Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2005-05-02 CVE-2005-0712 Unspecified vulnerability in Apple mac OS X 10.1/10.2/10.3.4
Mac OS X before 10.3.8 users world-writable permissions for certain directories, which may allow local users to gain privileges, possibly via the receipt cache or ColorSync profiles.
local
low complexity
apple
4.6
2005-05-02 CVE-2005-0710 Remote vulnerability in MySQL AB MySQL
MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote authenticated users with INSERT and DELETE privileges to bypass library path restrictions and execute arbitrary libraries by using INSERT INTO to modify the mysql.func table, which is processed by the udf_init function.
local
low complexity
mysql oracle
4.6
2005-05-02 CVE-2005-0709 Code Injection vulnerability in multiple products
MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote authenticated users with INSERT and DELETE privileges to execute arbitrary code by using CREATE FUNCTION to access libc calls, as demonstrated by using strcat, on_exit, and exit.
local
low complexity
mysql oracle CWE-94
4.6
2005-05-02 CVE-2005-0682 Cross-Site Scripting vulnerability in Drupal
Cross-site scripting (XSS) vulnerability in common.inc in Drupal before 4.5.2 allows remote attackers to inject arbitrary web script or HTML via certain inputs.
network
drupal
4.3
2005-05-02 CVE-2005-0677 Remote Security vulnerability in PHPoutsourcing Zorum 3.5
index.php for Zorum 3.5 allows remote attackers to perform certain actions as other users by modifying the id parameter.
network
low complexity
phpoutsourcing
5.0
2005-05-02 CVE-2005-0675 Cross-Site Scripting vulnerability in PHPoutsourcing Zorum 3.3/3.4/3.5
Cross-site scripting (XSS) vulnerability in index.php for Zorum 3.5 allows remote attackers to inject arbitrary web script or HTML via the (1) list or (2) frommethod parameters.
network
phpoutsourcing
4.3
2005-05-02 CVE-2005-0673 Cross-Site Scripting vulnerability in PHPbb Group PHPbb 2.0.13
Cross-site scripting (XSS) vulnerability in usercp_register.php for phpBB 2.0.13 allows remote attackers to inject arbitrary web script or HTML by setting the (1) allowhtml, (2) allowbbcode, or (3) allowsmilies parameters to inject HTML into signatures for personal messages, possibly when they are processed by privmsg.php or viewtopic.php.
network
phpbb-group
4.3
2005-05-02 CVE-2005-0670 Remote Input Validation vulnerability in PHPcoin 1.2/1.2.1/1.2.1B
Cross-site scripting (XSS) vulnerability in phpCOIN 1.2.0 through 1.2.1b allows remote attackers to inject arbitrary web script or HTML via (1) the new parameter to mod.php, (2) the w parameter to mod.php, (3) the e parameter to login.php, (4) the o parameter to login.php, and possibly other scripts.
4.3
2005-05-02 CVE-2005-0666 Privilege Escalation vulnerability in PaX VMA Mirroring
Unknown vulnerability in PaX from the September 2003 release to 2.2 before 2005.03.05, related to SEGMEXEC or RANDEXEC and VMA mirroring, allows local users and possibly remote attackers to bypass intended access restrictions and execute arbitrary code.
local
low complexity
the-pax-team
4.6
2005-05-02 CVE-2005-0665 Unspecified vulnerability in John Bradley XV 3.10A
Format string vulnerability in xv before 3.10a allows remote attackers to execute arbitrary code via format string specifiers in a filename.
network
high complexity
john-bradley
5.1