Vulnerabilities > Low
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2005-05-24 | CVE-2005-1696 | Unspecified vulnerability in Postnuke Software Foundation Postnuke 0.750/0.760Rc3 Multiple cross-site scripting (XSS) vulnerabilities in PostNuke 0.750 and 0.760RC3 allow remote attackers to inject arbitrary web script or HTML via the (1) skin or (2) paletteid parameter to demo.php in the Xanthia module, or (3) the serverName parameter to config.php in the Multisites (aka NS-Multisites) module. | 2.6 |
2005-05-24 | CVE-2005-1695 | Unspecified vulnerability in Postnuke Software Foundation Postnuke 0.750/0.760Rc2/0.760Rc3 Multiple cross-site scripting (XSS) vulnerabilities in the RSS module in PostNuke 0.750 and 0.760RC2 and RC3 allow remote attackers to inject arbitrary web script or HTML via the (1) rss_url parameter to magpie_slashbox.php, or the url parameter to (2) magpie_simple.php or (3) magpie_debug.php. | 2.6 |
2005-05-20 | CVE-2005-1686 | Unspecified vulnerability in Gnome Gedit 2.10.2 Format string vulnerability in gedit 2.10.2 may allow attackers to cause a denial of service (application crash) via a bin file with format string specifiers in the filename. | 2.6 |
2005-05-20 | CVE-2005-1683 | Buffer Overflow vulnerability in Microsoft Word MCW File Handler Buffer overflow in winword.exe 10.2627.6714 and earlier in Microsoft Word for the Macintosh, before SP3 for Word 2002, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted mcw file. | 2.6 |
2005-05-20 | CVE-2005-1678 | Remote Security vulnerability in Groove Workspace and Virtual Office Groove Virtual Office before 3.1 build 2338, before 3.1a build 2364, and Groove Workspace before 2.5n build 1871 does not properly display file extensions on attached or embedded files in a compound document, which may allow remote attackers to trick users into executing malicious code. | 2.6 |
2005-05-19 | CVE-2005-1671 | Information Disclosure vulnerability in Messenger The Logfile feature in Yahoo! Messenger 5.x through 6.0 can be activated by a YMSGR: URL and writes all output to a single ypager.log file, even when there are multiple users, and does not properly warn later users that the feature has been enabled, which allows local users to obtain sensitive information from other users. | 2.1 |
2005-05-19 | CVE-2005-1472 | Unspecified vulnerability in Apple mac OS X 10.4.1 Certain system calls in Apple Mac OS X 10.4.1 do not properly enforce the permissions of certain directories without the POSIX read bit set, but with the execute bits set for group or other, which allows local users to list files in otherwise restricted directories. | 2.1 |
2005-05-18 | CVE-2005-0757 | Denial Of Service vulnerability in Linux Kernel 64 Bit EXT3 Filesystem Extended Attribute The xattr file system code, as backported in Red Hat Enterprise Linux 3 on 64-bit systems, does not properly handle certain offsets, which allows local users to cause a denial of service (system crash) via certain actions on an ext3 file system with extended attributes enabled. | 2.1 |
2005-05-18 | CVE-2005-0515 | Local Insecure File Creation vulnerability in Webroot Software MY Firewall Plus 5.0 Smc.exe in My Firewall Plus 5.0 build 1117, and possibly other versions, does not drop privileges before launching the Log Viewer export functionality, which allows local users to corrupt arbitrary files by saving log files. | 2.1 |
2005-05-17 | CVE-2005-1641 | Unspecified vulnerability in the Ignition Project Ignitionserver mod_channel in The Ignition Project ignitionServer 0.3.0 to 0.3.6, and possibly earlier versions, does not allow protected operators to access channels that have been locked out by a key, which allows IRC users to cause a denial of service. | 2.1 |