4.1.1.5 allows remote attackers to inject arbitrary web script or HTML via the @import URL function in a CSS style tag. network webct | 4.3 |
2004-03-29 | CVE-2004-1871 | Input Validation vulnerability in All Enthusiast Photopost PHP Pro Multiple cross-site scripting (XSS) vulnerabilities in PhotoPost PHP Pro 4.6.x and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) ppuser, (2) password, (3) stype, (4) perpage, (5) sort, (6) page, (7) si, or (8) cat parameters to showmembers.php, or the (9) photo name, (10) photo description, (11) album name, or (12) album description fields. network photopost | 4.3 |