Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-05-02 | CVE-2005-0870 | Cross-Site Scripting vulnerability in PHPsysinfo 2.3 Multiple cross-site scripting (XSS) vulnerabilities in phpSysInfo 2.3, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) sensor_program parameter to index.php, (2) text[language], (3) text[template], or (4) hide_picklist parameter to system_footer.php. network phpsysinfo | 4.3 |
| 2005-05-02 | CVE-2005-0869 | Information Disclosure vulnerability in PHPsysinfo 2.3 phpSysInfo 2.3 allows remote attackers to obtain sensitive information via a direct request to (1) class.OpenBSD.inc.php, (2) class.NetBSD.inc.php, (3) class.FreeBSD.inc.php, (4) class.Darwin.inc.php, (5) XPath.class.php, (6) system_header.php, or (7) system_footer.php, which reveal the path in a PHP error message. | 5.0 |
| 2005-05-02 | CVE-2005-0864 | Remote vulnerability in Securecomputing Samsung Adsl Modem Smdk8947V1.2 The Boa web server, as used in Samsung ADSL Modem SMDK8947v1.2 and possibly other products, allows remote attackers to read arbitrary files via a full pathname in the HTTP request. | 5.0 |
| 2005-05-02 | CVE-2005-0863 | HTML Injection vulnerability in PHPopenchat 3.0.0/3.0.1/3.0.2 Cross-site scripting (XSS) vulnerability in PHPOpenChat v3.x allows remote attackers to inject arbitrary web script or HTML via (1) the chatter parameter to regulars.php or (2) the chatter, chatter1, chatter2, chatter3, or chatter4 parameters to register.php. network phpopenchat | 4.3 |
| 2005-05-02 | CVE-2005-0857 | Cross-Site Scripting And SQL Injection vulnerability in CoolForum Cross-site scripting (XSS) vulnerability in avatar.php for CoolForum 0.8 and earlier allows remote attackers to inject arbitrary web script or HTML via the img parameter. network coolforum | 4.3 |
| 2005-05-02 | CVE-2005-0853 | Remote vulnerability in Betaparticle Blog 2.0/3.0 betaparticle blog (bp blog) stores the database under the web root, which allows remote attackers to obtain sensitive information via a direct request to (1) dbBlogMX.mdb for versions before 3.0, or (2) Blog.mdb for versions 3.0 and later. | 5.0 |
| 2005-05-02 | CVE-2005-0851 | Infinite Loop vulnerability in Filezilla-Project Filezilla Server FileZilla FTP server before 0.9.6, when using MODE Z (zlib compression), allows remote attackers to cause a denial of service (infinite loop) via certain file uploads or directory listings. | 5.0 |
| 2005-05-02 | CVE-2005-0850 | Improper Input Validation vulnerability in Filezilla-Project Filezilla Server FileZilla FTP server before 0.9.6 allows remote attackers to cause a denial of service via a request for a filename containing an MS-DOS device name such as CON, NUL, COM1, LPT1, and others. | 5.0 |
| 2005-05-02 | CVE-2005-0849 | Unspecified vulnerability in Funlabs products Multiple games developed by FUN labs, including 4X4 Off-road Adventure III, Big Game Hunter, Dangerous Hunts, Deer Hunt, Revolution, Secret Service, Shadow Force, and US Most Wanted, allow remote attackers to cause a denial of service (crash from invalid memory access) via a malformed join packet with values that cause the server to copy more memory than was actually provided in the packet. | 5.0 |
| 2005-05-02 | CVE-2005-0848 | Unspecified vulnerability in Funlabs products Multiple games developed by FUN labs, including 4X4 Off-road Adventure III, Big Game Hunter, Dangerous Hunts, Deer Hunt, Revolution, Secret Service, Shadow Force, and US Most Wanted, allow remote attackers to cause a denial of service via an empty UDP packet to the server, which cannot detect that a new packet has arrived using the socket ioctl. | 5.0 |