Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-05-02 | CVE-2005-0803 | Resource Management Errors vulnerability in Microsoft Windows 2000 The GetEnhMetaFilePaletteEntries API in GDI32.DLL in Windows 2000 allows remote attackers to cause a denial of service (application crash) via a crafted Enhanced Metafile (EMF) file that causes invalid (1) end, (2) emreof, or (3) palent offsets to be used, aka "Enhanced Metafile Vulnerability." | 5.0 |
| 2005-05-02 | CVE-2005-0802 | Cross-Site Scripting vulnerability in ACS Blog Search.ASP Cross-site scripting (XSS) vulnerability in search.asp in ACS Blog 0.8 through 1.1b allows remote attackers to execute arbitrary web script or HTML via the search parameter. network asp-press | 4.3 |
| 2005-05-02 | CVE-2005-0801 | Directory Traversal vulnerability in Includer.Cgi Directory traversal vulnerability in includer.cgi in The Includer allows remote attackers to read arbitrary files via (1) a .. | 5.0 |
| 2005-05-02 | CVE-2005-0796 | Directory traversal vulnerability in HolaCMS 1.4.9-1 allows remote attackers to overwrite arbitrary files via a "holaDB/votes" followed by a .. | 5.0 |
| 2005-05-02 | CVE-2005-0785 | Remote UsersRecentPosts Cross-Site Scripting vulnerability in Yabb 2.0Rc1 Cross-site scripting (XSS) vulnerability in usersrecentposts in YaBB 2.0 rc1 allows remote attackers to inject arbitrary web script or HTML via the username parameter. network yabb | 4.3 |
| 2005-05-02 | CVE-2005-0784 | Subject and Attachment HTML Injection vulnerability in Phorum 5.0.14 Multiple cross-site scripting (XSS) vulnerabilities in Phorum before 5.0.15 allow remote attackers to inject arbitrary web script or HTML via (1) the subject line to follow.php or (2) the subject line in the user's personal control panel. network phorum | 4.3 |
| 2005-05-02 | CVE-2005-0783 | Subject and Attachment HTML Injection vulnerability in Phorum 5.0.14 Cross-site scripting (XSS) vulnerability in Phorum before 5.0.14a allows remote attackers to inject arbitrary web script or HTML via the filename of an attached file. network phorum | 4.3 |
| 2005-05-02 | CVE-2005-0782 | SQL Injection And Cross-Site Scripting vulnerability in PAFileDB Cross-site scripting (XSS) vulnerability in (1) viewall.php and (2) category.php for paFileDB 3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the start parameter to pafiledb.php. network php-arena | 4.3 |
| 2005-05-02 | CVE-2005-0779 | Malformed User Name Connection Denial Of Service vulnerability in Platinumftp Platinumftpserver 1.0.18 PlatinumFTP 1.0.18, and possibly earlier versions, allows remote attackers to cause a denial of service (server crash) via multiple connection attempts with a \ (backslash) in the username. | 5.0 |
| 2005-05-02 | CVE-2005-0778 | Remote vulnerability in Photopost PHP PRO 5.0Rc3 PhotoPost PHP 5.0 RC3 does not fully verify that an uploaded file is an image file, which allows remote attackers to inject arbitrary Javascript by uploading non-image files with an image extension such as .gif. | 5.0 |