Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-11-23 | CVE-2004-0342 | Off-by-one Error vulnerability in Wftpd PRO Server Project Wftpd PRO Server 3.21 WFTPD Pro Server 3.21 Release 1, with the XeroxDocutech option enabled, allows local users to cause a denial of service (crash) via a (1) MKD or (2) XMKD command that causes an absolute path of 260 characters to be used, which overwrites a cookie with a null character, possibly due to an off-by-one error. | 5.5 |
| 2004-10-18 | CVE-2004-1603 | Link Following vulnerability in Cpanel 9.4.1 cPanel 9.4.1-RELEASE-64 follows hard links, which allows local users to (1) read arbitrary files via the backup feature or (2) chown arbitrary files via the .htaccess file when Front Page extensions are enabled or disabled. | 5.5 |
| 2004-03-26 | CVE-2004-1865 | Cross-site Scripting vulnerability in Bblog 0.7.2 Cross-site scripting (XSS) vulnerability in the administration panel in bBlog 0.7.2 allows remote authenticated users with superuser privileges to inject arbitrary web script or HTML via a blog name ($blogname). | 4.8 |
| 2004-01-05 | CVE-2003-0981 | Origin Validation Error vulnerability in Freescripts Visitorbook LE FreeScripts VisitorBook LE (visitorbook.pl) logs the reverse DNS name of a visiting host, which allows remote attackers to spoof the origin of their incoming requests and facilitate cross-site scripting (XSS) attacks. | 6.1 |
| 2003-12-31 | CVE-2003-1564 | XML Entity Expansion vulnerability in Xmlsoft Libxml2 libxml2, possibly before 2.5.0, does not properly detect recursion during entity expansion, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, aka the "billion laughs attack." | 6.5 |
| 2003-08-18 | CVE-2003-0517 | Link Following vulnerability in Mgetty Project Mgetty 1.1.28 faxrunqd.in in mgetty 1.1.28 and earlier allows local users to overwrite files via a symlink attack on JOB files. | 5.5 |
| 2002-12-31 | CVE-2002-1975 | Inadequate Encryption Strength vulnerability in Sharp Zaurus Sl-5000D Firmware and Zaurus Sl-5500 Firmware Sharp Zaurus PDA SL-5000D and SL-5500 uses a salt of "A0" to encrypt the screen-locking password as stored in the Security.conf file, which makes it easier for local users to guess the password via brute force methods. | 5.5 |
| 2002-12-31 | CVE-2002-1946 | Inadequate Encryption Strength vulnerability in Tata Integrated Dialer 1.2.000 Videsh Sanchar Nigam Limited (VSNL) Integrated Dialer Software 1.2.000, when the "Save Password" option is used, stores the password with a weak encryption scheme (one-to-one mapping) in a registry key, which allows local users to obtain and decrypt the password. | 5.5 |
| 2002-12-31 | CVE-2002-1915 | Improper Locking vulnerability in multiple products tip on multiple BSD-based operating systems allows local users to cause a denial of service (execution prevention) by using flock() to lock the /var/log/acculog file. | 5.5 |
| 2002-12-31 | CVE-2002-1914 | Improper Locking vulnerability in Dump Project Dump 0.4 dump 0.4 b10 through b29 allows local users to cause a denial of service (execution prevention) by using flock() to lock the /etc/dumpdates file. | 5.5 |