Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-03-15 | CVE-2004-0192 | Cross-Site Scripting vulnerability in Symantec Gateway Security 5400 2.0 Cross-site scripting (XSS) vulnerability in the Management Service for Symantec Gateway Security 2.0 allows remote attackers to steal cookies and hijack a management session via a /sgmi URL that contains malicious script, which is not quoted in the resulting error page. network symantec | 6.8 |
| 2004-03-15 | CVE-2004-0191 | Cross-Site Scripting vulnerability in Mozilla Browser Zombie Document Mozilla before 1.4.2 executes Javascript events in the context of a new page while it is being loaded, allowing it to interact with the previous page (zombie document) and enable cross-domain and cross-site scripting (XSS) attacks, as demonstrated using onmousemove events. network mozilla | 6.8 |
| 2004-03-15 | CVE-2004-0171 | Remote Denial Of Service vulnerability in BSD Out Of Sequence Packets FreeBSD 5.1 and earlier, and Mac OS X before 10.3.4, allows remote attackers to cause a denial of service (resource exhaustion of memory buffers and system crash) via a large number of out-of-sequence TCP packets, which prevents the operating system from creating new connections. | 5.0 |
| 2004-03-15 | CVE-2004-0169 | Remote Denial of Service vulnerability in Apple Darwin Streaming Server 4.1.3 QuickTime Streaming Server in MacOS X 10.2.8 and 10.3.2 allows remote attackers to cause a denial of service (crash) via DESCRIBE requests with long User-Agent fields, which causes an Assert error to be triggered in the BufferIsFull function. | 5.0 |
| 2004-03-15 | CVE-2004-0166 | Unspecified vulnerability in Apple mac OS X and mac OS X Server Unknown vulnerability in Safari web browser for Mac OS X 10.2.8 related to "the display of URLs in the status bar." | 5.0 |
| 2004-03-15 | CVE-2004-0165 | Unspecified vulnerability in Apple mac OS X and mac OS X Server Format string vulnerability in Point-to-Point Protocol (PPP) daemon (pppd) 2.4.0 for Mac OS X 10.3.2 and earlier allows remote attackers to read arbitrary pppd process data, including PAP or CHAP authentication credentials, to gain privileges. | 5.0 |
| 2004-03-12 | CVE-2004-1358 | Unspecified vulnerability in SUN Solaris 9.0 The patches (1) 114332-08 and (2) 114929-06 for Sun Solaris 9 disable the auditing functionality of the Basic Security Module (BSM), which allows attackers to avoid having their activity logged. | 5.0 |
| 2004-03-11 | CVE-2003-1199 | Cross-Site Scripting vulnerability in Myproxy 20030629 Cross-site scripting (XSS) vulnerability in MyProxy 20030629 allows remote attackers to inject arbitrary web script or HTML via the URL. network myproxy | 6.8 |
| 2004-03-04 | CVE-2004-1359 | Local UUCP Buffer Overrun vulnerability in Sun Solaris Multiple buffer overflows in uucp for Sun Solaris 2.6, 7, 8, and 9 allow local users to execute arbitrary code as the uucp user. | 4.6 |
| 2004-03-03 | CVE-2004-1990 | Input Validation vulnerability in Aldo Vargas Aldos web Server 1.5 Aldo's Web Server (aweb) 1.5 allows remote attackers to gain sensitive information via an arbitrary character, which reveals the full path and the user running the aweb process, possibly due to a malformed request. | 5.0 |