Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2004-01-20 | CVE-2004-0034 | Cross-Site Scripting/HTML Injection vulnerability in Phorum Multiple cross-site scripting (XSS) vulnerabilities in Phorum 3.4.5 and earlier allow remote attackers to inject arbitrary HTML or web script via (1) the phorum_check_xss function in common.php, (2) the EditError variable in profile.php, and (3) the Error variable in login.php. network phorum | 4.3 |
2004-01-20 | CVE-2004-0033 | Unspecified vulnerability in PHPgedview 2.61 admin.php in PHPGEDVIEW 2.61 allows remote attackers to obtain sensitive information via an action parameter with a phpinfo command. | 5.0 |
2004-01-20 | CVE-2004-0032 | Cross-Site Scripting vulnerability in PHPgedview 2.61 Cross-site scripting (XSS) vulnerability in search.php in PHPGEDVIEW 2.61 allows remote attackers to inject arbitrary HTML and web script via the firstname parameter. network phpgedview | 6.8 |
2004-01-20 | CVE-2003-1028 | Unspecified vulnerability in Microsoft IE and Internet Explorer The download function of Internet Explorer 6 SP1 allows remote attackers to obtain the cache directory name via an HTTP response with an invalid ContentType and a .htm file, which could allow remote attackers to bypass security mechanisms that rely on random names, as demonstrated by threadid10008. | 5.0 |
2004-01-20 | CVE-2003-1025 | Improper Input Validation vulnerability in Microsoft Internet Explorer 6.0 Internet Explorer 5.01 through 6 SP1 allows remote attackers to spoof the domain of a URL via a "%01" character before an @ sign in the user@domain portion of the URL, which hides the rest of the URL, including the real site, in the address bar, aka the "Improper URL Canonicalization Vulnerability." | 4.3 |
2004-01-20 | CVE-2003-0904 | Information Exposure vulnerability in Microsoft products Microsoft Exchange 2003 and Outlook Web Access (OWA), when configured to use NTLM authentication, does not properly reuse HTTP connections, which can cause OWA users to view mailboxes of other users when Kerberos has been disabled as an authentication method for IIS 6.0, e.g. | 6.0 |
2004-01-20 | CVE-2003-0696 | Unspecified vulnerability in IBM AIX 5.1/5.2 The getipnodebyname() API in AIX 5.1 and 5.2 does not properly close sockets, which allows attackers to cause a denial of service (resource exhaustion). | 5.0 |
2004-01-15 | CVE-2005-1247 | Denial-Of-Service vulnerability in Novell Nsure Audit 1.0.1 webadmin.exe in Novell Nsure Audit 1.0.1 allows remote attackers to cause a denial of service via malformed ASN.1 packets in corrupt client certificates to an SSL server, as demonstrated using an exploit for the OpenSSL ASN.1 parsing vulnerability. | 5.0 |
2004-01-14 | CVE-2004-1124 | CHRoot Breakout vulnerability in SCO UnixWare/OpenServer Unknown vulnerability in chroot on SCO UnixWare 7.1.1 through 7.1.4 allows local users to escape the chroot jail and conduct unauthorized activities. | 4.6 |
2004-01-05 | CVE-2003-1020 | Denial-Of-Service vulnerability in irssi The format_send_to_gui function in formats.c for irssi before 0.8.9 allows remote IRC users to cause a denial of service (crash). | 5.0 |