Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2005-05-02 | CVE-2005-0712 | Unspecified vulnerability in Apple mac OS X 10.1/10.2/10.3.4 Mac OS X before 10.3.8 users world-writable permissions for certain directories, which may allow local users to gain privileges, possibly via the receipt cache or ColorSync profiles. | 4.6 |
2005-05-02 | CVE-2005-0710 | Remote vulnerability in MySQL AB MySQL MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote authenticated users with INSERT and DELETE privileges to bypass library path restrictions and execute arbitrary libraries by using INSERT INTO to modify the mysql.func table, which is processed by the udf_init function. | 4.6 |
2005-05-02 | CVE-2005-0709 | Code Injection vulnerability in multiple products MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote authenticated users with INSERT and DELETE privileges to execute arbitrary code by using CREATE FUNCTION to access libc calls, as demonstrated by using strcat, on_exit, and exit. | 4.6 |
2005-05-02 | CVE-2005-0682 | Cross-Site Scripting vulnerability in Drupal Cross-site scripting (XSS) vulnerability in common.inc in Drupal before 4.5.2 allows remote attackers to inject arbitrary web script or HTML via certain inputs. network drupal | 4.3 |
2005-05-02 | CVE-2005-0677 | Remote Security vulnerability in PHPoutsourcing Zorum 3.5 index.php for Zorum 3.5 allows remote attackers to perform certain actions as other users by modifying the id parameter. | 5.0 |
2005-05-02 | CVE-2005-0675 | Cross-Site Scripting vulnerability in PHPoutsourcing Zorum 3.3/3.4/3.5 Cross-site scripting (XSS) vulnerability in index.php for Zorum 3.5 allows remote attackers to inject arbitrary web script or HTML via the (1) list or (2) frommethod parameters. network phpoutsourcing | 4.3 |
2005-05-02 | CVE-2005-0673 | Cross-Site Scripting vulnerability in PHPbb Group PHPbb 2.0.13 Cross-site scripting (XSS) vulnerability in usercp_register.php for phpBB 2.0.13 allows remote attackers to inject arbitrary web script or HTML by setting the (1) allowhtml, (2) allowbbcode, or (3) allowsmilies parameters to inject HTML into signatures for personal messages, possibly when they are processed by privmsg.php or viewtopic.php. network phpbb-group | 4.3 |
2005-05-02 | CVE-2005-0670 | Remote Input Validation vulnerability in PHPcoin 1.2/1.2.1/1.2.1B Cross-site scripting (XSS) vulnerability in phpCOIN 1.2.0 through 1.2.1b allows remote attackers to inject arbitrary web script or HTML via (1) the new parameter to mod.php, (2) the w parameter to mod.php, (3) the e parameter to login.php, (4) the o parameter to login.php, and possibly other scripts. network coinsoft-technologies | 4.3 |
2005-05-02 | CVE-2005-0666 | Privilege Escalation vulnerability in PaX VMA Mirroring Unknown vulnerability in PaX from the September 2003 release to 2.2 before 2005.03.05, related to SEGMEXEC or RANDEXEC and VMA mirroring, allows local users and possibly remote attackers to bypass intended access restrictions and execute arbitrary code. | 4.6 |
2005-05-02 | CVE-2005-0665 | Unspecified vulnerability in John Bradley XV 3.10A Format string vulnerability in xv before 3.10a allows remote attackers to execute arbitrary code via format string specifiers in a filename. | 5.1 |