Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-05-02 | CVE-2005-1156 | Remote Script Code Execution vulnerability in Mozilla Suite And Firefox Search Plug-In Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 allows remote attackers to execute arbitrary script and code via a new search plugin using sidebar.addSearchEngine, aka "Firesearching 1." | 7.5 |
| 2005-05-02 | CVE-2005-1155 | Code Injection vulnerability in Mozilla Firefox and Mozilla The favicon functionality in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to execute arbitrary code via a <LINK rel="icon"> tag with a javascript: URL in the href attribute, aka "Firelinking." | 7.5 |
| 2005-05-02 | CVE-2005-1154 | Cross-Site Scripting vulnerability in Mozilla Suite And Firefox Global Scope Pollution Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to execute arbitrary script in other domains via a setter function for a variable in the target domain, which is executed when the user visits that domain, aka "Cross-site scripting through global scope pollution." | 7.5 |
| 2005-05-02 | CVE-2005-1153 | Multiple vulnerability Fixed in SCO OpenServer Release 5.0.7 Maintenance Pack 4 Released - Firefox before 1.0.3 and Mozilla Suite before 1.7.7, when blocking a popup, allows remote attackers to execute arbitrary code via a javascript: URL that is executed when the user selects the "Show javascript" option. | 7.5 |
| 2005-05-02 | CVE-2005-1150 | Denial-Of-Service vulnerability in SUN Java System web Server 6.0 Unknown vulnerability in Sun Java System Web Server 6.0 SP7 and earlier, when running on Windows systems, allows attackers to cause a denial of service (hang). | 5.0 |
| 2005-05-02 | CVE-2005-1148 | Information Disclosure vulnerability in Calendarscript 3.20/3.21 calendar.pl in CalendarScript 3.21 allows remote attackers to obtain sensitive information via invalid (1) year or (2) month parameters, which leaks the full pathname and debug information. | 5.0 |
| 2005-05-02 | CVE-2005-1137 | Information Disclosure vulnerability in Alexander Palmo Simple PHP Blog 0.4.0 Simple PHP Blog (sphpBlog) 0.4.0 allows remote attackers to obtain sensitive information via a direct request to sb_functions.php, which leaks the full pathname in a PHP error message. | 5.0 |
| 2005-05-02 | CVE-2005-1135 | Cross-Site Scripting vulnerability in Alexander Palmo Simple PHP Blog 0.4.0 Cross-site scripting (XSS) vulnerability in search.php for Simple PHP Blog (sphpBlog) 0.4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter. network alexander-palmo | 4.3 |
| 2005-05-02 | CVE-2005-1133 | Remote Information Disclosure vulnerability in IBM iSeries AS400 POP3 Server The POP3 server in IBM iSeries AS/400 returns different error messages when the user exists or not, which allows remote attackers to determine valid user IDs on the server. | 5.0 |
| 2005-05-02 | CVE-2005-1132 | Remote Denial Of Service vulnerability in LG Electronics LG Mobile Phone U8120 LG U8120 mobile phone allows remote attackers to cause a denial of service (device crash) via a malformed MIDI file. | 5.0 |