Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-02-04 | CVE-2004-2085 | HTML Injection vulnerability in Brad Fears PHPCodeCabinet comments.php Multiple cross-site scripting (XSS) vulnerabilities in Brad Fears phpCodeCabinet 0.4 and earlier allow remote attackers to inject arbitrary web script or HTML via multiple parameters, including (1) the sid parameter to comments.php, (2) the cid, cf, or rfd parameters to category.php, or the cid parameter to (3) input.php, (4) browse.php, (5) themes/facade/header.php, or (6) themes/phpcc/header.php. network brad-fears | 4.3 |
| 2004-02-03 | CVE-2004-0046 | Cross-Site Scripting vulnerability in SnapStream PVS Lite Cross-site scripting (XSS) vulnerability in SnapStream PVS LITE allows remote attackers to inject arbitrary web script or HTML via a GET request containing a terminating '"' (double quote) character. network snapstream | 4.3 |
| 2004-02-03 | CVE-2004-0042 | Remote Security vulnerability in Beasts Vsftpd 1.1.3 vsftpd 1.1.3 generates different error messages depending on whether or not a valid username exists, which allows remote attackers to identify valid usernames. | 5.0 |
| 2004-02-03 | CVE-2004-0013 | Denial of Service vulnerability in Jabber Server SSL Handling jabber 1.4.2, 1.4.2a, and possibly earlier versions, does not properly handle SSL connections, which allows remote attackers to cause a denial of service (crash). | 5.0 |
| 2004-02-03 | CVE-2003-0949 | Local Command Execution vulnerability in Michael Bischoff Xsok 1.02 xsok 1.02 does not properly drop privileges before finding and executing the "gunzip" program, which allows local users to execute arbitrary commands. | 4.6 |
| 2004-02-03 | CVE-2003-0368 | Improper Input Validation vulnerability in Nokia Ggsn Release1 Nokia Gateway GPRS support node (GGSN) allows remote attackers to cause a denial of service (kernel panic) via a malformed IP packet with a 0xFF TCP option. | 5.0 |
| 2004-02-01 | CVE-2003-1207 | Denial Of Service vulnerability in Crob FTP Server 3.5.1 Crob FTP Server 3.5.1 allows remote authenticated users to cause a denial of service (crash) via a dir command with a large number of "." characters followed by a "/*" string. | 5.0 |
| 2004-01-29 | CVE-2004-2133 | Unspecified vulnerability in Cvsup Cvsup16.1H2.I386.Rpm/Cvsup16.1H36.I586.Rpm/Cvsup16.1H43.I586.Rpm Certain third-party packages for CVSup 16.1h, such as SuSE Linux, contain untrusted paths in the ELF RPATH fields of certain executables, which could allow local users to execute arbitrary code by causing cvsup to link against malicious libraries that are created in world-writable directories such as /usr/src/packages. | 4.6 |
| 2004-01-29 | CVE-2004-2132 | Directory Traversal vulnerability in PJ CGI Neo Review Directory traversal vulnerability in PJreview_Neo.cgi in PJ CGI Neo review allows remote attackers to read arbitrary files via a .. | 5.0 |
| 2004-01-28 | CVE-2004-2134 | Unspecified vulnerability in Oracle Application Server Oracle toplink mapping workBench uses a weak encryption algorithm for passwords, which allows local users to decrypt the passwords. | 4.6 |